Privacy Policy

1. Scope and Applicability

This Privacy Policy applies to all users of MetaCloud services, including but not limited to the MetaCloud web platform, mobile applications, wearable device integrations, virtual reality (VR) environments, APIs, and any associated tools or features (collectively, the "Services"). By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

If you use the Services on behalf of an organization, you represent that you are authorized to accept this Policy on behalf of that organization.

2. Personal Data We Collect

MetaCloud provides a comprehensive digital ecosystem that integrates cloud storage, artificial intelligence, communication, scheduling, wearable devices, and immersive environments. To deliver and improve these Services, we collect and process the following categories of Personal Data:

2.1 Data You Provide Directly

• Account and Identity Information: Name, email address, username, password or authentication credentials, date of birth, profile photographs, and any other information you provide during account registration or profile configuration.
• Payment and Transaction Data: Billing address, payment method details (processed through certified third-party payment processors), purchase history, subscription status, invoices, and transaction records.
• User Content: Any files, documents, photographs, videos, audio recordings, voice memos, messages, notes, or other materials you upload, create, store, transmit, or share through the Services.
• Communications: Content and metadata of messages you send or receive through MetaCloud communication features, including email drafts, sent messages, automated messages, and calendar event content.
• Feedback and Correspondence: Information you provide when contacting customer support, responding to surveys, participating in research programs, or communicating with us through any channel.

2.2 Data Collected from Connected Devices and Wearables

When you connect wearable devices or IoT-enabled hardware to MetaCloud, we may collect:

• Biometric and Health Data: Heart rate, blood oxygen levels, sleep patterns, stress indicators, body temperature, respiratory rate, and other physiological measurements as reported by your devices.
• Activity and Motion Data: Step counts, distance traveled, calories expended, exercise type and duration, movement patterns, acceleration data, and gyroscope readings.
• Audio Capture: Voice recordings, ambient audio captured during meeting recording sessions, voice commands, and audio input used for transcription services.
• Location Data: GPS coordinates, approximate location derived from network signals, altitude, speed, and geofence events, where enabled by you.
• Device Telemetry: Battery status, connectivity state, firmware version, sensor capabilities, and synchronization timestamps.

2.3 Data Collected from Virtual Reality and Immersive Environments

When you use MetaCloud VR features or access content through VR-enabled devices, we may collect:

• Spatial and Positional Data: Head position and orientation, body position, height estimation, room-scale boundary information, and controller/hand tracking coordinates.
• Gaze and Attention Data: Eye tracking information, gaze direction, fixation points, pupil dilation, blink frequency, and visual attention patterns where supported by your hardware.
• Movement and Gesture Data: Full-body motion capture data, hand gestures, walking patterns, interaction velocities, and haptic feedback responses.
• Environmental Data: Room dimensions, lighting conditions, guardian boundary configurations, and passthrough camera data processed locally for spatial awareness.
• Interaction Metadata: Objects viewed or interacted with, duration of interactions, navigation paths within virtual environments, and user interface engagement patterns.

2.4 Data Collected Automatically

When you access or use the Services, we automatically collect:

• Technical and Device Information: IP address, browser type and version, operating system, device manufacturer and model, screen resolution, device identifiers (including advertising identifiers where applicable), hardware configuration, and system language settings.
• Usage and Interaction Data: Pages and features accessed, actions taken, search queries, AI prompts and interactions, file operations performed, session duration, navigation paths, click patterns, scroll behavior, and feature adoption metrics.
• Network and Connection Data: Internet service provider, connection type (Wi-Fi, cellular, wired), bandwidth estimates, latency measurements, and network identifiers.
• Log and Diagnostic Data: Server logs, error reports, crash data, performance metrics, API call records, authentication events, and security-related events.
• Cookies and Similar Technologies: Session identifiers, authentication tokens, preference cookies, and locally stored data necessary for the operation of the Services. We do not use third-party advertising or cross-site tracking cookies.

2.5 Data from Third-Party Sources

We may receive Personal Data from third-party sources, including:

• Authentication providers when you sign in using third-party credentials (e.g., OAuth, SSO).
• Payment processors regarding transaction status and fraud assessment.
• Partners and integrations you authorize to connect with your MetaCloud account.
• Publicly available sources, to the extent permitted by applicable law.

2.6 Derived and Inferred Data

Through the operation of our AI systems and analytical processes, we may derive or infer additional information from the data described above, including but not limited to behavioral patterns, preferences, productivity insights, health trends, scheduling habits, communication style profiles, and content categorization metadata.

3. Purposes of Processing

We process your Personal Data for the following purposes:

• Service Delivery: To provide, operate, and maintain the core functionality of the Services, including cloud storage, file management, AI processing, calendar management, communication automation, wearable integration, and VR content delivery.
• Personalization and AI Features: To power artificial intelligence capabilities including transcription, summarization, smart scheduling, content analysis, pattern recognition, predictive features, and personalized recommendations within your account.
• Security and Integrity: To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our terms; to authenticate users and maintain access controls; and to protect the rights and safety of our users and third parties.
• Service Improvement: To analyze usage patterns, diagnose technical issues, optimize performance, develop new features, and improve the overall quality and reliability of the Services.
• Communications: To send service-related notifications, security alerts, maintenance notices, billing information, and (where you have opted in) marketing or promotional communications.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests; to enforce our terms and policies; and to establish, exercise, or defend legal claims.
• Research and Development: To conduct internal research, testing, and analysis to develop and improve AI models, algorithms, and service features, using appropriately de-identified or aggregated data where feasible.

