MicroAGI / GoShift
Privacy Policy
Last updated: March 2026
1. Purpose and Scope of the Policy
This Privacy Policy has been prepared to define the procedures and rules governing data processing activities carried out within the GoShift Platform (the “Platform”) operated by MicroAGI GmbH, having its registered office at Jülicher Strasse 209 q/s, 52070 Aachen, Germany (the “Company”), the processing of content submitted to the Platform, the transfer of data to third parties, and the rules for its use in artificial intelligence systems.
This Policy does not in itself constitute an information obligation within the meaning of Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”) and the Act of 10 May 2018 on the Protection of Personal Data. Detailed information regarding the processing of your personal data, the legal bases, retention periods, and applicable rights is contained in a separate Information Clause provided by the Company.
The Policy covers the data processing architecture of the Platform, the rules separating Platform Data from Operational Data, matters of intellectual property transfer, the terms of commercial use and licensing, and provisions regarding the transfer of data to third parties.
2. Nature of the Platform and Data Processing Rules
For the purposes of this Policy, the Platform constitutes a technical infrastructure for generating and processing technical data necessary for the development of robotic systems, artificial intelligence algorithms, and machine learning models. The Platform is not a personal data processing system in the classical sense — the processing of personal data is not its primary purpose. To the extent that personal data is processed, it is processed on the legal bases set out in Article 6 GDPR (and, where applicable, Article 9 GDPR).
Data processed on the Platform falls into two distinct categories:
Platform Data — technical content generated and submitted by Users via the Platform, including video recordings, images, audio recordings, and sensor readings. The primary purpose of Platform Data is not to generate personal data — it constitutes objective, technical input material necessary for the development of robotic systems and AI models. Platform Data is processed without the intention of transferring personal data, and with technical measures applied to eliminate such character.
Operational Data — identification, contact, and financial data processed to the extent necessary for the technical operation of the Platform, the management of User accounts, the handling of payment and invoicing processes, and the fulfilment of legal obligations. Operational Data does not constitute input material for AI training processes and is not combined with Platform Data.
The two categories are independent of each other in terms of processing purposes, legal bases, and applied technical procedures, and are not combined.
3. Flow of Data Processing Operations
3.1 Technical Verification and Data Cleansing
Every piece of content submitted to the Platform undergoes technical verification before being included in AI training processes. During verification:
- Elements containing personal data are identified — in particular images of faces, license plates, or footage of sensitive areas;
- Identified elements are masked, blurred, or entirely removed from the content;
- Where necessary, the entire content is rejected and excluded from the dataset.
This process is carried out by both automated systems and human review.
3.2 Dataset Creation and Classification
Content that has successfully passed technical verification is classified, labelled, and combined with other data to form AI training datasets. At this stage, content is associated with a technical data cluster rather than with an individual User.
3.3 Use in AI Model Training
Datasets are used to train, test, develop, and validate machine learning models. The resulting model weights, parameters, and algorithmic outputs are technical in nature — because they are derived from anonymised or aggregated data, they do not contain personal data in a form that would allow re-identification of the data subject.
3.4 Rights of Data Subjects
Users have the rights set out in Articles 15–22 GDPR, including the right of access, rectification, erasure (the “right to be forgotten”), restriction of processing, the right to data portability, and the right to object.
Where content has been irreversibly anonymised before being included in a training dataset, it ceases to constitute personal data within the meaning of GDPR, and the rights of access and erasure do not apply to it. Where content remains identifiable, the User may exercise the right to erasure in accordance with Article 17 GDPR.
4. Intellectual Property Rights and Data Ownership
All content submitted to the Platform by a User — together with all intellectual and industrial property rights existing in such content prior to its submission or arising at the moment of submission — passes exclusively to the Company at the moment of submission. All economic copyrights (within the meaning of the Act of 4 February 1994 on Copyright and Related Rights), related rights, database rights (within the meaning of the Act of 27 July 2001 on the Protection of Databases), trade-secret rights, and all other intellectual property rights to such content are deemed transferred to the Company directly and irrevocably, without the need for any further action or formality, on all fields of exploitation known at the time of submission.
All rights of ownership, use, processing, reproduction, distribution, transfer, and licensing in respect of any derivative works arising from the submitted content — including datasets, AI models, model weights, parameters, algorithms, trained models, and any technical or commercial products derived therefrom — vest exclusively and irrevocably in the Company.
