Machined

Black Friday: 50% off

Privacy Policy

Last updated: 16th November 2025

This Privacy Policy outlines how we collect, use, protect, and share information about you when you use our media form, media channel, software, application, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the "Service") through access to and use of the machined.ai website (the "Website") operated by Sibu Ventures Ltd ("us", "we", "our" or “Sibu Ventures”). By accessing or using the Website and/or the Service, you agree to this Privacy Policy.

We value your privacy and strive to protect your personal data in compliance with global privacy standards, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the California Consumer Privacy Act (CCPA).

Definitions

  • Personal Data: Information about an individual that can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
  • Usage Data: Data collected automatically, generated by the use of the Service or from the Service infrastructure itself (e.g., the duration of a page visit).
  • Cookies: Small files stored on your device (computer or mobile device) to enhance your user experience.
  • Data Controller: For the purposes of this Privacy Policy, we are the Data Controller of your Personal Data.
  • Data Processors (Service Providers): Any natural or legal person who processes the data on behalf of the Data Controller.
  • Data Subject (User): Any living individual who is using our Service and is the subject of Personal Data.

Data Controller

Sibu Ventures Ltd (“Sibu Ventures”, “we”, “us”, or “our”) is the Data Controller responsible for your personal data.

Registered Office: Suite A, 82 James Carter Road, Mildenhall, IP28 7DE, United Kingdom
Company Number: 14958943
Contact: privacy@machined.ai

Types of Data Collected

(a) Personal Information You Disclose to Us

We collect personal information that you voluntarily provide when you register, express interest in obtaining information, use our services, or contact us. This may include:

  • Contact Information: Name, address, email address, and telephone number.
  • Credentials: Passwords and authentication data.
  • Payment Information: Payment instrument details (e.g., credit card number). Payment data is processed by our payment provider Stripe and not stored on our servers.

(b) Information Automatically Collected

  • Usage Data: Includes your IP address, browser type and version, pages visited, date/time of visit, time spent on pages, and device identifiers.
  • Location Data: If enabled, we may collect and use location data to provide location-based services. You can enable or disable location services at any time via your device settings.

(c) Tracking Technologies and Cookies

We use cookies and similar tracking technologies (e.g., beacons, tags, and scripts) to track activity and store information. We use a cookie consent tool that allows you to accept or reject non-essential cookies in compliance with the UK Privacy and Electronic Communications Regulations (PECR) and GDPR.

How We Use Your Information

We process your personal data to:

  • Provide, maintain, and improve our Service
  • Notify you about updates and changes
  • Enable participation in interactive features
  • Provide customer care and support
  • Conduct analytics to improve performance
  • Monitor and prevent security or technical issues
  • Fulfil contractual obligations and process payments
  • Comply with legal requirements

Lawful Basis for Processing

Under both the UK GDPR and EU GDPR, we rely on one or more of the following lawful bases:

PurposeLawful Basis
Account registration and service deliveryPerformance of a contract (Art. 6(1)(b))
Marketing communicationsConsent (Art. 6(1)(a))
Analytics and service improvementLegitimate interests (Art. 6(1)(f))
Legal and compliance obligationsLegal obligation (Art. 6(1)(c))
Fraud prevention and securityLegitimate interests (Art. 6(1)(f))

Administrative Access

We may access your personal data to:

  • Provide customer support and assistance. This includes responding to your inquiries, requests for technical support, and other customer support requests.
  • Investigate and respond to complaints or concerns. This includes investigating and responding to complaints or concerns about our Service, including complaints or concerns about the completenes or accuracy of the information we have collected about you.
  • Ensure compliance with our policies and legal requirements such as the GDPR and other data protection laws.
  • Protect our rights and property. This includes protecting our rights and property, including our intellectual property rights and our property rights.

This access is required for us to provide you the best possible service and to comply with our legal obligations. The access is limited to the minimum necessary to perform the tasks described above.

