UNREALITY BY META
Privacy Policy
Effective Date: May 12, 2026
Unreality is operated by METAx LLC (“Unreality,” “we,” “us,” or “our”).
The Short Version
Unreality is a creative collaboration platform built for artists, designers, and technologists. Here is what you need to know about your data:
We collect what we need to run the platform — your account info, the content you create, and basic usage data.
We do not sell your personal information. Ever.
We do not use your content or data to train AI models.
We use a small number of third-party services to operate the platform (hosting, analytics, email delivery). We list every one of them below.
You can delete your account at any time, and we will delete your personal data and media files.
We set three cookies. That is it.
This Privacy Policy describes how we collect, use, and protect Personal Information that we receive and store about each visitor, creator, or customer (each, a “creator,” and specifically you, “you” or “your”) of our website at https://unreality.is , and of our affiliated websites, subdomains, mobile versions, and applications (collectively, the “Platform”), the use of which shall be subject at all times to the Terms of Use.
“Personal Information” means information that may be used, either alone or in combination with other information, to personally identify an individual or household. “Sensitive Personal Information” means Personal Information that may be considered sensitive under applicable Data Privacy Laws (defined below). Pursuant to US Data Privacy Laws, you have the right to request that Unreality limit the use or disclosure of your Sensitive Personal Information by contacting us at privacy@meta.is .
You may choose whether to provide Personal Information in connection with your use of the Platform. If you choose not to provide it, you may still visit and use parts of the Platform, but may be unable to access certain features. If you do not agree with the terms of this Privacy Policy, please do not use the Platform.
The Platform may contain links to websites or applications operated by third parties. We are not responsible for the content, performance, or privacy practices of those third parties, and you visit them at your own risk. Our inclusion of links to such third-party websites does not imply endorsement of their material, products, or services.
1. Information We Collect
1.1 Information You Provide
When you create an account and use Unreality, you provide us with:
Account information: username, email address, full name, display name, password (stored as a one-way hash — we never store your actual password), and mobile phone number (collected only if you choose to add one for SMS verification or SMS two-factor authentication)
Profile information: bio, location, timezone, profile and header images, skills, job titles, industry tags, and links to your external profiles
Content you create: posts, projects, moodboards, updates, comments, messages, job listings, and media files (images and video)
Employment information: employment history you choose to add, including position, department, dates, and achievements
Communication preferences: notification settings, email preferences, and marketing opt-in choices (if applicable)
1.2 Information Collected Automatically
When you use Unreality, we automatically collect:
Log files: IP address, Internet Service Provider (ISP), browser type and version, operating system, device type, date/time stamp, referring/exit pages, and clicked pages.
Login information: IP address, browser type and version, operating system, device type, and the date and time of your login. If geographic lookup is enabled, we may also determine your approximate location (country, region, city) from your IP address using the MaxMind GeoLite2 database. This data is retained for 2 years.
Usage data: pages viewed, actions taken, session duration, referrer source (including UTM parameters), and exit page. This data is collected through our own first-party analytics system (not a third-party analytics service) and retained for 2 years.
Device information: browser name and version, operating system, and device type, derived from your user-agent string.
1.3 Information Provided by Third Parties
We may from time to time collect information, including Personal Information, about you through non-affiliated third parties. If we introduce a payment processor for membership tiers or other paid features in the future, that processor may collect transaction information (such as payment method, associated account number, and billing address), which may be shared with us via encrypted and tokenized methods. We will update this section to identify the payment processor and link to its privacy policy before any such service is activated.
1.4 Information We Do Not Collect
We do not collect financial or payment card information directly.
We do not use third-party behavioral analytics services (such as Google Analytics) in production.
We do not embed third-party advertising or ad-tracking pixels.
2. How We Use Your Information
We use the information we collect to:
Operate the platform: authenticate your account, display your profile and content, deliver messages and notifications, and process media uploads
Improve the platform: analyze aggregate usage patterns to identify bugs, improve performance, and develop new features
Secure the platform: detect and prevent unauthorized access, abuse, and fraud through login monitoring, rate limiting, and session management
Communicate with you: send transactional emails (password resets, email change confirmations, invitation notifications), transactional SMS messages (phone-number verification links and, if you have enabled SMS two-factor authentication, sign-in codes and account security alerts), and, if you opt in, promotional updates about Unreality
Comply with law: fulfill obligations under applicable federal, state, local, and foreign laws, regulations, rules, judicial or governmental orders or requests, legal process, and treaties
We do not use your content or personal information to train artificial intelligence or machine learning models. This is stated in our Creator Bill of Rights and it will not change.
