Privacy Policy
Update date: July 1, 2026
Data controller
Skymerse Inc., 2261 Market Street STE 86173, San Francisco, CA 94114, United States ("Skymerse," "we," "us," or "our") is the data controller responsible for the personal data collected through this website.
For any privacy-related inquiries, you can reach us at [email protected].
What data we collect
We collect the following personal data through this website:
- Waitlist sign-up: your email address.
- Contact form: your name, email address, and any information you include in your message.
- Technical data: when you visit the site, our hosting infrastructure automatically records your IP address and request metadata (such as browser type, pages requested, and timestamps) in server logs. This happens regardless of your cookie choices and is used solely to serve the website and keep it secure.
If you consent to analytics cookies, we also use Google Analytics 4 to collect pseudonymous usage data when you visit this website. This data includes online identifiers (such as cookie IDs and device characteristics) that do not directly identify you but are not fully anonymous. See "Cookies and tracking" below for details.
Why we collect it
- To confirm your waitlist sign-up and send launch and product updates.
- To respond to inquiries submitted through the contact form.
- To operate the website and protect it against abuse, fraud, and security incidents.
- To comply with legal obligations.
Legal basis for processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Consent (Article 6(1)(a) GDPR) - when you voluntarily submit your email to join the waitlist, send us a message through the contact form, or accept analytics cookies. You may withdraw your consent at any time by emailing us, using the unsubscribe mechanism in our emails, or changing your cookie preferences.
- Legitimate interests (Article 6(1)(f) GDPR) - to operate this website securely and reliably, we process technical data such as IP addresses and server logs. We have balanced this interest against your rights, and you may object to this processing at any time (see "Your rights" below).
- Legal obligation (Article 6(1)(c) GDPR) - where we are required to retain data by applicable law.
Your rights under the GDPR
If the GDPR applies to you, you have the following rights regarding your personal data:
- Access - request a copy of the personal data we hold about you.
- Rectification - request correction of inaccurate or incomplete data.
- Erasure - request deletion of your personal data ("right to be forgotten").
- Restriction - request that we limit how we process your data.
- Portability - receive your data in a structured, machine-readable format.
- Objection - object to processing based on legitimate interest.
- Withdraw consent - at any time, without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, contact us at [email protected]. We will respond within one month. If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.
US privacy rights (CCPA/CPRA and state laws)
If you are a resident of California or another US state with applicable privacy legislation (such as Virginia, Colorado, Connecticut, or Utah), you may have the right to:
- Know what personal information we collect and how it is used.
- Request access to or deletion of your personal information.
- Opt out of the sale or sharing of your personal information.
- Not be discriminated against for exercising your privacy rights.
Categories of personal information collected (CCPA)
Under the California Consumer Privacy Act, the categories of personal information we collect are:
- Identifiers - name and email address (via waitlist sign-up and contact form), and IP address (via server logs).
- Internet or other electronic network activity information - server request logs (collected automatically for security and operations), and pages visited, device type, browser, referral source, and interaction data (via Google Analytics 4, only with your consent).
- Geolocation data - approximate location at the country/city level (derived from IP address by Google Analytics, only with your consent).
We do not sell, share, or use personal information for targeted advertising or cross-context behavioral advertising. To submit a privacy request, email [email protected].
Do Not Track and Global Privacy Control
Some browsers and extensions send "Do Not Track" (DNT) or Global Privacy Control (GPC) signals. Analytics cookies on this site are loaded only if you opt in, and we do not sell or share personal information or use it for targeted advertising, so there is no sale or sharing for these signals to opt out of. We honor GPC signals where applicable law requires. We do not respond to the older DNT header, as there is no industry-standard interpretation for it.
Data retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
- Waitlist emails are kept until you unsubscribe, request deletion, or for up to 24 months after our product launches - whichever comes first.
- Contact form data is kept for up to 12 months after your inquiry is resolved, unless a longer retention period is required by law.
- Server logs and technical data are retained for a short period necessary for security monitoring and troubleshooting, after which they are deleted.
After the applicable retention period, your data is permanently deleted.
Third-party service providers
We share personal data only with service providers who process data on our behalf under appropriate data protection agreements:
- Transactional email service (Postmark by ActiveCampaign) - to deliver waitlist confirmations and contact form notifications.
- Hosting provider (Vercel Inc.) - to serve this website; as part of hosting, Vercel processes IP addresses and request logs on our behalf.
- Analytics provider (Google LLC - Google Analytics 4) - to collect pseudonymous website usage statistics, only when you have given cookie consent.
We do not sell, rent, or otherwise disclose your personal data to third parties for their own marketing purposes.
International data transfers
Skymerse is based in the United States. If you are located outside the US (including in the EEA, UK, or Switzerland), your personal data will be transferred to and processed in the United States. Where required, we rely on our service providers' certification under the EU-U.S. Data Privacy Framework (and its UK and Swiss extensions) or on Standard Contractual Clauses (SCCs) approved by the European Commission, together with the data processing agreements we have in place with those providers.
Data security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS/SSL), access controls, and secure hosting infrastructure. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
Cookies and tracking
When you first visit this website, you are presented with a cookie consent banner. Analytics cookies are only loaded if you click "Accept." If you reject cookies, or dismiss the banner, no analytics cookies are set and Google Analytics is not loaded.
If you consent, this website uses Google Analytics 4 (provided by Google LLC) to help us understand how visitors use the site. Google Analytics sets cookies on your device and collects pseudonymous data such as:
- Pages visited, time spent on pages, and navigation paths.
- Approximate geographic location (country/city level, derived from IP address).
- Device type, browser, operating system, and screen resolution.
- Referral source (how you arrived at the site).
Google Analytics 4 uses first-party cookies (such as _ga and _ga_*) to distinguish unique visitors and sessions. These cookies are stored on your device for up to 2 years. Google Analytics 4 does not log or store IP addresses: it uses them transiently to derive approximate location (with EU traffic collected via EU-based servers) and then discards them. The data collected is pseudonymous - it does not directly identify you, but it is not fully anonymous as it includes persistent identifiers and device characteristics.
Google processes this data on our behalf under its Privacy Policy. You can change your cookie preference at any time using the "Manage Cookies" link in the website footer, by installing the Google Analytics Opt-out Browser Add-on, or by adjusting your browser's cookie settings.
We do not use any other tracking pixels, advertising cookies, or third-party analytics tools beyond Google Analytics.
Automated decision-making
We do not use your personal data for automated decision-making or profiling as defined under GDPR Article 22.
Children's privacy
Our website and services are not directed at children. We do not knowingly collect personal data from anyone under the age of 16 (or under 13 where COPPA applies in the United States). If we become aware that we have inadvertently collected data from a child under these age thresholds, we will promptly delete it. If you believe a child has provided us with personal data, please contact us at [email protected].
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Update date" at the top of this page and, where practicable, notify affected users directly (for example, by emailing waitlist subscribers). We encourage you to review this page periodically.
Contact
If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
- Skymerse Inc., 2261 Market Street STE 86173, San Francisco, CA 94114, US
- Email: [email protected]