Includes everything you need to create and publish all the immersive experiences you can imagine.
$199
/month
For new users, includes 10K visits/ mo. Additional charge of $19.99/ mo. per add'l. 1K visits. Prices excl. taxes. Final price, incl. taxes, shown at checkout.
Tap our award-winning XR experts to design, build, and manage one-of-a-kind experiences for your brand.
iR Studio Editor
All the tools to build your 3D space, no coding required
Setup Wizard
Helpful assistant to guide you through the process
Ready-to-use 3D templates and design assests
Choose from our library to quickly design and customize your space
1-on-1 LIVE support
Talk to an expert for help building your space
Start Selling with Shopify
Seamlessly import all the functionality of your online store to the new 3D space
Custom Avatars
Let visitors express themselves with our collection of customizable characters
Platform Compatibility
Experience Immersive 3D on any device
Works in your current website
Drop a 3D experience right into your existing 2D site, using iframe
Analytics Dashboard
Measure and optimize your site's performance with data you own
Collaboration Tools
Manage team input through a shared project console
Multiplayer
Let visitors experience it together, connected by live text and voice
Custom Domains
Choose your own easy-to-share URL
iR Studio
What will you create today?
Includes everything you need to create and publish all the immersive experiences you can imagine.
iR Studio Editor
All the tools to build your 3D space, no coding required
Setup Wizard
Helpful assistant to guide you through the process
Ready-to-use 3D templates and design assests
Choose from our library to quickly design and customize your space
1-on-1 LIVE support
Talk to an expert for help building your space
Start Selling with Shopify
Seamlessly import your online store to the new 3D space
Custom Avatars
Let visitors express themselves with our collection of customizable characters
Platform Compatibility
Experience Immersive 3D on any device
Works in your current website
Drop a 3D experience right into your existing 2D site, using iframe
Analytics Dashboard
Measure and optimize your site's performance with data you own
Collaboration Tools
Manage team input through a shared project console
Multiplayer
Let visitors experience it together, connected by live text and voice
Custom Domains
Choose your own easy-to-share URL
$199
/month
For new users, includes 10K visits/ mo. Additional charge of $19.99/ mo. per add'l. 1K visits. Prices excl. taxes. Final price, incl. taxes, shown at checkout.
For new users, includes 10K visits/ mo. Additional charge of $19.99/ mo. per add'l. 1K visits. Prices excl. taxes. Final price, incl. taxes, shown at checkout.
This iR Studio Data Processing Agreement (Processor) (the “DPA”) is between you and Infinite Reality, Inc. (“Infinite Reality”), each a “Party” and collectively the “Parties.” All capitalized terms used but not defined herein will have the meanings ascribed to them in the iR Studio Terms of Service (the “Terms”). In the event of a conflict between the terms of this DPA and the Terms, the terms of this DPA shall prevail. This DPA governs all Processing of Your Personal Data by Infinite Reality as a Processor on your behalf in connection with the Terms.
1. Definitions. Unless otherwise defined herein, the capitalized terms used in this DPA shall have the following meaning:
1.1 “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
1.2 “Data Protection Laws” means all applicable laws or regulations throughout the world relating to data protection and privacy and which apply to the Processing of Your Personal Data in connection with the Terms, including without limitation the EU General Data Protection Regulation 2016/679 (“GDPR”) and the Swiss Federal Data Protection Act and its Ordinances, in each case, as may be amended, superseded or replaced.
1.3 “Data Subject” means an identified or identifiable natural person to whom the applicable Personal Data relates.
1.4 “Data Subject Request” means any request from a Data Subject to exercise its rights under applicable Data Protection Laws or your privacy policies or terms of service.
1.5 “De-Identified Data” means data that cannot be used to identify a specific Data Subject through any reasonable means.
1.6 “Personal Data” means any information relating to an identified or identifiable natural person where such information is protected similarly as personal data, personal information, or personally identifiable information under Data Protection Laws. “Personal Data” does not include De-Identified Data.
