Privacy Policy
Social Physics Lab, Inc. ("we," "us," or "our") takes your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website at socialphysics.inc, use our products and services (the "Services"), or otherwise interact with us. By using our website or Services, you acknowledge the practices described in this Policy.
1. Scope and Our Role
This Policy applies to personal information we handle as a controller, meaning we determine the purposes and means of processing. It covers information about visitors to our website, prospective customers and their representatives, individual users who access our Services through a customer account, job applicants, and other business contacts.
Customer data processed on behalf of our customers. When our customers use the Services, they may submit data, including data about their own clients and end users, that we process on their behalf under their instructions as a processor. Our handling of that data is governed by our agreement with the relevant customer (including any Data Processing Addendum), not by this Policy. If you are an individual whose data has been submitted to us by one of our customers, please direct privacy requests to that customer, as they are the controller of that data.
2. Information We Collect
2.1 Information You Provide to Us
- Contact and account information. Name, business email address, phone number, organization, job title, and any other information you choose to provide when contacting us or registering interest in our research and protocols.
- Communications. Information you provide when you contact us, inquire about our research or protocols, request a collaboration, subscribe to updates, or respond to outreach.
- Applicant information. If you apply for a role with us, the information in your application, resume, and any supporting materials.
2.2 Information Collected Automatically
- Device and usage data. IP address, browser type, operating system, device identifiers, pages viewed, time spent, referring URLs, and interactions with our website and Services.
- Log data. Server logs that record how and when our services are accessed.
- Cookies and similar technologies. See Section 6 for details.
2.3 Information from Third Parties
We may receive information from business partners, referral sources, analytics providers, and publicly available sources, which we may combine with information we already hold about you.
3. How We Use Information
We use personal information to:
- Provide, operate, maintain, and improve our website and Services;
- Create and administer accounts, verify identity, and authenticate users;
- Support collaboration inquiries and research partnerships;
- Respond to inquiries, provide technical support, and communicate with you about the Services;
- Send administrative communications and, where permitted, marketing communications (you may opt out at any time, see Section 10);
- Monitor and analyze usage and trends to improve user experience and product quality;
- Detect, investigate, prevent, and address security incidents, fraud, abuse, and violations of our Terms of Service;
- Comply with legal and regulatory obligations, and enforce our agreements; and
- Evaluate job applications and manage the hiring process.
Service-specific uses
- Website analytics. We analyze how visitors interact with our website and documentation to improve content and user experience.
- Product improvement. Aggregated, de-identified interaction signals may be used to improve our research outputs, protocols, and internal tooling. We do not use identifiable personal data for model training without your explicit consent.
- Trust and safety. We may review activity patterns on our systems to detect misuse, enforce our terms, and protect the integrity of our systems.
4. Legal Bases for Processing (EEA / UK)
Where the EU or UK GDPR applies to our processing, we rely on one or more of the following legal bases:
- Contract. To provide the Services you or your organization have requested.
- Legitimate interests. To operate, secure, and improve our business, where those interests are not overridden by your rights and freedoms.
- Consent. For certain marketing communications and non-essential cookies, which you may withdraw at any time without affecting prior processing.
- Legal obligation. To comply with applicable law or respond to valid legal process.
5. Information Sharing and Disclosure
Service Providers
We do not sell personal information. We may share personal information with trusted service providers who assist us in delivering our services, including:
- Cloud infrastructure providers
- Security and compliance platforms
- Software and collaboration platforms
- Employee management and background screening providers
- Professional service providers
All service providers are contractually required to protect personal information and use it only for the specified purposes.
Other Disclosures
We may also disclose personal information in the following circumstances:
- Legal and safety. Where required by law, regulation, or legal process, or where necessary to protect the rights, safety, and property of Social Physics Lab, our users, or the public.
- Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of all or part of our assets.
- With your consent. Where you have directed or authorized us to share your information.
6. Cookies and Tracking Technologies
We and our service providers use cookies and similar technologies to operate the website, remember your preferences, and measure performance. Below is a summary of the cookie categories we use:
| Category | Purpose | Can be disabled? |
|---|---|---|
| Strictly necessary | Authentication, security, session management, and core Service functionality. | No. Required for the Service to function. |
| Performance / analytics | Aggregated statistics on how visitors use the website. | Yes, via browser settings. |
| Functional | Saving preferences such as language or display settings. | Yes, via browser settings. |
We do not use advertising or targeting cookies. You can manage cookie preferences through your browser settings. Please note that disabling certain cookies may affect the availability or functionality of parts of our website or Services.
