Privacy Policy
Effective Date: February 13, 2026
1. Introduction
This Privacy Policy explains how Society AI (the "Service") collects, uses, stores, and protects your personal information. The Service is operated by PUBLC Foundation LTD, a company incorporated in the United Kingdom.
By using the Service, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Your email address (required for authentication)
- Optionally, your display name, bio, and avatar
2.2 Usage Data
When you use the Service, we collect:
- Chat messages and conversation history with AI Agents
- Files you upload and artifacts generated by Agents
- Your preferences such as theme, language, and timezone
- Transaction and payment records
2.3 Session and Device Data
When you sign in, we collect session metadata for security and fraud prevention purposes:
- Your IP address
- User agent string (browser and device information) and a hash of it
- Device identifier
- Approximate geolocation (city and country), derived from your IP address
This data helps us detect unauthorised access, prevent fraud, and protect your account.
2.4 Location Data
With your permission, we may request your approximate location via your browser's geolocation API to provide location-aware features (such as local weather agents). Your browser will prompt you before sharing this data. You can deny or revoke this permission at any time through your browser settings.
2.5 Wallet Data
If you connect a self-custodial wallet, we collect:
- Your public wallet address
- USDC balance information (queried from the public blockchain)
We do not have access to your private keys or seed phrases. Blockchain data is inherently public.
2.6 Payment Information
If you purchase credits via credit card, your payment card information is collected and processed directly by Stripe. We never see or store your full card number. We receive only your user ID, transaction amount, and confirmation of payment. Please review Stripe's Privacy Policy at stripe.com/privacy.
3. Authentication Methods
We currently offer the following methods of authentication:
- Email Sign-In (Magic Links): We send a one-time secure link to your email address. No password is stored. Sign-in links expire after 5 minutes.
- Sign-In with Ethereum (SIWE): You authenticate by signing a message with your wallet (e.g., MetaMask). SIWE tokens expire after 24 hours.
4. Cookies and Local Storage
We use cookies and local storage technologies to operate the Service. We do not use advertising or third-party tracking cookies. We use analytics cookies to understand how the Service is used and to improve it.
4.1 Essential Cookies
The following cookies are required for the Service to function:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| auth_access_token | JWT for API authentication | Until expiry | Essential (HTTP-only) |
| auth_refresh_token | Session renewal | 30 days | Essential (HTTP-only) |
| auth_refresh_lock | Prevents concurrent token refresh | 10 seconds | Functional |
| sidebar:state | Remembers sidebar open/closed preference | Session | Functional |
| cookie_consent | Stores your cookie preferences | 1 year | Essential |
Authentication cookies (auth_access_token and auth_refresh_token) are HTTP-only for security. The remaining functional cookies are accessible to client-side JavaScript for coordination and UI state purposes.
4.2 Analytics Cookies
We use Google Analytics and Vercel Analytics to understand how the Service is used, measure performance, and identify areas for improvement. Analytics cookies are only set if you consent via the cookie settings banner. You can change your preferences at any time via the Cookie Settings link in the page footer. These services may set the following cookies:
| Cookie | Purpose | Duration | Set By |
|---|---|---|---|
| _ga | Distinguishes unique users | 2 years | Google Analytics |
| _ga_* | Maintains session state | 2 years | Google Analytics |
Google Analytics collects anonymised usage data including pages visited, session duration, and general device and browser information. For more information, see Google's Privacy Policy. Vercel Analytics collects performance metrics such as page load times and web vitals.
4.3 Local Storage
We store the following in your browser's local storage:
| Key | Purpose | Cleared When |
|---|---|---|
| wallet_connection | Remembers connected wallet address | Wallet disconnected |
| wallet_auth | Stores SIWE authentication JWT | JWT expires (24h) or logout |
| input | Saves unsent message draft | Message sent or cleared |
Local storage data is stored only in your browser and is not transmitted to our servers except as necessary for authentication.
5. Conversation Data
We store your conversations with Agents on our servers to provide the Service and enable conversation history. Conversation data is stored using Amazon Web Services (AWS) and Neon database services.
Conversations and uploaded files are retained until you delete them or delete your account. You can delete individual conversations or files at any time through the Service interface.
6. Agent Memory Feature
Agents may collect and store "Memories" about you based on your conversations to provide personalised experiences. Memories may include your preferences, prior requests, and relevant context from past interactions.
You have full control over your Memories:
- You can view all Memories stored about you through the Service
- You can edit or modify any Memory
- You can delete any or all Memories at any time
Memories are not used to train AI models and are not shared with third parties except as necessary to provide the Service.
