Privacy Policy

Last Updated: March 10, 2026

Our Commitment to Privacy and Data Protection. microagi is committed to upholding the highest standards of data privacy and protection. Our vision to build the definitive platform for robotics training data is founded on principles of transparency, security, and rigorous legal compliance. This Privacy Policy is designed to provide a clear and comprehensive explanation of how we collect, use, process, and protect information in connection with our website, platform, and data collection activities.

We recognize the importance of the data entrusted to us and have engineered our systems and procedures from the ground up based on the principles of Privacy by Design and Privacy by Default. Our practices are structured to comply with the European Union's General Data Protection Regulation (GDPR) and Turkey's Personal Data Protection Law (Kişisel Verilerin Korunması Kanunu, or KVKK), reflecting our operational presence in both jurisdictions. The core principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and integrity and confidentiality are embedded in all our data processing activities.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically to stay informed.

Scope of This Policy

This Privacy Policy applies to all individuals who interact with microagi's services, including:

• Website Visitors: Individuals who browse or interact with our official website, microagi.com.
• Platform Users: Individuals or representatives of organizations who register for an account on our platform, subscribe to our API services, or otherwise use our data distribution services.
• Data Contributors: Individuals, primarily located in Turkey, who are employed to participate in our data collection programs by performing tasks while wearing egocentric smart glasses.

Data Controller Information

Under applicable data protection laws, it is essential to identify the entity or entities responsible for your data. Given our international structure, the roles are defined as follows:

• Primary Data Controller (for GDPR purposes):
  MicroAGI, Inc.
  Aachen, 52070, Germany
  MicroAGI, Inc. is the primary data controller for personal data collected from Website Visitors and Platform Users globally. It determines the purposes and means of processing for all personal data subject to the GDPR. It is also the data controller for the anonymized robotics datasets that are managed, versioned, and distributed through our platform.
• Data Processor (for Turkish Data Capture Operations):
  microagi Veri Toplama Ltd. Şti. i.G.
  Ankara, Turkey
  For the specific activity of capturing egocentric demonstration data in Turkey, microagi Veri Toplama Ltd. Şti. i.G. operates as a data processor on behalf of MicroAGI, Inc. This means it processes the data based on the strict instructions of the data controller (MicroAGI, Inc.). For personal data related to its own employees and its local administrative operations in Turkey, microagi Veri Toplama Ltd. Şti. i.G. acts as a data controller under KVKK.

This distinction is fundamental to our compliance framework. It establishes a clear line of accountability under GDPR to our German entity and its lead supervisory authority, while defining the specific, instructed role of our Turkish entity in the data lifecycle.

Part I: Processing of Your Personal Data on Our Website and Platform

Section 1: Information We Collect and Process

We collect information to provide and improve our services. The types of information we collect depend on how you interact with us.

1.1 Personal Data You Provide to Us

When you interact directly with our website or platform, we collect personal data that you voluntarily provide. This includes:

• Account Registration Data: When you create an account to access our platform, we collect your name, email address, a secure password, your company name, and your job title. This information is necessary to establish and manage your account.
• Subscription and Billing Data: To subscribe to our paid tiers, we require billing and payment information. This data is securely collected and processed by our third-party payment processors (e.g., Stripe). We do not store your full credit card information on our servers; we may retain limited information such as the last four digits of your card and its expiration date for verification and administrative purposes.
• Communications Data: When you contact us through our website's contact forms, submit a support request, or communicate with us via email, we collect the information you include in your correspondence, such as your name, email address, and the content of your message. This allows us to respond to your inquiries effectively.
• Community and Forum Data: If you participate in our community forums or contribute to our open-source projects, we collect the information you choose to post, such as your username and the content of your contributions.

1.2 Usage Data and Information Collected Automatically

As you navigate and interact with our website and platform, we automatically collect certain information about your device and usage patterns. This helps us understand how our services are used, maintain security, and improve user experience.

• Log and Device Information: We collect standard log files and device information, including your Internet Protocol (IP) address, browser type and version, operating system, unique device identifiers, the pages you visited, and the dates and times of your access.
• Usage Analytics: We analyze how users interact with our services, collecting data on the features you use, the pages you visit, the time spent on those pages, the links you click, and other "clickstream" data. This helps us identify trends and improve our platform's functionality and performance.
• Cookies and Similar Tracking Technologies: We use cookies and similar technologies to operate and personalize our website. Cookies are small text files stored on your device. We use them for essential functions like keeping you logged in, as well as for performance analytics. We may use tools like Google Analytics, configured to anonymize your IP address, to understand website traffic. We provide you with granular control over non-essential cookies. For more detailed information, please refer to our separate Cookie Policy.

Section 2: How We Use Your Personal Data

We are committed to the principle of "purpose limitation," meaning we only use your personal data for specified, explicit, and legitimate purposes. The data collected in Section 1 is used as follows:

• To Provide, Maintain, and Improve Our Services.
• To Personalize Your Experience.
• To Provide Customer Support.
• To Communicate with You.
• For Analytics and Service Improvement.
• For Security and Fraud Prevention.
• To Comply with Legal Obligations.

