Privacy Notice

This Privacy Notice explains how Semiotic Intelligence Inc. ("Semiotic," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal data in connection with our website design platform and services, including any product, service, or application that references or links to this Privacy Notice. We may also choose or be required by law to provide different or additional disclosures relating to the processing of personal data about residents of certain countries, regions, or states. Please refer to the Region-Specific Disclosures section below for additional disclosures that may be applicable to you.

This Privacy Notice does not address our privacy practices relating to Semiotic job applicants, employees and other employment-related individuals, nor data that is not subject to applicable data protection laws (such as deidentified or publicly available information in certain jurisdictions). This Privacy Notice is also not a contract and does not create any legal rights or obligations not otherwise provided by law.

Our Collection and Use of Personal Data

The categories of personal data we collect depend on how you interact with us and our services. For example, you may provide us your personal data directly when you register for an account, participate in our conversational onboarding process, make a purchase, or otherwise contact us or interact with us.

We also collect personal data automatically when you interact with our websites and services and may also collect personal data from other sources and third parties.

Personal Data Provided by Individuals

We collect the following categories of personal data individuals provide us:

Personal Data Automatically Collected

We, and our third-party partners, automatically collect information you provide to us and information about how you access and use our services when you engage with us. We typically collect this information through the use of a variety of our own and our third-party partners' automatic data collection technologies, including (i) cookies or small data files that are stored on an individual's computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, and logging technologies. Information we collect automatically about you may be combined with other personal data we collect directly from you or receive from other sources.

We, and our third-party partners, use automatic data collection technologies to automatically collect the following data when you use our services or otherwise engage with us:

All of the information collected automatically through these tools allows us to improve your experience. For example, we may use this information to enhance and personalize your user experience, to monitor and improve our services, and to improve the effectiveness of our products, services, communications and customer service. We may also use this information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit; (b) provide custom, personalized content and information; (c) identify you across multiple devices; (d) provide and monitor the effectiveness of our services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns; (f) diagnose or fix technology problems; and (g) otherwise to plan for and enhance our services.

For information about the choices you may have in relation to our use of automatic data collection technologies, please refer to the Your Privacy Choices section below.

Personal Data from Other Sources and Third Parties

We may receive the same categories of personal data as described above from the following sources and other parties:

Additional Uses of Personal Data

In addition to the primary purposes for using personal data described above, we may also use personal data we collect to:

• Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to facilitate payment for our services, or to deliver the services requested;
• Manage our organization and its day-to-day operations;
• Communicate with you, including via email and other means;
• Request you provide us feedback about our service offerings;
• Address inquiries or complaints made by or about an individual in connection with our services;
• Create and maintain accounts for our users;
• Verify your identity and entitlement to our services;
• Administer, improve, and personalize our services, including by recognizing you and remembering your information when you return to our services;
• Develop, operate, improve, maintain, protect, and provide the features and functionality of our services;
• Identify and analyze how you use our services;
• Create aggregated or de-identified information that cannot reasonably be used to identify you, which information we may use for purposes outside the scope of this Privacy Notice;
• Conduct research and analytics on our user base and our services, including to better understand the demographics of our users;
• Improve and customize our services to address the needs and interests of our user base and other individuals we interact with;
• Test, enhance, update, and monitor the services, or diagnose or fix technology problems;
• Help maintain and enhance the safety, security, and integrity of our property, services, technology, assets, and business;
• Defend, protect, or enforce our rights or applicable contracts and agreements (including our Terms of Service), as well as to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties;
• Detect, prevent, investigate, or provide notice of security incidents or other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of Semiotic and others;
• Comply with contractual and legal obligations and requirements;
• Fulfill any other purpose for which you provide your personal data, or for which you have otherwise consented.

Our Disclosure of Personal Data

We disclose or otherwise make available personal data in the following ways:

Your Privacy Choices

Children's Personal Data

Our services are not directed to, and we do not intend to, or knowingly, collect or solicit personal data from children under the age of 13. If an individual is under the age of 13, they should not use our services or otherwise provide us with any personal data either directly or by other means. If a child under the age of 13 has provided personal data to us, we encourage the child's parent or guardian to contact us to request that we remove the personal data from our systems. If we learn that any personal data we collect has been provided by a child under the age of 13, we will promptly delete that personal data.

Automated Processing and Artificial Intelligence

We use artificial intelligence and automated processing of personal data to provide our conversational onboarding experience and generate customized creative briefs. This includes:

• Conversational AI: We use AI models from OpenAI, Anthropic, and Google to power "Jony," our AI assistant that conducts onboarding conversations with you.
• Speech Processing: We use AI to transcribe and process voice inputs you provide during the onboarding process.
• Content Generation: We use AI to analyze the information you provide and generate creative briefs and pricing estimates.

These AI systems are designed to enhance your experience and provide personalized service recommendations. We do not use automated decision-making or profiling that produces legal or similarly significant effects without human involvement.

Security of Personal Data

We have implemented reasonable physical, technical, and organizational safeguards that are designed to protect your personal data. In addition, we take steps designed to ensure any third party with whom we share personal data provides a similar level of protection. However, despite these controls, we cannot completely ensure or warrant the security of your personal data.

Data Retention

We will retain your personal data for as long as reasonably necessary to fulfill the purposes for which it was collected, as described in this Privacy Notice, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide services to you;
• Whether there is a legal obligation to which we are subject (such as certain laws that require us to keep records of your transactions for a certain period of time);
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

When we no longer need to retain your personal data, we will either delete or de-identify it, or if this is not possible, we will securely store your personal data and isolate it from further processing until deletion is possible.