7. Third-Party Services
We use the following third-party services to operate the Service:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | User ID, email, amount, checkout URLs |
| Resend | Transactional emails | Email address, verification tokens |
| Neon | Conversation and user data storage | Chat history, user preferences, artifacts |
| AWS (S3, RDS) | File storage and agent/payment data | Uploaded files, task and payment records |
| Cloudflare | CDN and custom agent hosting (Workers) | Agent requests and responses |
| E2B | Sandboxed execution for code agents | Agent code, execution context |
| Base RPC | Blockchain queries | Wallet address (public) |
| AI Providers | Chat completions | Chat messages, relevant context |
| Google Analytics | Usage analytics | Page views, session data, device and browser information |
| Vercel | Hosting, analytics, and performance monitoring | Page load times, web vitals, usage metrics |
| Plausible Analytics | Privacy-friendly website analytics (no cookies) | Page views, referrer, country (no personal data) |
| Logfire (Pydantic) | Service monitoring, error tracking, and performance observability | Request metadata, error traces, performance metrics (PII is scrubbed) |
8. AI Providers
The Service utilises artificial intelligence services from multiple third-party providers to power Agent functionality. These providers include:
- OpenAI (openai.com/privacy)
- Anthropic (anthropic.com/privacy)
- Google / Gemini (policies.google.com/privacy)
- xAI / Grok (x.ai/legal/privacy-policy)
When you interact with Agents, your messages and relevant context may be transmitted to these providers for processing. Each provider processes data according to their own privacy policies.
Third-Party Agents may utilise additional AI providers not listed here.
9. No Training on Your Data
We do not use your conversations, messages, or personal data to train AI models. We do not sell your personal data to third parties.
10. Third-Party Agents
The Service may include Agents developed by third-party developers. Third-party developers are independent data controllers with respect to data processed by their Agents. When you use a Third-Party Agent, the developer of that Agent may collect and process your data according to their own privacy policies.
We recommend reviewing the privacy policies of Third-Party Agents before use. We are not responsible for the privacy practices of third-party developers.
11. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process your transactions
- Send you transactional emails (sign-in links, receipts)
- Respond to your requests and inquiries
- Detect, prevent, and address fraud and security issues
- Enforce rate limits and protect against abuse
- Analyse usage patterns and improve performance through analytics
- Comply with legal obligations
- Enforce our Terms of Use
12. Data Retention
We retain your data as follows:
- Account data is retained until you delete your account
- Chat history and files are retained until you delete them
- Sign-in links expire after 5 minutes
- SIWE authentication tokens expire after 24 hours
- Session refresh tokens expire after 30 days
- Session metadata (IP address, device data) is retained for the duration of the session and may be retained for up to 90 days for security purposes
- We may retain certain information as required by law or for legitimate business purposes after account deletion
13. Children's Privacy
The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@societyai.com. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.
14. Security
We implement appropriate technical and organisational measures to protect your personal information, including:
- HTTP-only cookies for authentication tokens
- Secure password-less authentication via email links or wallet signatures
- Token rotation and reuse detection for session security
- Encrypted data transmission (HTTPS)
- Access controls for our systems
However, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
15. Information for Users in the European Economic Area and United Kingdom
If you are located in the European Economic Area (EEA) or United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR) and UK GDPR.
15.1 Data Controller
The data controller for the Service is PUBLC Foundation LTD, a company incorporated in the United Kingdom. For data protection inquiries, contact us at privacy@societyai.com.
15.2 Legal Basis for Processing
We process your personal data on the following legal bases:
- Contract: Processing necessary to provide the Service you requested (account data, conversations, payments)
- Legitimate Interests: Processing for fraud prevention, security, service improvement, and analytics (session metadata, IP addresses, device data, usage analytics)
- Consent: Where you have given specific consent (analytics cookies, browser geolocation)
- Legal Obligation: Processing required to comply with applicable law
15.3 Your Rights
You have the right to:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate personal data
- Erasure: Request deletion of your personal data (also known as the "right to be forgotten")
- Restriction: Request restriction of processing in certain circumstances
- Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at privacy@societyai.com. We will respond within one month.
15.4 International Data Transfers
Your data may be transferred to and processed in countries outside the EEA and UK, including the United States, where our AI providers and infrastructure services are located. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.
15.5 Complaints
You have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
16. Your Choices
- You can access and update your account information through your account settings
- You can delete your conversations, files, and Memories through the Service interface
- You can deny or revoke browser geolocation permission at any time through your browser settings
- You can request a copy of your data or deletion of your account by contacting privacy@societyai.com
- You can disconnect your wallet at any time through the Service interface
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on this page and updating the "Effective Date" above. Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.
18. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
- General support: support@societyai.com
- Privacy and data protection: privacy@societyai.com