Privacy Policy for Simulacra Synthetic Data Studio

We aim to make this policy  transparent and informative, explaining how Simulacra collects, uses, and protects personal data while adhering to both GDPR, SOC 2, and ISO27001 (in progress). It outlines the rights of individuals under GDPR and how they can exercise those rights, as well as demonstrating the company's commitment to data security and privacy through SOC 2 compliance.

Introduction

Simulacra Synthetic Data Studio ("Simulacra," "we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the General Data Protection Regulation (GDPR), SOC 2 principles, and other applicable data protection laws.
‍
By using our services or interacting with our website, you consent to the practices described in this Privacy Policy.

Data Controller and Data Protection Officer

Simulacra Synthetic Data Studio is the data controller for personal data processed in connection with our website and services.

Data Protection Officer (DPO): jason@simulacra-data.com

Personal Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

• Identity Data: first name, last name, username or similar identifier
• Contact Data: email address, telephone number, postal address
• Technical Data: internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website
• Usage Data: information about how, when, for how long, etc., you use our
  website, platform and services
• Financial Data: payment card details (processed securely through our payment service provider)
• Transaction Data: details about payments to and from you and other details of products or services you have purchased from us
• Marketing and Communications Data: your preferences in receiving marketing from us and our third parties and your communication preferences

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

How We Collect Your Personal Data

We use different methods to collect data from and about you through:

• Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise.
• Automated technologies or interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns.
• Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources, such as analytics providers, advertising networks, and search information providers.

How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you, or are in the process of entering a contract with you
• Where it is necessary for our legitimate interests (or those of a third party)and your interests and fundamental rights do not override those interests
• Where we need to comply with a legal or regulatory obligation
• Where you have given consent for specific purposes

We have set out below a description of all the ways we plan to use your personal data:

• To register you as a new customer
• To provide and manage our services
• To manage our relationship with you
• To process and deliver your order
• To administer and protect our business, platform and website
• To deliver relevant website and platform content and advertisements to you
• To use data analytics to improve our website, products/services, platform, marketing, customer relationships, and experiences
• To make suggestions and recommendations to you about goods or services that may be of interest to you

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
‍
Platform Session Data. Simulacra runs hosted single‑tenant sessions. If the page is refreshed or closed, the container is irrecoverably deleted. Customer data is not saved to the platform; all uploaded and generated data within the application is deleted at session completion.

Aggregated, Non-personally Identifying Information

We may use aggregated or de‑identified information to analyze platform use, improve features, and publish insights. This information does not identify you.

Your Privacy Rights (GDPR and similar laws)

Depending on your location, you may have the right to:

• Right to access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to withdraw consent

To exercise these rights, contact our DPO at jason@simulacra-data.com. We may ask for information to verify your identity before fulfilling your request.If you wish to exercise any of these rights, please contact our DPO using the details provided in Section 2.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. These measures include:

• Encryption of sensitive data at rest and in transit
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Regular backup procedures
• Formal policies and procedures for software development, change management, and incident response

Our service is hosted on Amazon Web Services (AWS) and leverages AWS security controls (e.g., VPCs, security groups, CloudWatch/CloudTrail monitoring). We also employ identity management and role‑based access controls consistent with our policies.

International Transfers

Where we transfer personal data outside your country or the European Economic Area (EEA), we use appropriate safeguards (such as Standard Contractual Clauses) as required by applicable law.

Independent Security Attestation (SOC 2 Type II)

Simulacra Data, Inc. has successfully completed a SOC 2 Type II examination of the Simulacra Synthetic Data Studio platform covering the Trust Services Criteria for Security, Availability, and Confidentiality for the period January 15, 2025 – April 15, 2025. An independent audit firm issued an unqualified opinion on June 18, 2025. Our SOC 3 report is available on request and our SOC2 Trust Center is available with an NDA.

• Security: Our system is protected against unauthorized access
• Availability: Our system is available for operation and use as committed or agreed
• Confidentiality: Information designated as confidential is protected as committed or agreed

Cookies and Similar Technologies

We use cookies and similar tracking technologies to track the activity on our service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps to delete it.

Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

Third-Party Links

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at: jason@simulacra-data.com
You have the right to make a complaint at any time to the supervisory authority for data protection issues in your country. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.