Privacy Policy

1. Data Controller

The data controller responsible for your personal information is:

For EU/EEA residents, Synthetic Frame Inc. acts as the data controller within the meaning of the EU General Data Protection Regulation (GDPR). For UK residents, we act as a controller under the UK GDPR and Data Protection Act 2018.

2. Information We Collect

2.1 Information you provide directly

• Waitlist submissions: When you join our early-access waitlist, we collect your email address and any other fields you voluntarily complete. This data is processed by our form handling service provider on our behalf.
• Contact enquiries: If you reach out via email at humans@syntheticframe.com, we collect the information contained in your message (name, email address, and message body).

2.2 Information collected automatically

• Server logs: Our hosting provider automatically records standard web server log data including your IP address, browser type, referring URL, pages visited, and timestamps. Our hosting provider retains these logs in accordance with their own privacy policy.
• Local storage preferences: We store a single preference flag (sf-cookie-consent) in your browser's localStorage to remember whether you have acknowledged our cookie notice. No personally identifiable information is stored in localStorage.

2.3 Information collected via embedded third-party services

• YouTube / Google: Our site embeds video content hosted on youtube-nocookie.com, which is YouTube's privacy-enhanced mode. Even in this mode, Google may set cookies or collect data when you interact with or play embedded videos. Please refer to Google's Privacy Policy for full details.

We do not use analytics platforms (such as Google Analytics), advertising networks, or tracking pixels on this site.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To manage the early-access waitlist — sending updates, launch notifications, and access invitations to registered email addresses. Legal basis (GDPR): Legitimate interests / consent.
• To respond to enquiries — replying to messages sent to us directly. Legal basis: Legitimate interests.
• To operate and improve the website — using server log data to detect errors, prevent abuse, and understand aggregate usage patterns. Legal basis: Legitimate interests.
• To remember your cookie preference — storing your notice acknowledgement so we do not display it on every visit. Legal basis: Consent / legitimate interests.
• To comply with legal obligations — where required by applicable law. Legal basis: Legal obligation.

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

4. Third-Party Services & Processors

We engage the following sub-processors who may handle personal data on our behalf:

Hosting & Infrastructure Provider

Our website is hosted on a third-party infrastructure provider based in the United States. This provider processes server logs and form submission data on our behalf and maintains its own data protection and privacy commitments.

Google LLC (YouTube)

We embed video content from YouTube using the privacy-enhanced youtube-nocookie.com domain. Google LLC may still process data when videos are played. Google LLC participates in the EU-U.S. Data Privacy Framework. See Google Privacy Policy.

5. Cookies & Local Storage

This site uses a minimal number of browser storage mechanisms:

localStorage (first-party)

• Key: sf-cookie-consent
• Purpose: Remembers that you have acknowledged the cookie notice.
• Expiry: Persists until you clear browser storage.
• Personal data: None — stores only the string "true".

Third-party cookies (YouTube / Google)

When you play an embedded video, YouTube (youtube-nocookie.com) may set cookies in your browser. These cookies are governed by Google's cookie policy and are beyond our direct control. You can prevent these cookies by not interacting with embedded video players, or by using a browser extension that blocks third-party cookies.

Managing cookies

You can delete or block cookies at any time through your browser settings. Instructions are available at aboutcookies.org. Please note that blocking all cookies may affect website functionality.

6. Data Retention

• Waitlist email addresses are retained until the launch of the Synthetic Frame platform, or until you request removal — whichever comes first.
• Email correspondence is retained for up to 3 years for business continuity and legal record-keeping purposes.
• Server logs are retained by our hosting provider in accordance with their data retention schedule.

When data is no longer required, it is securely deleted or anonymised.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful loss, access, or disclosure. These measures include:

• HTTPS encryption (TLS) on all pages via our hosting provider's managed certificates.
• Access controls restricting who within Synthetic Frame can access personal data.
• Minimising data collection to only what is necessary for stated purposes.

No method of transmission over the internet or method of electronic storage is 100% secure. If you believe your data has been compromised, please contact us immediately at humans@syntheticframe.com.

8. International Data Transfers

Synthetic Frame Inc. is based in the United States. If you access our website from the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal data may be transferred to and processed in the United States.

We rely on the following transfer mechanisms to ensure adequate protection for such transfers:

• EU-U.S. Data Privacy Framework (DPF): For transfers to our hosting provider and Google, who are both certified under the DPF.
• Standard Contractual Clauses (SCCs): Where required, we will enter into SCCs approved by the European Commission with relevant processors.

9. Your Rights (GDPR – EEA & UK Residents)

Under the GDPR and UK GDPR, you have the following rights regarding your personal data:

• Right of access — You may request a copy of the personal data we hold about you.
• Right to rectification — You may ask us to correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — You may request deletion of your personal data where we no longer have a lawful basis to retain it.
• Right to restrict processing — You may ask us to pause processing while a dispute is resolved.
• Right to data portability — You may request your data in a machine-readable format for transfer to another controller.
• Right to object — You may object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
• Right to lodge a complaint — You have the right to lodge a complaint with your local supervisory authority. For EU residents: EDPB Member List. For UK residents: ICO.

To exercise any of these rights, please contact us at humans@syntheticframe.com. We will respond within 30 days. We may need to verify your identity before fulfilling the request.

10. Your Rights (CCPA – California Residents)

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have the following rights:

• Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties with whom we share it.
• Right to Delete — You may request deletion of your personal information subject to certain exceptions.
• Right to Correct — You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing — We do not sell or share personal information for cross-context behavioural advertising. No opt-out action is required, but you may contact us to confirm this.
• Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.
• Right to Limit Use of Sensitive Personal Information — We do not process sensitive personal information as defined under CPRA.

Categories of personal information collected (CCPA disclosure)

• Identifiers: Email address (waitlist/contact only).
• Internet/network activity: IP address, browser type, pages visited (server logs via our hosting provider).
• No financial data, geolocation, biometric data, health data, or sensitive personal information is collected.

To submit a CCPA request, email us at humans@syntheticframe.com with the subject line "CCPA Privacy Request". We will respond within 45 days as required by law.

11. Children's Privacy (COPPA)

Our website contains horror-themed content and is intended for audiences aged 18 years and older. We do not knowingly collect personal information from individuals under the age of 13.

If you are a parent or guardian and believe your child under 13 has submitted personal information to us, please contact us at humans@syntheticframe.com and we will promptly delete that information in accordance with the Children's Online Privacy Protection Act (COPPA).

12. Third-Party Links

Our website may contain links to external websites and embedded content (including YouTube videos). We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any external sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will update the "Effective date" at the top of this page. We encourage you to review this policy periodically.

Your continued use of the website after any changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: