AI and Automated Decision-Making Notice

Version 1.1 | Last Updated: 22 April 2026 | Effective Date: 22 April 2026

Plain-language summary (not legally binding). We use AI for two things today: (1) assigning category labels to posts so the feed is more relevant, and (2) algorithmic ranking of feed content. Both are disclosed below. No AI decision we take has legal or similarly significant effects on you. You can always switch to a chronological feed (My Gryd tab), change your interests, and object to AI-assisted ranking. We do not train AI models on your data, and we require our AI providers not to train on it either. Under the EU AI Act, our systems are not classified as high-risk.

This Notice supplements our Privacy Policy (see Section 7) and our Terms and Conditions (see Section 11). It provides transparency about our use of artificial intelligence, machine learning, and automated decision-making in line with GDPR Articles 13-15 and 22, UK GDPR, LGPD Articles 9 and 20, the Digital Services Act (Regulation (EU) 2022/2065) Article 27, and the EU AI Act (Regulation (EU) 2024/1689) Article 50 transparency obligations, as applicable.

1. Where We Use AI and Automated Systems

System	Purpose	Automation level	Human review
Post categorisation (Anthropic Claude Haiku)	Assign content category labels to posts	Fully automated at scale	Re-categorisation on request
Algorithmic feed ranking	Order posts in "For You" and similar feeds	Fully automated	Chronological alternative available in My Gryd tab
Gryd Score calculation	Compute engagement metric for profile display and ranking	Fully automated	—
Signal proximity matching	Match network signals to nearby users within radius	Fully automated	User controls visibility, radius, and opt-in
Moderation classifiers (first-party rule-based and keyword systems)	Surface suspected policy violations for human review	Automated detection	Human moderator makes final decision in nearly all cases
Known-hash CSAM matching (planned — see Child Safety Standards §3)	Match uploads against known-hash databases such as NCMEC PhotoDNA or Project Arachnid Shield and block or remove matches	Automated detection and provisional block at upload, once integrated; human review before permanent account action, except where mandatory law requires immediate preservation and reporting	Appeal route under Terms §18c; evidence preserved for competent-authority reporting
Fraud and abuse detection (login anomalies, bulk-account creation, purchased engagement patterns)	Flag and in some cases restrict suspicious accounts	Partly automated	Human review on appeal; automated provisional restriction

2. AI Providers We Use

2a. Anthropic

We use Anthropic PBC's Claude family of large language models for post categorisation. Current model: Claude Haiku 4.5. Data sent to Anthropic is limited to: (a) the text content of a post (truncated to approximately 1,000 characters) and (b) a machine-generated description of attached media.

Your name, username, email, profile photo, account identifiers, and precise location are not sent to Anthropic. Anthropic is contractually prohibited from using our customer data to train its foundation models. Where our account supports it, we enable Anthropic's Zero Data Retention policy. Anthropic may retain processed data for short periods for abuse monitoring and service provision as set out in its Commercial Terms, Usage Policy, and Privacy Policy (published at anthropic.com/legal).

2b. Planned and Roadmap AI Services

We are evaluating the following services. None is routing personal data in production at the time of this Notice; we will update this Notice and the Sub-processors List, and, where the change is material, notify users before enabling any of them in production.

AWS Personalize: candidate recommendation for feed and signal surfaces
AWS Rekognition: image and video moderation classification
AWS Comprehend: text moderation and sentiment classification
AWS Neptune: graph-based similarity for connections and content
AWS SageMaker: internal training on de-identified aggregate data

3. Ranking Parameters (DSA Article 27)

For feed surfaces that are ranked by an automated recommender system, the main parameters (in approximate order of influence) are:

Your selected content interests (AI category alignment)
Connections and follows (who you have opted to see more of)
Normalised engagement rate (likes, comments, shares, dwell time, watch completion; reach-normalised so smaller accounts are not structurally disadvantaged)
Recency (newer content weighted higher, with category decay)
Author Gryd Score (slight influence)
Administrator-applied visibility boost (labelled when content would not have appeared organically)
Geographic proximity (for local-discovery surfaces)
Safety and integrity signals (de-ranking flagged or under-review content)