7. Data Retention
We retain personal information for as long as necessary to:
- Fulfill the purposes described in this Privacy Policy
- Comply with legal obligations and regulatory requirements
- Resolve disputes and enforce our agreements
- Maintain business records and operational continuity
Upon expiration of the relevant retention period, we securely delete or anonymize personal information. Where we are required by law to retain data for longer, we will do so and restrict processing for other purposes. Where we act as a processor on behalf of a customer, retention is governed by the applicable Data Processing Addendum.
8. Security
We maintain a layered set of administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, alteration, and disclosure. These include, but are not limited to:
- Encryption of data in transit (TLS 1.2 or higher) and at rest;
- Role-based access controls and the principle of least privilege;
- Periodic security reviews of our systems and practices;
- Security and privacy training for personnel; and
- Vendor security review as part of our procurement process.
No method of electronic transmission or storage is completely secure. While we work hard to protect your personal information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at privacy@socialphysics.inc.
Breach notification. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, where required by applicable law. Where the breach is likely to result in a high risk to affected individuals, we will also notify those individuals directly without undue delay. We maintain an internal incident response plan and conduct post-incident reviews to prevent recurrence.
9. International Data Transfers
Social Physics Lab, Inc. is headquartered in the United States of America. If you are accessing our Services from the European Economic Area, the United Kingdom, or another jurisdiction with laws governing data collection and use that may differ from US law, your personal information may be transferred to and processed in the United States or other countries.
Where such transfers are subject to the EU or UK GDPR, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum (IDTA).
10. Your Privacy Rights
10.1 EEA / UK Residents
Subject to applicable law, if you are located in the European Economic Area or the United Kingdom, you may have the right to:
- Access the personal information we hold about you;
- Correct inaccurate or incomplete personal information;
- Request erasure of your personal information (the "right to be forgotten");
- Restrict or object to our processing of your personal information;
- Receive your personal information in a portable, machine-readable format; and
- Withdraw consent at any time (where processing is based on consent), without affecting the lawfulness of prior processing.
You also have the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office; in the EU, the supervisory authority in your country of residence or place of work).
10.2 California Residents (CCPA / CPRA)
Subject to applicable law, if you are a California resident, you may have the right to:
- Know what personal information we collect, use, disclose, and sell;
- Request access to and a portable copy of your personal information;
- Request deletion of your personal information, subject to certain exceptions;
- Correct inaccurate personal information; and
- Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising.
We do not sell personal information. We will not discriminate against you for exercising any of these rights.
10.3 How to Exercise Your Rights
To submit a privacy request, please contact us at privacy@socialphysics.inc or by post at the address in Section 14. We may request information reasonably necessary to verify your identity before processing a request. Authorized agents may also submit requests on your behalf where permitted by law. We will respond within the timeframes required by applicable law (generally 30 days for GDPR requests; 45 days for CCPA requests, with an extension of up to 45 additional days where necessary).
To opt out of marketing communications, use the unsubscribe link in any email we send, or contact us directly.
11. Children's Privacy
Our website and Services are intended for business use by individuals who are at least 16 years of age. We do not knowingly collect personal information from children under the age of 16. If you believe a child has provided personal information to us, please contact us at privacy@socialphysics.inc and we will take prompt steps to delete that information.
12. Third-Party Links and Services
Our website may contain links to third-party websites and services that we do not operate or control. This Policy does not apply to those third-party sites, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will post the updated version on this page with a revised effective date. For material changes, we will provide additional notice as required by applicable law (for example, by email or an in-product notification). Your continued use of our website or Services after any update constitutes your acknowledgment of the revised Policy.
14. Contact Us
If you have questions, concerns, or requests relating to this Policy or our data practices, please contact us at:
Social Physics Lab, Inc.
600 California Street, Unit 1500A, San Francisco, CA 94108, USA
privacy@socialphysics.inc
socialphysics.inc