3. Cookies and Tracking
We use exactly three cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| unreality.sid | Session authentication — keeps you logged in | 30 days |
| csrf_token | Cross-site request forgery protection | 1 hour |
| unreality-cookie-consent | Stores your cookie preference choices | 1 year |
These are required cookies essential to operate the Platform. Because required cookies are essential to operate the Platform, there is no option to opt out of these cookies.
We do not use advertising cookies, cross-site tracking cookies, fingerprinting techniques, web beacons, pixels, or similar tracking technologies.
Cloudflare Web Analytics: In production, we load the Cloudflare Web Analytics beacon to measure page performance metrics (time to first byte, first contentful paint, interaction to next paint, cumulative layout shift). Cloudflare Web Analytics does not use cookies, does not track individual users across sites, and does not collect personal information.
Client-side storage: We store your cookie consent preference in localStorage as a backup. We do not use localStorage or sessionStorage for tracking purposes.
4. Third-Party Services
We use the following third-party services to operate Unreality. Each service receives only the minimum data necessary for its function.
| Service | Purpose |
|---|---|
| Amazon Web Services | Cloud infrastructure: application hosting, database, file storage, email delivery, media processing, encryption, and monitoring. All data is hosted in the United States region. |
| Cloudflare | Web analytics (production only). Collects aggregate page performance metrics. No personal information. |
| MaxMind | IP geolocation via a locally-hosted GeoLite2-City database. Your IP is looked up locally — no data is sent to MaxMind’s servers at runtime. |
| Google Workspace | Email delivery via Gmail API for transactional emails (password resets, notifications, invitations). |
Error tracking: We use self-hosted error tracking software on our own infrastructure. Error reports (stack traces, request metadata) are not sent to any third-party service.
We will comply with applicable law regarding Personal Information transfers and use commercially reasonable efforts to only engage or interact with third-party service providers that take appropriate measures to protect your Personal Information; however, it is the responsibility of each of those third-party service providers to comply with applicable law and their respective privacy policies.
We do not sell, rent, or share your personal information with any third party for their own marketing or advertising purposes.
5. How We Disclose Personal Information
5.1 Third-Party Service Providers
We may transfer Personal Information to our third-party service providers listed in Section 4 to perform tasks on our behalf and to assist us in providing the Platform.
5.2 Merger, Sale, or Change of Control
Unreality may assign or transfer its rights and/or delegate its obligations under this Privacy Policy and transfer any Personal Information to any third-party company or entity that either acquires or is acquired by Unreality, or is merged with or into Unreality, as part of a merger, acquisition, sale, bankruptcy proceeding, or other change of control.
5.3 Legal Disclosures
We may disclose Personal Information about you if required to do so by applicable law or if we believe in good faith that such disclosure is reasonably necessary or helpful to: (i) comply with legal process, (ii) enforce the Terms of Use, including investigations of potential violations thereof, (iii) detect, prevent, or address fraud or security issues, or (iv) protect the rights, property, or personal safety of Unreality, other Platform creators, and the public.
6. Data Security
We take the security of your data seriously. Our measures include:
Encryption in transit: all connections use TLS (HTTPS). Cookies are marked Secure and SameSite=Strict.
Encryption at rest: sensitive fields and database storage are encrypted at rest.
Password security: passwords are hashed using bcrypt with salt. We never store plaintext passwords.
Session security: sessions are stored server-side, not in cookies.
CSRF protection: all state-changing requests require a cryptographically random CSRF token.
Rate limiting: authentication and sensitive endpoints are rate-limited to prevent brute-force attacks.
Input validation: all user inputs are validated before processing.
Log sanitization: server logs automatically redact sensitive patterns (passwords, tokens, API keys).
No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Account and profile data | While your account is active. Deleted upon account deletion. |
| Content (posts, projects, moodboards, updates) | While your account is active. Deleted upon account deletion. |
| Media files (images, videos) | While your account is active. Deleted from storage upon account deletion. |
| Messages and conversations | Conversations are retained. Upon account deletion, your identity is removed (de-identified). |
| Login events (IP, device, geolocation) | 2 years from the date of the event. |
| Analytics and usage data | 2 years from the date of collection. |
| Deletion audit logs | 2 years from the date of account deletion. |
| Sessions | Automatically expired after 30 days of inactivity. |
When you delete your account, we begin the deletion process promptly. Some data may persist in encrypted backups for a limited period as part of our disaster recovery procedures, after which it is permanently removed.