1.7 “Processing” means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data. The terms “Process,” “Processes,” and “Processed” will be construed accordingly.
1.8 “Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.
1.9 “Security Incident” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by Infinite Reality in connection with the Services.
1.10 “Services” means the products and services that Infinite Reality has agreed to provide pursuant to the Terms that involve the Processing of Your Personal Data.
1.11 “Sub-Processor” means any natural or legal person, public authority, agency or other body engaged by or on behalf of Infinite Reality or Infinite Reality’s affiliates to Process Personal Data in connection with the Terms.
1.12 “Your Personal Data” means any Personal Data Processed by Infinite Reality on your behalf in connection with your use of the Services.
2. Details of Processing.
2.1 Subject Matter. The subject matter of the Processing under this DPA is Your Personal Data. As between you and Infinite Reality, you shall be the Controller (either as the Controller, or acting in the capacity of a Controller, as a Processor, on behalf of another Controller) and Infinite Reality shall be the Processor with respect to Your Personal Data.
2.2 Categories of Data Subjects and Types of Personal Data. Any Personal Data, including the types of Personal Data and the categories of Data Subjects, submitted in the course of using the Services, is solely determined and controlled by you in your sole discretion.
2.3 Duration. The duration of the Processing corresponds to the duration of the Terms, unless otherwise agreed by the Parties in writing.
2.4 Nature and Purpose of the Processing. The purpose of the Processing under this DPA is the provision of the Services. Infinite Reality may Process Your Personal Data as is reasonably required to provide the Services or as may otherwise be required by applicable law.
3. Processing of Your Personal Data.
3.1 Infinite Reality will Process Your Personal Data only upon documented instructions from you, or as otherwise described in the Terms, this DPA, or as required by law.
3.2 You will ensure that your Processing instructions to Infinite Reality do not violate any applicable laws, including Data Protection Laws. You will notify Infinite Reality without undue delay if you are unable to comply with any of your obligations under this Section 3 or any Data Protection Laws.
3.3 Infinite Reality shall comply with all requirements under Data Protection Laws that apply to Infinite Reality’s Processing of Your Personal Data under the Terms. You shall refrain from any action that would prevent Infinite Reality from fulfilling its obligations under any applicable Data Protection Law. If Infinite Reality, in its sole discretion, (a) believes that an instruction from you violates any applicable Data Protection Law or (b) determines that it is unable to comply with any instruction from you or its obligations under this DPA, then Infinite Reality will notify you without undue delay and, in its sole discretion, stop all Processing. Infinite Reality is not liable to you for any failure to perform under the Terms that results from the invocation of this Section 3.3.
3.4 You shall comply with all requirements under Data Protection Laws that apply to your Processing of Personal Data under the Terms. You expressly acknowledge that Infinite Reality is not responsible for determining which laws or regulations are applicable to your business. You are solely responsible for determining that the Services and the terms of this DPA meet your contractual and legal obligations.
3.5 You (a) are solely responsible for the accuracy of Your Personal Data, and if you become aware that any of Your Personal Data that you have transferred or received is inaccurate, or has become outdated, you shall inform Infinite Reality without undue delay, and (b) have all necessary authority, rights, and permissions to transfer or provide access to Your Personal Data to Infinite Reality for Processing in accordance with the terms of the Terms.
3.6 Upon termination or expiration of the Services, Infinite Reality will delete or return all Your Personal Data (including copies thereof), unless Infinite Reality is required to maintain Your Personal Data pursuant to applicable law, provided that nothing herein shall require Infinite Reality to delete any Your Personal Data archived on back-up systems.
4. Data Security.
4.1 Infinite Reality shall take all commercially reasonable steps, at your expense, to enable you to comply with your obligations as a Controller under applicable Data Protection Laws, taking into account the nature of the Processing and the information available to Infinite Reality, provided that nothing herein shall require Infinite Reality to make the Services compliant for your specific use.
