Privacy Policy

1. Introduction

SPATIALWALK PTE. LTD. (“SpatialWalk,” “we,” “us,” or “our”) is a company incorporated in Singapore. We operate the Spatius platform, an AI-powered service that enables real-time human-AI interactions through photorealistic digital avatars, as well as a Software Development Kit (“SDK”) that allows third-party developers to integrate our avatar rendering technology into their own applications.

Registered Address:
70 Shenton Way, #16-13, EON Shenton, Singapore 079118

Contact: support@spatius.ai

This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you:

• Visit our website (spatius.ai) or use our Live Demo (spatius.ai, spatius.ai/playground ) where you interact directly with our avatar platform (“Consumer Service”);
• Use a third-party application that integrates the Spatius SDK (“Developer App”); or
• Register as a developer to use our SDK (“Developer Service”).

2. Important Notice: Controller vs. Processor

Our role in processing your personal data depends on how you interact with us:

Note to End-Users of Developer Apps: The Spatius SDK does not collect, transmit, or process end-user video, voice, or audio data. All avatar rendering computation occurs on the user’s local device. If you have privacy concerns about a third-party Developer App, please contact that application’s operator.

3. Personal Information We Collect

3.1 Consumer Service (Live Demo / Website)

Information you provide:

• Contact data: Name, email address, professional title, company name.
• Account data: Username, password, and profile details for registered accounts. If you register or log in using a third-party authentication provider (Google or GitHub), we receive from that provider your name, email address, profile photo, and a unique identifier associated with your account on that platform. We do not receive your password for those services.
• Communications data: Messages or inquiries you send to us.
• Payment data: Order information and payment card details processed via our payment processor (Stripe). We do not store raw card numbers.
• Marketing preferences: Your opt-in choices for receiving our communications.

Audio data and interaction data (Live Demo only):

When you use the Live Demo at playground.spatius.ai to interact with an AI avatar, we process:

• Audio Data: Your voice input captured via your device microphone solely to enable real-time AI conversation. This is processed through an Automatic Speech Recognition (ASR) model to generate a text transcript. The raw audio file is permanently deleted immediately upon completion of transcription. We do not retain voice recordings.
• Transcripts (Interaction Logs): The text transcript of your dialogue is generated and processed by LiveKit Cloud, our real-time communications infrastructure provider. LiveKit Cloud retains transcripts for up to 30 days on our behalf, after which they are permanently deleted. We do not independently store or access conversation transcripts except where required for safety or legal compliance purposes.
• Derived Animation Data: The AI-generated synthetic voice (not your voice) is analyzed to drive avatar lip-sync and facial expressions. Your biometric facial geometry is not collected or processed.

Automatically collected data:

• Device data: Operating system, browser type, device type, screen resolution, IP address, language settings.
• Usage data: Pages visited, session duration, navigation paths, access times.
• Communication interaction data: Email open/click tracking via pixel tags.
• Geolocation data: General location (city/country level) derived from IP address.

3.2 SDK Integrations (Developer Apps)

The Spatius SDK processes only AI-generated, synthesized audio to compute lip-sync and facial animation data. The SDK does not:

• Collect, record, or transmit end-user voice or audio input;
• Process end-user biometric data; or
• Retain any end-user personal information.

Technical logs (crashes, errors) are retained for 30 days for debugging purposes.

3.3 Developer Accounts

For developers registering to use our SDK or API:

• Contact data (name, email, company);
• API usage and technical logs;
• Payment and billing information.

3.4 Developer Avatar Generation (Image Uploads)

Developers with access to our avatar generation tools may upload photographs through our developer platform (https://app.spatius.ai) to create photorealistic 3D avatar models (“Generated Avatars”). In connection with this feature, we collect and retain:

• Source photographs uploaded by the developer;
• Generated 3D avatar model files produced from those photographs.

We retain source photographs and Generated Avatars for the duration of the developer’s account, and for up to 30 days following deletion, for the purposes described in Section 5.

Developer Responsibility: Developers are solely responsible for ensuring they hold all necessary rights, consents, and authorizations from any individual depicted in an uploaded photograph before submitting it to our platform. Developers must not upload photographs of individuals who have not provided explicit, informed consent to have their likeness used to create a digital avatar. SpatialWalk disclaims liability for any developer’s failure to obtain such consent.

