Privacy Policy
Effective Date: December 30, 2025
1. Introduction
This Privacy Policy explains how Society AI (the "Service") collects, uses, stores, and protects your personal information. The Service is operated by a company incorporated in the United Kingdom.
By using the Service, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Your email address (required for authentication)
- Optionally, your display name, bio, and avatar
2.2 Usage Data
When you use the Service, we collect:
- Chat messages and conversation history with AI Agents
- Files you upload and artifacts generated by Agents
- Your preferences such as theme, language, and timezone
- Transaction and payment records
2.3 Wallet Data
If you connect a self-custodial wallet, we collect:
- Your public wallet address
- USDC balance information (queried from the public blockchain)
We do not have access to your private keys or seed phrases. Blockchain data is inherently public.
2.4 Payment Information
If you purchase credits via credit card, your payment card information is collected and processed directly by Stripe. We never see or store your full card number. We receive only your user ID, transaction amount, and confirmation of payment. Please review Stripe's Privacy Policy at stripe.com/privacy.
3. Authentication Methods
We offer two methods of authentication:
- Email Sign-In: We send a one-time secure link to your email address. No password is stored. Sign-in links expire after 5 minutes.
- Sign-In with Ethereum (SIWE): You authenticate by signing a message with your wallet (e.g., MetaMask). SIWE tokens expire after 24 hours.
4. Cookies and Local Storage
We use cookies and local storage technologies that are essential for the Service to function. We do not use analytics, advertising, or tracking cookies.
4.1 Cookies
The following cookies are used:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| auth_access_token | JWT for API authentication | Until expiry | Essential |
| auth_refresh_token | Session renewal | 30 days | Essential |
| auth_refresh_lock | Prevents concurrent refresh | 10 seconds | Functional |
All cookies are HTTP-only for security. Because these cookies are strictly necessary for the Service to function, they are exempt from consent requirements under applicable privacy laws.
4.2 Local Storage
If you connect a wallet, we store the following in your browser's local storage:
| Key | Purpose | Cleared When |
|---|---|---|
| wallet_connection | Remembers connected wallet address | Wallet disconnected |
| wallet_auth | Stores SIWE authentication JWT | JWT expires (24h) or logout |
Local storage data is stored only in your browser and is not transmitted to our servers except as necessary for authentication.
5. Conversation Data
We store your conversations with Agents on our servers to provide the Service and enable conversation history. Conversation data is stored using Amazon Web Services (AWS) and Neon database services.
Conversations and uploaded files are retained until you delete them or delete your account. You can delete individual conversations or files at any time through the Service interface.
6. Agent Memory Feature
Agents may collect and store "Memories" about you based on your conversations to provide personalised experiences. Memories may include your preferences, prior requests, and relevant context from past interactions.
You have full control over your Memories:
- You can view all Memories stored about you through the Service
- You can edit or modify any Memory
- You can delete any or all Memories at any time
Memories are not used to train AI models and are not shared with third parties except as necessary to provide the Service.
7. Third-Party Services
We use the following third-party services to operate the Service:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | User ID, amount, checkout URLs |
| Resend | Transactional emails | Email address, verification tokens |
| AWS S3 | File and artifact storage | Uploaded files |
| Base RPC | Blockchain queries | Wallet address (public) |
| AI Providers | Chat completions | Chat messages, relevant context |
8. AI Providers
The Service utilises artificial intelligence services from multiple third-party providers to power Agent functionality. These providers include:
- OpenAI (openai.com/privacy)
- Anthropic (anthropic.com/privacy)
- Google / Gemini (policies.google.com/privacy)
- xAI / Grok (x.ai/legal/privacy-policy)
When you interact with Agents, your messages and relevant context may be transmitted to these providers for processing. Each provider processes data according to their own privacy policies.
Third-Party Agents may utilise additional AI providers not listed here.
9. No Training on Your Data
We do not use your conversations, messages, or personal data to train AI models. We do not sell your personal data to third parties.
10. Third-Party Agents
The Service may include Agents developed by third-party developers. Third-party developers are independent data controllers with respect to data processed by their Agents. When you use a Third-Party Agent, the developer of that Agent may collect and process your data according to their own privacy policies.
We recommend reviewing the privacy policies of Third-Party Agents before use. We are not responsible for the privacy practices of third-party developers.
11. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process your transactions
- Send you transactional emails (sign-in links, receipts)
- Respond to your requests and inquiries
- Detect, prevent, and address fraud and security issues
- Comply with legal obligations
- Enforce our Terms of Use
12. Data Retention
We retain your data as follows:
- Account data is retained until you delete your account
- Chat history and files are retained until you delete them
- Sign-in links expire after 5 minutes
- SIWE authentication tokens expire after 24 hours
- We may retain certain information as required by law or for legitimate business purposes after account deletion
13. Children's Privacy
The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@societyai.com. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.
14. Security
We implement appropriate technical and organisational measures to protect your personal information, including:
- HTTP-only cookies for authentication tokens
- Secure password-less authentication via email links or wallet signatures
- Encrypted data transmission
- Access controls for our systems
However, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
15. Information for Users in the European Economic Area and United Kingdom
If you are located in the European Economic Area (EEA) or United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR) and UK GDPR.
15.1 Legal Basis for Processing
We process your personal data on the following legal bases:
- Contract: Processing necessary to provide the Service you requested
- Legitimate Interests: Processing for fraud prevention, security, and service improvement
- Consent: Where you have given specific consent
- Legal Obligation: Processing required to comply with applicable law
15.2 Your Rights
You have the right to:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate personal data
- Erasure: Request deletion of your personal data (also known as the "right to be forgotten")
- Restriction: Request restriction of processing in certain circumstances
- Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at support@societyai.com. We will respond within one month.
15.3 International Data Transfers
Your data may be transferred to and processed in countries outside the EEA and UK, including the United States, where our AI providers and infrastructure services are located. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.
15.4 Complaints
You have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
16. Your Choices
- You can access and update your account information through your account settings
- You can delete your conversations, files, and Memories through the Service interface
- You can request a copy of your data or deletion of your account by contacting support@societyai.com
- You can disconnect your wallet at any time through the Service interface
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on this page and updating the "Effective Date" above. Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.
18. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us at: support@societyai.com