The User acknowledges and declares that the remuneration received in exchange for the submitted content constitutes full, final, and irrevocable consideration for all transferred rights and for all permitted uses thereof, including data processing, model training, and commercial exploitation. The User is not entitled to any claim based on copyrights, ownership, licence fees, revenue share, or any other proprietary claim in this respect.
Moral rights of the author, which under Polish law cannot be waived or transferred, remain with the author. The User, however, authorises the Company — irrevocably, for an indefinite period, without territorial restrictions, and without remuneration — to exercise those rights on the User's behalf to the fullest extent permitted by law.
5. Commercial Use and Licensing Terms
The Company is entitled to use the data, content, and all derivative works obtained via the Platform without any limitations as to time, territory, scope, purpose, or sector — including but not limited to the following — unilaterally and without the need to obtain further User consent:
- Development, training, testing, and commercialisation of AI, machine learning, and robotics products;
- Creating, updating, enriching, and combining datasets with other data sources;
- Licensing, transferring, selling, or making available to third parties;
- Research and development activities and scientific publications.
These rights remain in force indefinitely, regardless of termination of the contractual relationship for any reason, the User's departure from the Platform, or removal of content from the Platform. The Company may transfer these rights in whole or in part to third parties or grant further licences.
6. Data Sharing and Categories of Recipients
Platform Data and Operational Data may be disclosed to the following categories of recipients, in each case — where the recipient acts as a processor — on the basis of a written data-processing agreement meeting the requirements of Article 28 GDPR:
Technical Infrastructure Providers. Cloud service providers are used for the storage and processing of data. Other secure cloud platforms are also used where needed. Data is stored on these infrastructures in encrypted form.
Business Partners, Affiliates, and Group Companies. National and international business partners and group companies participating in the Company's AI development processes may access data solely to the extent required by the relevant technical process.
Financial and Legal Service Providers. Banks and payment institutions — for the handling of payments; financial advisors — for accounting and audit purposes; advocates, legal counsel, and competent authorities — for the purposes of legal proceedings.
Competent Public Authorities. Data may be disclosed to competent public institutions and authorities, including the President of the Personal Data Protection Office and judicial authorities, where required by law. No disclosure takes place without a legal basis.
7. International Data Transfers and Legal Safeguards
Due to the technical architecture of the Platform, data may be processed and stored on servers located outside the European Economic Area (EEA), including in countries where the Company's group companies and infrastructure providers operate.
Transfers of personal data to third countries not covered by a European Commission adequacy decision within the meaning of Article 45 GDPR are carried out on the basis of appropriate safeguards provided for in Article 46 GDPR — in particular Standard Contractual Clauses (SCCs) adopted by the European Commission — supplemented, where necessary, with additional technical and organisational measures following a transfer impact assessment.
8. Technical and Organisational Data Security Measures
The Platform applies the following technical and organisational security measures in accordance with Article 32 GDPR:
- End-to-end encryption in transit and at rest;
- Access authorisation and role-based access control;
- Regular security audits and penetration tests;
- Procedures for notifying personal-data breaches to the President of UODO within 72 hours in accordance with Article 33 GDPR, and for notifying data subjects in accordance with Article 34 GDPR where a breach is likely to result in a high risk to their rights and freedoms.
Given the nature of the online environment, no system can guarantee absolute security. Users are responsible for the security of their own account access credentials.
9. Legal Obligations of the User
Each User submitting content to the Platform represents and warrants that the submitted data is lawful, does not infringe the rights of third parties (including rights to the personal data and image of persons captured in such content), and that the User has the right to dispose of such data. Where submitted content contains images of identifiable individuals, the User warrants that they hold all necessary consents or other legal bases required by GDPR. Full legal liability for breach of this undertaking rests solely with the User.
10. Effective Date and Amendments to the Policy
This Policy may be updated in response to technological developments, changes in law, or the needs of the Platform. Users will be informed of any material changes in advance by email; the current version of the Policy is at all times made available on the Platform.
11. Governing Law and Jurisdiction
Polish law applies to disputes arising from this Policy. The competent court is the court of the place of residence of the User who is a consumer; in other cases, the competent court is determined in accordance with the Polish Code of Civil Procedure. GDPR applies to the processing of personal data of persons located in the European Union.