Third-Party Websites and Services

Our websites and other services may include links to or redirect you to third-party websites, plug-ins, applications, or other services. This Privacy Notice does not apply to any personal data practices of these third-party websites, plug-ins, applications, or other services. To learn about these third parties' personal data practices, please visit their respective privacy notices.

Third-party services we integrate with include:

• Stripe for payment processing (privacy policy: https://stripe.com/privacy)
• OpenAI for AI services (privacy policy: https://openai.com/privacy)
• Anthropic for AI services (privacy policy: https://www.anthropic.com/privacy)
• Google for AI and transcription services (privacy policy: https://policies.google.com/privacy)
• Supabase for database and authentication (privacy policy: https://supabase.com/privacy)

Updates to This Privacy Notice

We may update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on our website, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

Contact Us

If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please contact us at:

Email: michael@semiotic.so

Address: 1392 22nd St., San Francisco, CA

Region-Specific Disclosures

We may choose or be required by law to provide different or additional disclosures relating to the processing of personal data about residents of certain countries, regions or states.

California Residents

If you are a California resident, the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA") provide you with specific rights regarding your personal information. For detailed information about your California privacy rights, please see our California Privacy Rights Notice below.

European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area (Member States of the European Union together with Iceland, Norway, and Liechtenstein), the United Kingdom, or Switzerland, please see our Additional European Economic Area, United Kingdom, and Switzerland Privacy Disclosures below for information about your rights under applicable data protection laws.

California Privacy Rights Notice

This section supplements our Privacy Notice and applies solely to California residents. This section describes how we collect, use, and share Personal Information of California residents in our capacity as a "business" under the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA"), and their rights with respect to that Personal Information.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, IP address, device identifiers
• Commercial Information: Records of services purchased or considered, purchasing or consuming histories
• Internet or Network Activity: Browsing history, search history, information on interactions with our website
• Audio and Electronic Information: Voice recordings from onboarding sessions
• Professional or Employment Information: Information about your business, company goals, industry
• Inferences: Preferences and characteristics derived from your interactions with us

Sources of Personal Information

We collect personal information directly from you, automatically through your use of our services, and from third-party authentication providers (such as Google).

Business or Commercial Purposes for Collecting Personal Information

We use personal information for the business and commercial purposes described in the "Our Collection and Use of Personal Data" section above, including:

• Providing and improving our services
• Personalizing your experience
• Communicating with you
• Processing transactions
• Training AI models
• Security and fraud prevention

Sharing Personal Information

We share personal information with the following categories of third parties:

• Service providers (AI providers, payment processors, hosting providers)
• Professional advisors (legal, accounting, etc.)
• Parties involved in business transactions (mergers, acquisitions)
• Law enforcement and government authorities when required

We do not "sell" or "share" personal information as those terms are defined under California law. We do not have actual knowledge that we sell or share personal information of minors under 16 years of age.

Your California Privacy Rights

California residents have the following rights:

Submitting Privacy Rights Requests

To exercise your rights described above, please contact us at michael@semiotic.so. We will verify your identity before processing your request. We will respond to verifiable consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

Additional European Economic Area, United Kingdom, and Switzerland Privacy Disclosures

These disclosures supplement the information contained in our Privacy Notice by providing additional information about our personal data processing practices relating to individuals who access our services or otherwise interact with us from the European Economic Area ("EEA"), United Kingdom ("UK"), and Switzerland.

Controller Details and Privacy Contacts

EEA, UK, and Swiss Controller

Semiotic Intelligence Inc., a company duly incorporated and organized under the laws of the United States, having its registered address in San Francisco, California, is the "controller" responsible for the processing of personal data in connection with our EEA, UK, and Swiss services and operations. This means Semiotic determines and is responsible for how your personal data is used. You may contact Semiotic by emailing michael@semiotic.so.

Our Data Protection Officer

We have appointed a Data Protection Officer who is responsible for monitoring our compliance with applicable data protection law. You can contact our Data Protection Officer with any questions or complaints you may have about our privacy practices by emailing michael@semiotic.so.

Additional Questions or Complaints

If you have a concern about our processing of personal data, you have the right to lodge a complaint with the Data Protection Authority where you reside, where you work, or where an alleged violation of the law has occurred. Contact details for applicable Data Protection Authorities can be found using the links below:

• European Economic Area: https://edpb.europa.eu/about-edpb/board/members_en
• United Kingdom: https://ico.org.uk/global/contact-us/
• Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

We would, however, appreciate the chance to handle your concerns directly prior to a complaint being filed, so please contact us directly at michael@semiotic.so if you have any concerns.

Purposes and Legal Bases of Processing

When we process your personal data, we will do so in reliance on the following lawful bases:

You are not required to provide personal data to us, but we do rely on your personal data to provide our services. For example, we need information about your business and requirements to create a creative brief for you. If you choose not to provide us with your personal data, we may not be able to provide you with our services.

International Transfers of Personal Data

We operate and engage third-party partners and providers in various jurisdictions, including the United States. Therefore, we and our third-party providers may transfer personal data to, or store, access, or process personal data in, a country other than the one in which it was collected. The country to which personal data is transferred may not provide the same level of protection for personal data as the country from which it was transferred.

We may transfer personal data about you outside of the EEA, UK, and Switzerland, and when we do so we rely on appropriate or suitable safeguards recognized under applicable law, including standard contractual clauses. If you would like more information on the specific safeguards we use (and obtain a copy of such safeguards, where applicable), please contact us at michael@semiotic.so.

Your Additional EEA, UK, and Swiss Privacy Choices

Subject to certain limitations at law, you may be able to exercise the following rights:

Submitting Privacy Rights Requests

Please submit a request specifying the right you wish to exercise by contacting us at michael@semiotic.so. Before processing your request to exercise certain rights, we will need to verify your identity. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or where you are not accessing our services from the EEA, UK, or Switzerland.