You can:

Switch to a purely chronological feed in the My Gryd tab
Change your interests, connections, and location in settings
Object to personalised ranking by emailing privacy@socialgryd.com; we will either honour the objection or explain why compelling legitimate grounds require us to continue (and offer further routes for you to object)

4. Profile Boost Labelling

Where an administrator has applied a ranking boost to a profile, the Platform labels any content delivered into a feed that would not have been delivered organically. Administrators may boost new creators, partners, verified event hosts, and accounts participating in launch or promotional campaigns. Boost multipliers and durations are logged and audited. See Terms Section 12 for the administrator-action disclosure and Privacy Policy Section 8.

5. No Solely-Automated Decisions With Legal Effect

Under GDPR Article 22 and its equivalents, you have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significantly affects you. We do not take such decisions. Specifically:

Ranking, categorisation, and recommendation are not "legal-effect" decisions.
Provisional automated restrictions (e.g., temporary rate-limits, cautionary interstitials) are not final decisions: a human moderator reviews and confirms before any permanent restriction that would affect your ability to use the Platform.
Where hash-matching CSAM detection is integrated (see Child Safety Standards §3), a provisional block or removal on a known-hash match falls within GDPR Article 22(2)(b) and (2)(a) (necessary to comply with a legal obligation and/or for substantial public-interest reasons); suitable safeguards under Article 22(3) apply, including the right to contest the decision and obtain human review, and evidence is preserved for competent-authority reporting in accordance with our Law Enforcement Guidelines.
Signal proximity matching operates on your opt-in parameters and does not make decisions about you — it only surfaces possible matches.

If you believe any automated processing has significantly affected you, contact dpo@socialgryd.com. We will provide meaningful human review, an explanation of the logic applied, and the right to contest the decision.

6. AI-Generated Content Disclosure

SocialGryd does not currently generate user-facing AI-generated text, images, audio, video, or avatars on behalf of users. If we introduce AI-generated content features (for example, AI caption suggestions or image generation), we will (a) label AI-generated output clearly, in line with EU AI Act Article 50 transparency obligations; (b) obtain consent where required; (c) update this Notice before rollout; and (d) not pass user data to generative models for training.

7. No Training on Your Data

We do not train any foundation model on your content, messages, profile, or behavioural data. We require our AI sub-processors by contract not to train their foundation models on our customer data. Internal ML work on de-identified aggregate data (for example, cohort analysis and product metrics) may be performed; re-identification is prohibited by internal policy and sub-processor contracts.

8. Risk Management and AI Act Classification

Under the EU AI Act, none of the AI systems described in this Notice is, in our current assessment, a high-risk AI system within the meaning of Annex III. Our systems are categorised as: (a) limited-risk (content categorisation and recommender systems — Article 50 transparency applies), and (b) minimal-risk (fraud and abuse detection supporting human moderators). We monitor the Act's implementing acts and harmonised standards and will update our classification if the legal position changes.

9. Your Rights

Right to information about the logic, significance, and envisaged consequences of automated processing
Right to human review of decisions where automation has significantly affected you
Right to object to processing based on legitimate interests, including personalised ranking
Right to rectification of AI-assigned category labels that are inaccurate
Right to withdraw consent where AI processing depends on consent
Right to complain to the Estonian Data Protection Inspectorate or your local supervisory authority

Exercise these rights by emailing privacy@socialgryd.com or dpo@socialgryd.com.

10. Changes to This Notice

We will update this Notice when we change our AI or automated-processing practices. Material changes will be notified in accordance with Privacy Policy Section 33. We will keep superseded versions available on request.

11. Contact

Data Protection Officer: dpo@socialgryd.com
Privacy requests: privacy@socialgryd.com
Legal: legal@socialgryd.com

SocialGryd Limited, Narva mnt 5, Kesklinna linnaosa, Tallinn, Harju maakond 10117, Estonia.