Privacy policy
Plain-English summary, then the details. We don't sell your data. We don't use your data to train models. We do collect what we need to run the service and reach you about it.
1. Who we are
This policy describes how Supreme Meta OS Pte Ltd ("Supreme Meta OS", "we", "us") collects, uses, and shares information about you in connection with the Supreme Meta OS platform, the metacofounder.com website, and related services (collectively, the "Service"). Registered office: Singapore. UEN 202517382K.
2. What we collect
From you
- Account data: email, name, company name, role, team size, time zone.
- Workspace content: the documents, prompts, conversations, and outputs you create using the Service.
- Customer data: the operational data you connect to the Service via integrations (CRM records, orders, tickets, etc.) — processed on your behalf as a processor.
Automatically
- Usage data: features used, performance metrics, error logs.
- Device data: IP address, user agent, approximate location.
- Cookies: session, security, and (with consent) analytics.
From third parties
- Auth providers: when you sign in via Google, Microsoft, or SSO.
- Integrations: data from the systems you connect, only as scoped by your OAuth grants.
3. How we use it
- To provide, maintain, and improve the Service.
- To respond to support requests and operate the customer relationship.
- To send transactional emails (confirmations, billing, security alerts).
- To send product updates and marketing — only with your consent, with one-click unsubscribe.
- To detect, prevent, and address fraud and abuse.
- To comply with legal obligations.
4. We do not train models on your data
Customer Data — content you and your users provide, including data processed via integrations — is never used to train any machine-learning model, ours or a third party's. We pass redacted prompts to model providers, and with BYOK your calls run under your own provider agreement. See our Security page for details.
5. Sharing
We share information only with:
- Subprocessors: infrastructure (AWS), model providers (OpenAI, Anthropic), and operational vendors. Current list at /subprocessors.
- Authorities: when required by law, with notice to you where legally permitted.
- Successors: in a merger, acquisition, or sale of assets — subject to this policy.
We never sell personal information.
6. Your rights
Depending on your region (GDPR, CCPA, PDPA, others), you have rights to access, correct, delete, port, restrict processing of, or object to processing of your data. Email [email protected] — we respond within 30 days.
7. Retention
- Workspace content: for the lifetime of your account, or as required by your plan's audit-log policy.
- Audit chain: minimum 30 days (Starter) to indefinite (Enterprise) — your contract specifies.
- Account data: 90 days after deletion request, then purged from active and backup systems.
8. International transfers
We may process data in jurisdictions outside your own. Transfers from the EEA / UK use Standard Contractual Clauses. Singapore is our primary processing location.
9. Cookies
We use strictly necessary cookies (session, security, CSRF). Analytics and marketing cookies require your consent and can be revoked any time from the cookie banner.
10. Children
The Service is not directed to children under 16. We do not knowingly collect data from them.
11. Changes
We may update this policy. Material changes will be announced by email and posted here at least 14 days before they take effect.
12. Contact
Data Protection Officer · Supreme Meta OS Pte Ltd
Email: [email protected]
For security disclosures: [email protected]
This page is a draft. The final wording for your jurisdiction will be reviewed by counsel before public launch. {{TODO: legal review with counsel}}