← Social Intelligence Labs

Privacy Policy Changes

A versioned record of every material change to our Privacy Policy. We append entries here whenever the live policy changes; prior entries are not edited.

v3.4

Effective June 3, 2026

Optional resume-matching feature added to the jobs page; new consent-based data category disclosed.

  • Section 3.B added: the /jobs page now offers an optional 'Match My Resume' feature. With explicit opt-in consent, users may upload a resume and email to receive ranked job matches.
  • New data category disclosed: resume file + extracted text, parsed details (skills, titles, seniority, location, years of experience, salary expectations), email, and request IP. Legal basis: explicit consent (GDPR Art. 6(1)(a) and, for any special-category data, Art. 9(2)(a); CCPA opt-in).
  • Processing and storage are on our own infrastructure; resume files are not stored with Vercel or sent to any third-party resume-processing service.
  • Added a dedicated Resume Matching — Privacy Notice at /legal/resume-matching with a self-serve hard-delete tool.

v3.3

Effective May 20, 2026

Access logging disclosed for non-public research areas; Notion added as a sub-processor.

  • Section 2.5 expanded: access-log fields now explicitly include the approximate geographic location (country, region, city) derived from IP, plus the referring URL.
  • Section 2.5 adds an 'Access logging for non-public research areas' note: visits to /datadashboard and /jobs are recorded (IP, derived location, user agent, referrer, path, timestamp) and stored in our internal Notion workspace to audit access to non-public material. Legal basis: legitimate interest. Retention: ≤24 months.
  • Sub-processor roster updated to include Notion (access-log storage).

v3.2

Effective May 9, 2026

Prighter Article 27 portal URL pinned to our dedicated tenant.

  • Section 16.6 updated: the Prighter contact link now points to our specific representative portal at app.prighter.com/portal/16846497002 (replacing the placeholder prighter.com link from v3.1).
  • Same change reflected in Terms §17, Cookie Policy §9, and the sub-processors roster.

v3.1

Effective May 9, 2026

Lab site cutover and EU/UK Article 27 representative.

  • Service definition extended to include socialintelligencelabs.com alongside whofollowsme.app and socialintelligence.app.
  • Operator contact channels routed to @socialintelligencelabs.com (privacy, security, dmca, support).
  • Section 16.6 added: appointed Prighter Group as our designated EU and UK Article 27 representative.
  • Sub-processor roster updated to include Prighter for the Article 27 mandate.

v3.0

Effective May 6, 2026

Legal-position update — CCPA "publicly available" carve-out, sharper LIA, factual non-data-broker position.

  • Section 3 reframed to lead with the CCPA Cal. Civ. Code §1798.140(v)(2) "publicly available information" carve-out. Scanned-profile data falls within the carve-out and is therefore outside CCPA's "personal information." Under GDPR there is no equivalent carve-out and we continue to treat scanned-profile data as personal data on Art. 6(1)(f) legitimate interest.
  • Section 3.4 sharpened the legitimate-interest balancing: creators have made their accounts public for the purpose of being discovered for business and creator-economy purposes, our processing supports that purpose, and we provide a self-service opt-out.
  • Section 7.1 rewrote the "sale" / "share" analysis: the carve-out means CCPA's sale rules do not attach to scanned-individual data; Customer data is personal information and is not sold. Opt-out at /legal/do-not-sell is honored as a matter of policy regardless of statutory characterization.
  • Section 16.5 added EU and UK Article 27 representative slots (placeholders pending appointment).
  • Section 17 restructured: 17.A California (with carve-out, sale/share status, SPI right to limit, DNSMPI link, GPC, non-discrimination, agents, metrics); 17.B single "Other US States" section listing Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Florida, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, Kentucky, Nebraska, plus Texas verbatim §541.103 disclosure and Nevada opt-out; 17.C brief Switzerland acknowledgment.
  • Section 18 rewrote the data-broker section as a factual non-broker position. Same change reflected at /legal/data-broker.

v2.0

Effective May 6, 2026

Major rewrite — substantive legal posture upgrade.

  • Added prominent independence callout naming every major social platform.
  • Restructured Customer-data and scanned-individual-data sections with per-category purpose / legal basis / retention / recipients tables.
  • Disclosed cross-Customer LLM cache reuse explicitly (§3.3).
  • Replaced bare "we do not sell" assertion with reasoned analysis (§7.1) and a dedicated /legal/do-not-sell opt-out flow.
  • Added profiling-and-Art-22 section that acknowledges the product performs profiling and allocates Art. 22 obligations to the Customer where Customers use outputs for adverse decisions (§11).
  • Added "lawfulness of public-data collection" representation (§12).
  • Switched primary international transfer mechanism from SCCs to EU-U.S. DPF where the receiving sub-processor is DPF-certified (§6).
  • Routed EEA/UK/Swiss data subjects exclusively to Anthropic for LLM classification, not Moonshot (§3.6).
  • Rebuilt children section to distinguish 18+ Customer requirement from 13+ COPPA threshold for inadvertently-processed minor data (§14).
  • Added per-jurisdiction response-time table (§9.1).
  • Refreshed GPC honoring list for Texas, Oregon, Delaware, NJ, NH, Minnesota, Maryland (§13).
  • Added Article 30 ROPA reference (§8) and Article 27 EU representative commitment (§16.4).
  • Added sub-processor objection right with right-to-terminate-without-penalty (§5).
  • Added §10 limitation block acknowledging already-downloaded copies are out of our technical control.
  • Tightened TLS commitment to 1.3 minimum (§15).
  • Distinguished 72-hour regulator notification from "without undue delay" individual notification (§15).
  • Added California SPI right-to-limit framework (§17.A.3).
  • Added Texas TDPSA verbatim disclosures required by §541.103 (§17.C).
  • Added §18 data-broker registration disclosure pointing to /legal/data-broker.
  • Added internal complaint-resolution timeline (§16.3): acknowledge within 5 business days.

v1.0

Effective May 3, 2026

First published privacy policy.

  • Initial 9-section policy covering data collected, sub-processors, sharing, retention, removal requests, children, and contact.