Privacy Policy

1. Introduction and Scope

socialistic.ai (the "Service") is operated by Tinkerland Technology Ltd. ("Tinkerland", "we", "us", or "our"). This Privacy Policy applies to all personal data collected through the Service available at , including data collected via the web application, APIs, and any related services. By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of the Service immediately. https://socialistic.haitai-social.com.

2. Service Architecture and Data Processing Environment

The Service operates on a distributed infrastructure comprising the following components: (a) a Next.js-based web application and API layer hosted on Vercel's serverless platform; (b) skill execution agents ("Goose agents") running on virtual private servers managed by Tinkerland; (c) authentication, relational database, and object storage services provided by Supabase. Each component processes personal data only to the extent necessary to perform its designated function. Inter-component communication is secured via HTTPS/TLS encryption in transit. We periodically review and update our infrastructure to maintain appropriate security standards.

3. Categories of Personal Data Collected

• 3.1 Account and Authentication Data. When you authenticate via a third-party OAuth provider (currently Google and GitHub), we receive and store your display name, email address, avatar URL, and the unique identifier assigned by the provider. We do not receive, store, or have access to your provider account password at any time.
• 3.2 User-Generated Content. This includes, without limitation: skill metadata (source URL, title, description, and configuration parameters), LLM API keys provided by skill creators, files and links submitted by consumers on the cold-start surface, and the full text of messages exchanged during conversation sessions. The specific categories of content collected depend on the features you use and the data you choose to provide.
• 3.3 Telemetry and Usage Data. We collect product analytics through PostHog, including but not limited to: pages viewed, user interface interactions, feature-level events, session duration, and referral sources. We also retain standard server-side logs containing IP addresses, HTTP user-agent strings, request timestamps, response codes, and request URIs. This data is used exclusively for service operation, performance monitoring, and debugging purposes.

4. Purposes and Legal Bases for Processing

We process your personal data for the following purposes: (a) to authenticate your identity and maintain your account; (b) to render, display, and distribute skill cards you create; (c) to provision and manage Goose agent sessions on your behalf; (d) to transmit your messages and content to third-party LLM providers as directed by the applicable skill configuration; (e) to diagnose errors, maintain service stability, and improve performance; and (f) to comply with applicable legal obligations. We do not sell, rent, or license personal data to third parties. We do not use the content of your messages, uploaded files, or conversation history to train, fine-tune, or improve any machine learning model.

5. Data Flow During Skill Execution

When a consumer initiates a skill session, the following data processing occurs: (i) the consumer's input — including text messages, uploaded files, code fragments, and URLs — is transmitted from the Service's backend to the third-party LLM provider designated by the skill creator's configuration (for example, Anthropic), using the API key provided by the creator; (ii) the LLM provider processes the input and returns a generated response; (iii) both the consumer's input and the provider's response are persisted in our database to enable session continuity and conversation history. We do not inspect, analyze, mine, or otherwise access the substantive content of your conversations or uploaded files for any purpose other than the technical delivery of the Service. The data-handling practices of each third-party LLM provider are governed exclusively by that provider's own privacy policy and terms of service, which we encourage you to review independently.

6. Data Security and Encryption

We implement industry-standard technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. LLM API keys provided by skill creators are encrypted at rest using AES-256 encryption; these keys are decrypted only at the moment of use during a skill session and are not accessible to any Tinkerland personnel, other users, or third parties. All data transmitted between client applications and our servers, and between internal service components, is protected by TLS 1.2 or higher. We do not access, review, or monitor the content of user conversations, uploaded files, or skill execution outputs. Access to production infrastructure is restricted to authorized personnel on a need-to-know basis and is subject to audit logging.

7. Third-Party Data Recipients

• 7.1 Identity Providers. Google LLC and/or GitHub, Inc. receive and process authentication data when you choose to sign in via their respective OAuth services.
• 7.2 LLM Providers. When a skill session is executed, your messages and any attached content are transmitted to the third-party LLM provider configured for that skill (for example, Anthropic PBC) via the creator's API key. We do not control and are not responsible for the data-handling practices of these providers.
• 7.3 Infrastructure and Service Providers. Vercel, Inc. (application hosting and CDN), Supabase, Inc. (database, authentication, and file storage), and PostHog, Inc. (product analytics). Each provider processes personal data solely as a data processor acting on our instructions and in accordance with their respective data processing agreements.

We do not disclose personal data to advertisers, data brokers, or any other third parties for marketing or commercial purposes.

8. Data Retention

Account data is retained for the duration of your active account. Skill metadata, conversation history, and uploaded files are retained until you delete them or until your account is closed. Upon account closure or deletion of specific content, the associated data is permanently removed from our active systems within thirty (30) calendar days. Residual copies in encrypted backups are purged in accordance with our standard backup rotation schedule, which does not exceed ninety (90) days.

9. Your Rights and Choices

Subject to applicable law, you have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data; (d) object to or restrict certain processing activities; and (e) request a portable copy of your data. You may delete your skills at any time from . To exercise any of these rights or to request account deletion, please contact us at . We will respond to verified requests within thirty (30) days or as required by applicable law. /me/skills · official@tinkerland.app

10. Cookies and Tracking Technologies

The Service uses a limited set of first-party cookies strictly necessary for authentication session management and language preference storage. PostHog deploys a first-party analytics cookie for visitor deduplication and session tracking; this cookie may be blocked via your browser settings without affecting the core functionality of the Service. We do not use third-party advertising cookies or cross-site tracking technologies.

11. Children's Privacy

The Service is not directed to, and we do not knowingly collect personal data from, individuals under the age of thirteen (13), or under the applicable age of digital consent in the user's jurisdiction. If we become aware that we have collected personal data from a child below the applicable age threshold, we will take prompt steps to delete such data.

12. Modifications to This Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will update the "Effective" date at the top of this document and, where practicable, provide notice through the Service. Your continued use of the Service after the posting of a revised policy constitutes your acceptance of the changes.

13. Service Continuity

The Service is operated and maintained by Tinkerland on a commercially reasonable, best-effort basis. We do not guarantee uninterrupted availability or any specific level of performance. We may modify, suspend, or discontinue any part of the Service at any time, with or without notice, subject to the provisions of Section 12 above regarding material changes.

14. Contact Information

For questions, concerns, or requests relating to this Privacy Policy or our data-handling practices, please contact us at . official@tinkerland.app