4. Biometric Information Notice

4.1 Scope

We process the following categories of data that may constitute biometric information under applicable law:

• Live Demo (Consumer Service): Audio Data (voice recordings) processed via ASR. In certain jurisdictions this may be classified as a “biometric identifier” (e.g., under the Illinois Biometric Information Privacy Act, “BIPA”).
• Developer Avatar Generation: Facial photographs uploaded by developers to generate 3D avatar models. Facial images constitute biometric data under GDPR, CCPA/CPRA, BIPA, and other applicable laws.

We treat all such data as sensitive personal information regardless of applicable local law.

4.2 Purpose and Consent

By voluntarily using the Live Demo and providing voice input, you consent to the collection and processing of your Audio Data for the sole purpose of generating an immediate AI response. This consent can be withdrawn at any time by ceasing to use the Live Demo. Prior to using the Live Demo, you will be presented with a consent notice and asked to provide your explicit agreement before any audio processing begins.

4.3 No Voiceprint Database

Spatius does not maintain a searchable database of user voiceprints or facial geometry. We do not sell, lease, or trade biometric data to any third party.

4.4 Retention

• Audio Data (Consumer Service): Deleted immediately upon completion of ASR transcription.
• SDK integrations: No end-user audio data is collected.

5. How We Use Your Personal Information

We use personal information for the following purposes:

AI Model Improvement: We may use aggregated, anonymized usage data (such as session metadata and interaction patterns, but not conversation transcripts) to benchmark and improve our AI models.

Trust and Safety: We may analyze inputs to detect and prevent violations of our Acceptable Use Policy (including attempts to generate harmful, abusive, or unlawful content).

6. Tracking Technologies

We use cookies, web beacons, and similar technologies:

• Essential cookies: Required for authentication (Google, Github), session management, and payment fraud prevention (Stripe).
• Analytics cookies: We use third-party analytics tools (e.g., PostHog) to understand how users interact with our Service.
• Marketing cookies: Used only with your consent for interest-based advertising.

You may manage cookies through your browser settings or via the “Cookie Settings” link in our website footer. Note that disabling certain cookies may affect the functionality of the Service.

Do Not Track: We do not currently respond to “Do Not Track” browser signals, as no universal standard exists. You may manage your preferences via cookie settings above.

Global Privacy Control (GPC): We are working to recognize and honor Global Privacy Control signals. In the interim, California residents may opt out of the sale or sharing of their personal information by contacting us at support@spatius.ai.

7. How We Share Your Personal Information

We do not sell your personal information. We share data only as described below:

• Service providers: Infrastructure providers (e.g., AWS, Google Cloud), real-time communications infrastructure (LiveKit Cloud), ASR providers, analytics tools (PostHog), email delivery providers, and payment processors (Stripe). All service providers are bound by data processing agreements.
• Authentication providers: If you use Google or GitHub to log in, your authentication is handled by those platforms under their respective privacy policies (Google Privacy Policy; GitHub Privacy Policy). We receive only the account data described in Section 3.1 and do not share your data back to these providers beyond what is necessary to complete authentication.
• Developer App operators: If you are a Developer App end-user, we may share anonymized error logs or usage statistics with the relevant developer to assist in debugging.
• Professional advisors: Lawyers, auditors, and insurers where necessary for professional services.
• Authorities: Law enforcement or government bodies where required by valid legal process or to protect our rights or the safety of others.
• Business transferees: In connection with a merger, acquisition, or sale of assets. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.
• With your consent: To third parties you have explicitly authorized.

8. Data Retention

When we no longer require personal information, we will delete, anonymize, or securely isolate it from further processing.

9. International Data Transfers

SpatialWalk is headquartered in Singapore, operating the Spatius platform. We and our service providers operate globally, including in countries that may not provide the same level of data protection as Singapore, the EU, or the UK.

Where we transfer personal data outside Singapore, we implement appropriate safeguards, including:

• Adequacy decisions: Transferring to countries recognized by the relevant authority as providing adequate protection.
• Standard Contractual Clauses (SCCs): Using EU Commission-approved SCCs (or UK International Data Transfer Agreements) for transfers to EEA/UK residents’ data.
• Contractual protections: Binding agreements with all data recipients outside Singapore.