We will not retain your Personal Information for longer than reasonably necessary for the purposes set out in this Privacy Policy or as required to comply with applicable law, respond to questions, complaints, or claims made by you or on your behalf.
8. Your Rights
Regardless of whether current privacy laws require it, we believe you should have control over your data. You can:
Access your data: view your account information, profile, content, and activity through the platform interface.
Correct your data: update your profile information, email address, and preferences at any time through your account settings.
Delete your data: delete your account through the platform. This will permanently remove your personal information, profile data, and media files.
Export your data: contact us at privacy@meta.is to request a copy of your personal data.
Opt out: manage your notification and email preferences in your account settings.
9. Notice to Residents of the European Union, European Economic Area, and United Kingdom
European Economic Area and United Kingdom data protection law requires a “lawful basis” for collecting and retaining Personal Information. Our lawful bases under Article 6, Section 1 of the EU General Data Protection Regulation 2016/679 (as amended, and as adopted by the United Kingdom, the “GDPR”) include:
Consent: where you have affirmatively provided consent to collect your Personal Information for a specific purpose.
Contract: where we need your Personal Information to comply with our contractual obligation to deliver the Platform.
Legal obligations: where the law requires us to collect and use your Personal Information.
Legitimate interests: where we have a good and fair reason to use your Personal Information in ways that do not materially impact your rights, freedoms, or interests — for example, to prevent abuse and keep the Platform secure, or to analyze how creators interact with the Platform to improve the experience.
As a resident of the EU, EEA, or UK, you may have the following rights:
If the processing of Personal Information is based on your consent, the right to withdraw consent at any time. This will not affect the lawfulness of any processing carried out before the consent was withdrawn.
The right to request access to and rectification of your Personal Information.
The right to object to or request restriction of the processing of your Personal Information.
The right to request erasure of your Personal Information.
The right to receive, in a structured, commonly used and machine-readable format, the Personal Information you have provided to us based on your consent or a contract and that is processed by automated means, and to have such Personal Information transmitted to another company where technically feasible (i.e., data portability).
To exercise any of these rights, contact Unreality’s Privacy Officer at privacy@meta.is or by mail at 169 Stewart Road, North Branch, NY 12766, United States of America.
If you are not satisfied with our response, you have the right to lodge a complaint about the processing of your Personal Information with your local data protection authority. If you are located in the United Kingdom, this is the Information Commissioner’s Office (ICO). If you are located in the European Economic Area, you can contact your national supervisory authority (e.g., the Commission Nationale Informatique & Libertés (CNIL) in France).
9.1 International Data Transfers
To communicate with you or provide the Platform or our other products and offerings, the information (including Personal Information) that we collect from you may be transferred to, stored, used, and processed by Unreality in the United States of America or by one of our service providers based inside or outside of the United States of America.
If you are visiting from the European Union, the broader European Economic Area, the United Kingdom, or other regions with laws governing information collection and use that may differ from those of the United States, please note that you are transferring your Personal Information to the United States. The laws of some countries may not provide the same levels of protection of Personal Information as your home country, particularly if you are resident in the EU, EEA, or UK.
We will take reasonable steps to ensure that information about you is treated securely in accordance with this Privacy Policy, and that all information you provide to us is stored on our secure servers or those of our service providers.
YOU ACKNOWLEDGE THAT THE LAWS OF THE UNITED STATES OF AMERICA AND ITS INDIVIDUAL STATES TREAT YOUR INFORMATION IN A MANNER THAT MAY BE SUBSTANTIALLY DIFFERENT FROM, AND LESS PROTECTIVE THAN, THE TREATMENT REQUIRED UNDER THE LAWS OF OTHER COUNTRIES AND JURISDICTIONS. IF YOU DO NOT WANT YOUR INFORMATION TRANSFERRED TO THE UNITED STATES OF AMERICA, YOU SHOULD NOT SHARE YOUR INFORMATION WITH US, OR MAKE USE OF THE PLATFORM.
TO THE EXTENT ALLOWED BY THE LAW OF THE COUNTRY IN WHICH YOU ARE LOCATED, YOU EXPRESSLY WAIVE ANY RIGHT YOU MAY HAVE TO REQUIRE US TO TREAT YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE LAWS OF ANY COUNTRY OR JURISDICTION OTHER THAN THE UNITED STATES OF AMERICA. HOWEVER, THE FOREGOING WAIVER MAY NOT BE LEGALLY BINDING IN SOME COUNTRIES, SUCH AS THE MEMBER STATES OF THE EUROPEAN UNION, THE BROADER EUROPEAN ECONOMIC AREA, OR THE UNITED KINGDOM. TO THE EXTENT IT IS NOT LEGALLY BINDING IN THE COUNTRY IN WHICH YOU ARE LOCATED, THE FOREGOING WAIVER DOES NOT APPLY TO YOU.