4. Legal Bases for Processing (EEA/UK/Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing your Personal Data include:

• Performance of Contract: Processing necessary to provide you with the Services as described in our Terms of Service.
• Legitimate Interests: Processing necessary for our legitimate interests, including service improvement, security, fraud prevention, and business operations, where not overridden by your fundamental rights.
• Consent: Where you have provided explicit consent for specific processing activities, such as certain health data processing or optional communications.
• Legal Obligation: Processing necessary to comply with a legal obligation to which we are subject.

5. Data Sharing and Disclosure

MetaCloud does not sell your Personal Data to third parties. We do not provide your Personal Data to third parties for their own marketing purposes. We may disclose your Personal Data only in the following limited circumstances:

• Service Providers: We engage trusted service providers who process data on our behalf under contractual obligations of confidentiality and data protection, solely to assist in operating and delivering the Services (e.g., infrastructure hosting, payment processing, customer support tools).
• Legal Requirements: We may disclose Personal Data where we reasonably believe disclosure is required by applicable law, regulation, legal process, or governmental request. Where legally permissible, we will endeavor to notify you of such disclosure.
• Protection of Rights: We may disclose Personal Data where we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, Personal Data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
• Aggregated or De-identified Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for purposes such as research, analytics, or industry benchmarking.
• With Your Consent: Where you direct us to share data, such as through share links, team features, or third-party integrations you authorize.

6. Data Security

We implement and maintain comprehensive technical and organizational measures designed to protect the confidentiality, integrity, and availability of your Personal Data. These measures include, but are not limited to:

• Encryption of data in transit using industry-standard transport layer security protocols.
• Encryption of data at rest using advanced encryption standards with hardware-backed key management.
• Distributed storage architecture designed to ensure that no single system component contains a complete, reconstructable copy of user data.
• Hardware-level security controls including tamper-resistant storage modules designed to prevent data recovery in the event of physical compromise.
• Strict access controls, role-based permissions, multi-factor authentication for infrastructure access, and principle of least privilege enforcement.
• Continuous monitoring, intrusion detection, automated threat response, and regular security assessments.
• Incident response procedures and breach notification protocols in compliance with applicable regulations.

While we employ extensive measures to protect your data, no system is completely immune to all threats. We continually evaluate and improve our security posture in response to the evolving threat landscape.

7. AI Processing and Model Training

MetaCloud uses artificial intelligence systems to provide core service functionality. Regarding AI and your data:

• AI processing of your Personal Data occurs within our secured infrastructure for the purpose of delivering service features to you.
• We do not use the content of your private files, messages, or personal communications to train publicly available or general-purpose AI models.
• We may use aggregated, de-identified usage patterns and anonymized interaction data to improve our AI systems and service quality.
• AI-generated outputs (summaries, transcriptions, insights, automated messages) derived from your data are accessible only within your account unless you choose to share them.
• You may disable specific AI features through your account settings; however, certain core service capabilities may depend on AI processing.

8. International Data Transfers

MetaCloud operates infrastructure globally. Your Personal Data may be transferred to, stored in, and processed in countries other than the country in which you reside. Where we transfer Personal Data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other mechanisms recognized by applicable data protection authorities.

9. Data Retention

We retain your Personal Data for as long as your account remains active and as necessary to fulfill the purposes described in this Policy. Specific retention practices include:

• Account and content data is retained for the duration of your active account and for a reasonable period thereafter to enable account recovery.
• Upon account deletion request, we initiate permanent removal of identifiable Personal Data from active systems within 30 days.
• Backup and archival copies are purged in accordance with our backup rotation schedules, typically within 90 days of deletion from active systems.
• Certain data may be retained beyond these periods where required by applicable law, for the establishment or defense of legal claims, or for legitimate business purposes (e.g., billing records, security logs).
• Anonymized and aggregated data that cannot be used to identify you may be retained indefinitely for analytical and service improvement purposes.

10. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

• Access: Request confirmation of whether we process your Personal Data and obtain a copy of such data.
• Rectification: Request correction of inaccurate or incomplete Personal Data.
• Erasure: Request deletion of your Personal Data, subject to certain legal exceptions. Upon a valid erasure request, we will permanently and irreversibly remove your Personal Data from our systems.
• Restriction: Request that we restrict processing of your Personal Data under certain circumstances.
• Data Portability: Request a copy of your Personal Data in a structured, commonly used, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdrawal of Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
• Complaint: Lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us at privacy@metacloud.network. We will respond to valid requests within 30 days (or as required by applicable law). We may request verification of your identity before processing certain requests.

11. Children's Privacy

The Services are not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect Personal Data from children. If we become aware that Personal Data has been collected from a child without verifiable parental consent, we will take steps to delete such data promptly.

12. Third-Party Links and Integrations

The Services may contain links to or integrations with third-party websites, products, or services. This Privacy Policy does not apply to such third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with MetaCloud.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you by email and/or by posting a prominent notice within the Services at least 30 days prior to the changes taking effect. Your continued use of the Services after the effective date of a revised policy constitutes acceptance of the updated terms.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy inquiries: privacy@metacloud.network
• General inquiries: contact@metacloud.network
• Online: Contact page