Legal

Privacy Policy

Effective date: 1 January 2026 Last updated: 1 January 2026 Version: 1.0

Summary

6Degrees collects minimal personal data, uses it only to provide our services and communicate with you, never sells it, and gives you full control over it at any time. We are GDPR compliant and your data stays in Europe.

Who we are

6Degrees (trading as 6Degrees AI) is a brand of Web3 Audience Group. We build AI-first social media infrastructure for enterprise brands — combining strategic intelligence with generative video creative at scale.

For the purposes of EU/UK GDPR, 6Degrees acts as the data controller for personal data collected via this website and our commercial activities.

Data Controller

6Degrees AI / Web3 Audience Group

Email: [email protected]

Website: 6dgrees.ai

Definitions

Personal data	Any information relating to an identified or identifiable natural person.
Processing	Any operation performed on personal data (collection, storage, use, disclosure, deletion).
Data subject	You — the individual whose personal data we process.
Controller	The entity that determines the purposes and means of processing (us).
Processor	A third party that processes data on our behalf under our instructions.
GDPR	EU General Data Protection Regulation 2016/679 and its UK equivalent (UK GDPR).

Data we collect

Information you provide directly

When you complete our Request Access form, we collect:

First and last name
Work email address
Job title and company name
Industry vertical
Number of brands you manage
Geographic markets of interest
A brief description of your challenge or use-case

When you contact us by email, we collect the content of your correspondence and your email address.

Information collected automatically

If you accept cookies, we may collect:

Usage data — pages visited, time on site, referral source, browser and device type
Technical data — IP address (anonymised), viewport, operating system

We do not use session recordings, fingerprinting, or behavioural advertising trackers.

Information we do not collect

Payment or financial data (we use no on-site checkout)
Sensitive personal data (health, ethnicity, religion, political opinions)
Data from children under 18

How we use your data

Purpose	Detail
Respond to enquiries	We use contact details you submit to reply to your Request Access form and any subsequent correspondence.
Sales & commercial discussions	We use your professional details to assess fit and tailor our proposal to your organisation.
Sending confirmation emails	We send a single automated confirmation when you submit our form.
Service analytics	Aggregated, anonymised data helps us understand how the website is used and improve it.
Legal obligations	We may process data where required by law or to defend legal claims.

We will never use your data to train AI models, sell it to third parties, or send unsolicited marketing without your consent.

Legal bases for processing

Under GDPR, we must have a lawful basis for each processing activity:

Legitimate interests — responding to your enquiry and conducting pre-sales discussions (Article 6(1)(f)). We have balanced this against your rights and believe it is proportionate.
Contract performance — once a commercial relationship begins, processing is necessary to perform our obligations (Article 6(1)(b)).
Legal obligation — where required by applicable law (Article 6(1)(c)).
Consent — for non-essential cookies, where you have explicitly clicked "Accept all" on our cookie banner (Article 6(1)(a)). You may withdraw this at any time.

Data sharing & third parties

We do not sell your personal data. We share it only with the following categories of processors, each bound by data processing agreements:

Notion — our internal CRM/database where form submissions are stored securely.
SendGrid (Twilio) — used to send transactional confirmation emails on form submission.
Cloudflare — hosts our serverless worker that routes form data. Cloudflare processes network traffic but does not store form content.
AWS — hosts our website. Logs are minimal and auto-deleted.

We may disclose data to law enforcement or regulators where required by law or to protect our legitimate legal interests.

International transfers

Our primary data processing occurs within the European Economic Area (EEA). Where a processor is based outside the EEA (e.g., Notion and SendGrid are US-based), we ensure adequate protection through:

EU Standard Contractual Clauses (SCCs) — the approved mechanism for EEA→US transfers under GDPR
Adequacy decisions where applicable

We do not transfer data to countries without adequate protection.

Data retention

We retain your personal data only for as long as necessary:

Enquiry data (no commercial relationship): 12 months from your last interaction, after which it is deleted from our systems.
Client data (active commercial relationship): for the duration of the relationship plus 6 years to comply with financial record-keeping obligations.
Cookie/analytics data: aggregated and anonymised after 90 days; raw logs deleted within 30 days.
Email correspondence: up to 3 years unless you request earlier deletion.

You may request deletion at any time — see Section 9.

Your rights

Under GDPR you have the following rights regarding your personal data. To exercise any of them, email [email protected]. We will respond within 30 days.

Right of access — obtain a copy of the personal data we hold about you.
Right to rectification — correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations.
Right to restrict processing — limit how we use your data in certain circumstances.
Right to data portability — receive your data in a machine-readable format.
Right to object — object to processing based on legitimate interests.
Right to withdraw consent — for cookie consent, use the banner on our site at any time; for other consent-based processing, contact us.
Rights related to automated decision-making — we do not use fully automated decision-making that produces legal effects.

Supervisory authority

If you are unhappy with how we handle your data, you have the right to lodge a complaint with your local data protection authority. For UK residents this is the ICO (ico.org.uk). For EU residents, contact your national DPA.

Cookies

We use a small number of cookies to make our website work and to understand how it is used. For full details on the cookies we set, their purpose, and how to manage them, please see our Cookie Policy.

You can manage your preferences at any time via the cookie banner that appears on your first visit to our site.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

TLS encryption for all data in transit
Access controls limiting who within 6Degrees can view form submissions
API key rotation and least-privilege access for third-party integrations
Regular review of our data processing activities

No method of transmission over the internet is 100% secure. If you believe your data has been compromised, please contact us immediately at [email protected].

Children

Our website and services are directed exclusively at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will take reasonable steps to notify affected individuals. Continued use of our website after changes are posted constitutes acceptance of the updated policy.

Previous versions of this policy are available on request.

Contact & complaints

For any questions, requests to exercise your rights, or concerns about how we handle your data:

Data Privacy — 6Degrees AI / Web3 Audience Group

Email: [email protected]

Response time: within 30 calendar days of receiving your request.

If you are not satisfied with our response, you may escalate to your national data protection authority (e.g., the ICO in the UK).