10. U.S. Consumer Privacy Rights
Depending on your U.S. state of residence, you may have additional privacy rights under applicable state laws, including the California Consumer Privacy Act (as amended by the California Privacy Rights Act), the Colorado Privacy Act, the Connecticut Personal Data Privacy and Online Monitoring Act, the Oregon Consumer Privacy Act, the Texas Data Privacy and Security Act, the Virginia Consumer Data Protection Act, the Montana Consumer Data Privacy Act, the Delaware Data Protection Act, the Iowa Data Protection Act, the Nebraska Data Privacy Act, the New Hampshire Privacy Act, the New Jersey Data Privacy Act, the Tennessee Information Protection Act, the Minnesota Consumer Data Privacy Act, the Maryland Online Data Privacy Act, the Indiana Consumer Data Protection Act, the Kentucky Consumer Data Protection Act, and the Rhode Island Data Transparency and Privacy Protection Act (collectively, “US Data Privacy Laws,” and together with the GDPR, “Data Privacy Laws”). For the purposes of this Section 10, Personal Information shall have the same meaning as “personal data” as such term is used under US Data Privacy Laws.
Although Unreality may not currently meet the thresholds that trigger mandatory compliance under all of these laws, we voluntarily extend the following rights:
10.1 Right to Know
You have the right to request that we disclose:
The categories of Personal Information we have collected about you;
The categories of sources from which we have collected Personal Information about you;
Our use of the Personal Information we have collected about you;
The business or commercial purposes for collecting Personal Information about you;
The categories of Personal Information disclosed about you, as well as the categories — and, if you are a resident of Oregon or Colorado, the names — of third parties to whom Personal Information was disclosed; and
The specific pieces of Personal Information collected about you for the twelve (12) months prior to the date of your request.
We are not required to respond to requests to know more than twice in a twelve (12)-month period.
10.2 Right to Delete
You have the right to request that we delete any Personal Information about you that we have collected and retained, subject to certain exceptions. We may deny your deletion request if retaining the Personal Information is necessary for us or our service provider(s) to:
Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug products to identify and repair errors that impair existing intended functionality;
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by applicable law;
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
Comply with an obligation under applicable law; and/or
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
10.3 Right to Correct
You have the right to request that we correct inaccurate Personal Information that we maintain about you. Upon receipt of a verifiable request, we will use commercially reasonable efforts to correct the information.
10.4 Right to Opt Out of Sale or Sharing
You have the right to opt out of the sale or sharing of your Personal Information and/or Sensitive Personal Information to third parties. We do not sell your Personal Information and have not done so in the preceding twelve (12) months. We have not disclosed any categories of Personal Information for a business purpose in the preceding twelve (12) months.
You have the right to request that we limit the use or disclosure of your Sensitive Personal Information. We process Sensitive Personal Information only where we have obtained your prior consent.
We will act upon opt-out requests as soon as reasonably practicable, but in no event later than fifteen (15) days from the date of our receipt of your request. Any Personal Information collected in connection with your request will be used only to facilitate that request. You may submit opt-out requests by emailing us at privacy@meta.is .
10.5 Right to Opt Out of Profiling
You have the right to opt out of “profiling” — the automated processing of Personal Information used to render decisions that could have a legal or similarly significant effect on a creator. Unreality does not engage in profiling as described above.
10.6 Right to Non-Discrimination
You have the right not to be discriminated against for exercising your privacy rights. Unless permitted by US Data Privacy Laws, we will not as a result of such exercise:
Deny you services;
Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties;
Provide you a different level or quality of services; or
Suggest that you may receive a different price or rate for services or a different level or quality of services.
10.7 Authorized Agents
You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney may submit a request on your behalf.
10.8 How to Submit Requests and Appeals
To make a request under any US Data Privacy Law, contact Unreality’s Privacy Officer at privacy@meta.is or by mail at 169 Stewart Road, North Branch, NY 12766, United States of America.
We reserve the right to verify all requests made pursuant to US Data Privacy Laws. Upon receipt of such request, we may ask you for additional information to verify your identity. Any additional information you provide will be used only to verify your identity and not for any other purpose.
We will acknowledge the receipt of your request within ten (10) days of receipt. Subject to our ability to verify your identity, we will respond to your request within forty-five (45) days of receipt. To protect your privacy and the security of Personal Information about you, we verify your request by requesting additional identifying information that will only be used to verify your identity and for no other purpose.