Section 3: Legal Basis for Processing (GDPR & KVKK)

Every processing activity we undertake is grounded in a valid legal basis as required by both the GDPR and the KVKK. This dual-framework approach ensures our compliance across our operational jurisdictions.

3.1 Our Lawful Bases under GDPR (Article 6)

• Performance of a Contract (Article 6(1)(b) GDPR).
• Legitimate Interests (Article 6(1)(f) GDPR).
• Consent (Article 6(1)(a) GDPR).
• Legal Obligation (Article 6(1)(c) GDPR).

3.2 Our Conditions for Processing under KVKK (Article 5)

• Directly Related to the Establishment or Performance of a Contract (Article 5(2)(c) KVKK).
• Legitimate Interests of the Data Controller (Article 5(2)(f) KVKK).
• Explicit Consent (Article 5(1) KVKK).
• Compliance with a Legal Obligation (Article 5(2)(ç) KVKK).

Part II: Collection and Use of Robotics Training Data

Section 4: Egocentric Demonstration Data: Collection and Anonymization

This section details the core of microagi's business: the collection of data for robotics training. Our entire process is built upon a foundational commitment to "Anonymization-by-Design," ensuring that raw, identifiable personal data is never stored or processed in our central systems.

4.1 The Nature of Captured Data

Our data collection is conducted by trained Data Contributors, primarily employed by our Turkish subsidiary, microagi Veri Toplama Ltd. Şti. These contributors perform a range of "blue-collar" tasks while wearing commercially available egocentric smart glasses. These devices capture a rich, multi-modal data stream from the contributor's first-person perspective.

• Gaze-Aligned RGB-D Video.
• Inertial Measurement Unit (IMU) Data.
• 6-Degrees-of-Freedom (6-DoF) Hand Pose Data.

4.2 Our Anonymization-by-Design Commitment: On-Device Processing

The cornerstone of our privacy and legal compliance strategy is our robust, non-bypassable anonymization pipeline that runs at the edge, directly on the capture device, before any data is uploaded to our cloud infrastructure. This approach embodies the principles of Data Protection by Design and Data Minimization, as it prevents raw personal data from ever entering our systems.

This on-device pipeline utilizes advanced machine learning models to perform irreversible transformations such as automated face blurring and identifier obfuscation.

4.3 The Legal Status of Anonymized Data under GDPR and KVKK

The distinction between anonymized data and personal data is legally significant. Our process is meticulously designed to achieve true anonymization, placing the resulting datasets outside the scope of personal data protection laws.

Section 5: Use and Distribution of Anonymized Datasets

The purpose of creating these anonymized datasets is to accelerate innovation in the fields of artificial intelligence and robotics. We operate a dual-tiered distribution model designed to foster a vibrant research community while building a sustainable business.

• Community and Open-Source Contributions.
• Commercial Subscriptions.

Part III: General Data Protection, Retention, and Transfer Provisions

Section 6: Data Security and Retention

We take the security of all data under our control very seriously. We have implemented appropriate technical and organizational measures to protect personal data and secure our proprietary anonymized datasets.

• Encryption.
• Access Control.
• Secure Infrastructure.
• Regular Audits and Monitoring.
• Employee Training.

Personal data is retained for as long as necessary to provide our services or comply with legal obligations. Anonymized robotics data may be retained for long-term research but is periodically reviewed.

Section 7: International Data Transfers

Our international corporate structure necessitates the transfer of data across borders. We ensure that all such transfers are conducted in full compliance with applicable data protection laws.

Transfers from Turkey to the EU rely primarily on the anonymized nature of the data, while ancillary personal data is safeguarded by Standard Contractual Clauses. Transfers from the EU to third countries rely on adequacy decisions or SCCs.

Part IV: Your Rights and Our Commitments

Section 8: Your Data Protection Rights

We are committed to ensuring you can exercise your rights over your personal data. The rights available to you depend on your location and the applicable data protection law.

GDPR rights include the right to be informed, access, rectification, erasure, restriction, data portability, and objection. KVKK rights include learning whether data is processed, requesting information, knowing third parties, rectification, erasure, objection to automated decisions, and seeking compensation.

To exercise any of your data protection rights, contact us at privacy@micro-agi.com. We will respond without undue delay and within statutory timelines.

Section 9: Specific Commitments for German Operations

For any future data collection pilots or programs involving employees or other individuals in Germany, microagi commits to conducting a thorough Data Protection Impact Assessment (DPIA) and cooperating with Works Councils as required by German law.

Section 10: Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us.

Email: privacy@micro-agi.com
Data Protection Officer: Bercan Kilic

You have the right to lodge a complaint with a data protection authority. For matters related to GDPR, our lead supervisory authority is the competent data protection authority for our establishment in Germany. For matters related to KVKK, the competent authority is the Turkish Personal Data Protection Authority. We would appreciate the chance to deal with your concerns before you approach an authority.