Singapore is not currently designated as adequate by the European Commission. Transfers of EEA/UK residents’ personal data to Singapore are therefore made under SCCs.

You may contact us at support@spatius.ai for information on the specific safeguards applicable to your data transfer.

10. Your Rights and Choices

10.1 General Rights (All Users)

• Access and update: Log in to your account to review or correct your information, or contact us.
• Opt out of marketing: Follow the unsubscribe instructions in any marketing email, or contact support@spatius.ai.
• AI training opt-out: To opt out of use of your anonymized session metadata for AI training purposes, email support@spatius.ai.
• Cookie management: Via the Cookie Settings link on our website.
• Account deletion: Email support@spatius.ai with the subject line “Account Deletion Request.”

10.2 Rights Under Singapore PDPA

As a Singapore-incorporated company (SPATIALWALK PTE. LTD.), we comply with the Singapore Personal Data Protection Act 2012 (PDPA). You have the right to:

• Access the personal data we hold about you;
• Correct any inaccurate personal data; and
• Withdraw consent for collection, use, or disclosure, subject to legal or contractual constraints.

Submit requests to: support@spatius.ai. We will respond within 30 days.

10.3 Rights Under GDPR (EEA and UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom (UK), you have additional rights under the GDPR / UK GDPR:

• Deletion (“right to be forgotten”)
• Restriction of processing
• Data portability
• Object to processing based on legitimate interests or for direct marketing
• Withdraw consent at any time (without affecting lawfulness of prior processing)
• Lodge a complaint with your local supervisory authority:
  • EEA: https://edpb.europa.eu/about-edpb/board/members_en
  • UK: https://ico.org.uk/make-a-complaint/

GDPR Representative (Article 27): SpatialWalk is not established in the EEA or UK. Based on our current operations and user base, we have assessed that we are not required to appoint an Article 27 representative at this time, as we do not systematically offer goods or services to, or monitor the behaviour of, individuals in the EEA or UK. We will keep this assessment under review and will appoint a representative if our operations change.

Submit GDPR requests to: support@spatius.ai

10.4 Rights Under US State Privacy Laws

California Residents (CCPA/CPRA):

• Right to Know, Access, Delete, and Correct your Personal Information.
• Right to Opt-Out of Sale or Sharing (we do not sell personal information).
• Right to Limit use of Sensitive Personal Information.
• Right to Non-Discrimination.

Submit requests to: support@spatius.ai

Verification: We will verify your identity via the email address associated with your account.

Virginia, Colorado, Connecticut, Texas, and Other States: Residents of these states have similar rights including access, correction, deletion, and opt-out of targeted advertising and profiling.

11. Children’s Privacy

The Consumer Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe we have collected personal information from a child without required consent, please contact support@spatius.ai and we will promptly delete such information.

SDK Developer Responsibility: Developers using the Spatius SDK are solely responsible for ensuring their applications comply with the Children’s Online Privacy Protection Act (COPPA), the UK Age Appropriate Design Code, and applicable local law. Developers must not integrate our SDK into applications directed at children under 13 without implementing appropriate age verification and parental consent mechanisms. Spatius disclaims liability for any developer’s failure to comply.

12. Security

We implement technical, organizational, and physical security measures to protect personal information, including:

• Encryption in transit (TLS 1.2+) and at rest;
• Access controls and least-privilege principles;
• Regular security assessments;
• Incident response procedures.

However, no system is perfectly secure. We will notify affected individuals and relevant authorities of data breaches as required by applicable law (including within 3 business days to the Singapore Personal Data Protection Commission (PDPC) for notifiable data breaches, and within 72 hours to EU supervisory authorities for GDPR-notifiable breaches).

13. Other Websites and Services

Our Service may contain links to third-party websites or applications. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing personal information.

14. Changes to this Privacy Policy

We may update this Privacy Policy at any time. Material changes will be communicated by updating the “Last Updated” date and, where appropriate, by email or in-Service notification. Where a change affects processing based on your consent, we will seek your consent before the new processing begins. If you do not agree with any changes, you should discontinue use of the Service.

15. Contact Us

For questions, requests, or complaints regarding this Privacy Policy:

SPATIALWALK PTE. LTD.
(operating the Spatius platform)
70 Shenton Way, #16-13, EON Shenton
Singapore 079118

Email: support@spatius.ai

We aim to respond to all inquiries within 30 days.