Sharing Your Personal Information

We may share your personal information with:

  • Service Providers and Vendors: Third parties performing services on our behalf (hosting, analytics, payments, support).
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.
  • Legal Requirements: When disclosure is necessary to comply with law, protect rights, prevent fraud, or ensure safety.

We have Data Processing Agreements (DPAs) in place with all service providers to ensure they process data only under our instructions and in compliance with GDPR standards.

Our key service providers and safeguards:

  • Bubble.io (US) - hosting and app infrastructure - SCCs + DPA
  • Stripe (UK/US) - payment processing - SCCs + DPA
  • Intercom (US) - support messaging - SCCs + DPA
  • Datadog / PostHog - analytics and monitoring - SCCs + DPA

Your data is stored on cloud infrastructure operated by these providers.

Copies of the relevant SCCs can be requested by emailing privacy@machined.ai

Payments

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy.

These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are: Stripe

Their Privacy Policy can be viewed at https://stripe.com/us/privacy

Retention of Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Account data: Retained while your account is active and for up to 3 years after closure.
  • Payment records: Retained for 7 years to comply with tax and accounting laws.
  • Marketing data: Retained until consent is withdrawn, with inactive contacts reviewed after 2 years.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK or EEA.

We ensure appropriate safeguards are in place, including:

  • The UK International Data Transfer Addendum (IDTA), or
  • The EU Standard Contractual Clauses (SCCs).

The UK has been recognised by the European Commission as providing an adequate level of protection (Commission Implementing Decision (EU) 2021/1772), so transfers from the EEA to the UK are permitted without additional safeguards.

Copies of relevant safeguards may be requested at privacy@machined.ai.

Your Privacy Rights

Depending on your location, you have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): Request deletion of your personal data.
  • Restriction: Request limited processing of your data.
  • Data Portability: Receive your data in a structured, commonly used format.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdrawal of Consent: Withdraw consent at any time (without affecting prior processing).

To exercise any of these rights, email us at privacy@machined.ai. We will respond within 30 days as required under the GDPR.

You also have the right to lodge a complaint:

  • UK residents: With the Information Commissioner’s Office (ICO) – https://www.ico.org.uk
  • EEA residents: With your local data protection authority.

EU Representative

If and when required under Article 27 of the EU General Data Protection Regulation (GDPR), Sibu Ventures Ltd will appoint a representative within the European Union to act as our contact point for supervisory authorities and data subjects in the EU.

This representative will handle any GDPR-related inquiries or data subject requests concerning our processing of personal data of individuals located in the European Economic Area (EEA).

At present, Sibu Ventures Ltd does not conduct large-scale or regular processing of EU personal data, and such processing (if any) is considered occasional and low-risk. Therefore, no EU representative has been appointed at this time.

If this status changes, the contact details of our appointed EU representative will be published in this Privacy Policy and on our website’s legal notice page.

CCPA Privacy Rights (California Residents)

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

  • Know the categories of personal information we collect and how it is used
  • Request deletion of personal information
  • Opt out of the sale or sharing of personal information (we do not sell personal data)
  • Receive equal service and price even if privacy rights are exercised

Requests can be made by emailing privacy@machined.ai.

Children’s Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with data, contact us immediately at privacy@machined.ai, and we will delete it promptly.

Security of Data

We use industry-standard security measures to protect your personal data. However, no online transmission or storage system is completely secure, and we cannot guarantee absolute security.

Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

Our Service may contain links to third-party websites. We are not responsible for their content or privacy practices. Please review their privacy policies before providing any personal information.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated “Last Updated” date. Continued use of our Service after such updates constitutes your acceptance of the new terms.

Contact Us

For any questions about this Privacy Policy or your personal data, please contact us:

  • Email: privacy@machined.ai
  • Address: Sibu Ventures Ltd, Suite A, 82 James Carter Road, Mildenhall, IP28 7DE, United Kingdom