If we deny your request, residents of applicable states may appeal by emailing privacy@meta.is within forty-five (45) days of receipt of our written denial.
We will respond to an appeal within sixty (60) days of receipt for residents of Connecticut, Delaware, Iowa, Maryland, Montana, Nebraska, New Hampshire, Texas, Tennessee, and Virginia, and within forty-five (45) days of receipt for residents of Colorado, Minnesota, and New Jersey.
If your appeal is denied, you may contact your state’s Attorney General:
Connecticut: https://portal.ct.gov/AG/Common/Complaint-Form-Landing-page
Texas: https://consumerprotection.texasattorneygeneral.gov/consumercomplaintportal/s/flow/TCP_Complaint_Input_Data_Privacy
Maryland: https://www.marylandattorneygeneral.gov/Pages/CPD/Complaint.aspx
Montana: https://dojmt.gov/office-of-consumer-protection/consumer-complaints/
10.9 California Shine the Light
We do not disclose Personal Information to third parties for their direct marketing purposes. You may contact privacy@meta.is at any time for more information.
11. Children's Privacy
The Platform is not intended for children under the age of eighteen (18) and we do not knowingly collect, share, or sell Personal Information from children under the age of eighteen (18).
If you believe we might be in possession of any information from or about a person under the age of eighteen (18), please contact us at privacy@meta.is .
12. Communication Preferences
12.1 Email
We maintain a strict “no-spam” policy. When you create an account, you may receive transactional emails related to your account activity (password resets, email change confirmations, invitation notifications, collaboration requests). These are necessary for platform operation and cannot be fully disabled while your account is active.
You may also opt in to receive promotional communications about Unreality features and updates. You can manage these preferences in your account notification settings or unsubscribe via the link in any promotional email.
We will never send you marketing emails without your consent. If you are located in the UK or EEA, we will not contact you with marketing unless we have obtained your prior consent or are permitted by law (e.g., the “soft opt-in”).
If you have trouble unsubscribing, forward the email to privacy@meta.is with “Unsubscribe” in the subject line. You will be removed within ten (10) business days. Please note that we will not process any unsubscribe requests submitted as direct replies to an email communication from us.
12.2 SMS Messages
If you choose to add a mobile phone number to your account, we use it to send transactional SMS messages only. Specifically: (i) a one-time verification link or code when you add or change the number, and (ii) only if you separately enable SMS two-factor authentication in your account settings, sign-in one-time codes and account security alerts. We do not send marketing or promotional SMS, and we do not share your phone number with third parties for their marketing purposes.
SMS is sent from a registered toll-free origination number via our messaging provider (AWS End User Messaging). Your consent to receive these messages is captured at the moment you click “Continue” on the in-app phone-verification screen, where the following disclosure is displayed:
“By continuing, you consent to receive SMS verification codes from Unreality. Message & data rates may apply. Reply STOP to cancel SMS verification.”
You may opt out at any time by replying STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT to any SMS we send. The carrier and our messaging provider will suppress further messages immediately. Reply HELP or INFO to receive support contact information. Standard message and data rates from your mobile carrier may apply.
Opting out disables SMS verification and SMS two-factor authentication on your account. To re-enable, verify your phone number again from your account settings; SMS replies alone do not re-subscribe you.
Message frequency is event-driven: at most one verification message per phone-change request (rate-limited to three changes per account per rolling seven-day period), and one one-time code per sign-in attempt if SMS 2FA is enabled. Security alerts are sent only when a sensitive account event occurs (e.g., password change, sign-in from a new device).
13. Do Not Track Signals
Because we do not use third-party behavioral tracking technologies, Do Not Track signals do not change how our Platform operates. We do not track individual users across third-party websites.
14. Changes to This Policy
We reserve the right, at any time and from time to time, to add to, delete, and/or modify this Privacy Policy. We display the effective date at the top of this page, indicated by the “Effective Date” legend. Unless otherwise indicated, any changes to this Privacy Policy will apply immediately upon posting to the Platform.
If we make material changes that affect how we handle your personal information, we will notify you through the platform or by email. Your continued use of Unreality after a policy update constitutes your acceptance of the revised policy. You should review the provisions of this Privacy Policy on a regular basis so that you are aware of your rights.
15. Contact Us
If you have questions about this Privacy Policy or how we handle your data:
Email: privacy@meta.is
General support: support@meta.is
Mail: 169 Stewart Road, North Branch, NY 12766, United States of America
© 2026 METAx LLC. All rights reserved.