4.2 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Infinite Reality shall in relation to Your Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, the measures described in Annex I to this DPA. Notwithstanding anything to the contrary herein, Infinite Reality may modify or update the security measures described in Annex I at its discretion provided that such modification or update does not result in a material degradation in the protection offered by such security measures described in Annex I. You are responsible for independently determining whether the data security provided for in the Services adequately meets your obligations under applicable Data Protection Laws. You expressly acknowledge that Infinite Reality provides security features and functionality that you can use to protect Your Personal Data.
4.3 You shall implement and maintain appropriate technical and organizational measures to ensure the security of Your Personal Data, including protection against Security Incidents, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purpose of Processing.
4.4 Infinite Reality shall grant access to Your Personal Data to members of its personnel only to the extent necessary for the implementation, management and monitoring of the Terms. Infinite Reality shall ensure that persons authorized to Process Personal Data on behalf of Infinite Reality are subject to appropriate confidentiality obligations (whether a contractual or statutory duty).
4.5 If Infinite Reality becomes aware of a Security Incident, it shall (a) use commercially reasonable efforts to notify you without undue delay and (b) take appropriate measures to address the Security Incident as may be required by applicable law. At your request and expense, Infinite Reality will provide you with reasonable assistance as necessary to enable you to comply with applicable Data Protection Laws, including notifying competent authorities and/or affected Data Subjects about relevant Security Incidents, if you are required to provide such notice under applicable Data Protection Laws.
4.6 Infinite Reality’s obligation to report or respond to a Security Incident under this Section 4 is not and will not be construed as an acknowledgement by Infinite Reality of any fault or liability with respect to the Security Incident.
5. Documentation and Compliance.
5.1 Each Party shall make available, upon request, to the other Party all information reasonably necessary to demonstrate such Party’s compliance with its obligations under this DPA. At your request, Infinite Reality shall allow for and contribute to audits, including inspections, conducted by you or your auditor to assess compliance with your obligations under this DPA. For the avoidance of doubt, nothing in this DPA gives you the right to conduct an audit of Infinite Reality’s business, systems, or services.
5.2 Taking into account the nature of the Processing and the information available to Infinite Reality, Infinite Reality shall reasonably assist you in complying with your obligations with respect to data protection impact assessments and prior consultations under applicable Data Protection Laws.
6. Use of Sub-Processors.
6.1 You generally authorize Infinite Reality to engage Sub-Processors. Infinite Reality’s current Sub-Processors are listed in Annex II to this DPA. Infinite Reality shall provide you with advanced notice in writing of any intended changes to that list through the addition or replacement of Sub-Processors, giving you the opportunity to object to such changes prior to the engagement of the Sub-Processor(s). Infinite Reality shall provide you with the information necessary to enable you to exercise your right to object. If you object to the engagement of a new Sub-Processor, the Parties will discuss your concerns in good faith to identify a commercially reasonable resolution. If no such resolution can be reached, Infinite Reality may either, in its sole discretion, not engage the new Sub-Processor or permit you to suspend or terminate the affected Service in accordance with the termination provisions of the Terms without liability to either Party (but without prejudice to any fees incurred by you prior to suspension or termination).
6.2 If Infinite Reality engages a Sub-Processor to carry out specific Processing activities on your behalf, Infinite Reality shall enter into a written contract with such Sub-Processor that is at least as protective of Your Personal Data as in this DPA. Infinite Reality shall remain responsible for the Sub-Processor’s compliance with its applicable data protection obligations under this DPA.
7. Data Subject Rights.
7.1 Infinite Reality shall notify you of any Data Subject Request it has received from a Data Subject. You shall be solely responsible for responding substantively to any such request. You authorize on your behalf, and on behalf of your Controllers when you are acting as a Processor, Infinite Reality to respond to any Data Subject who makes a request to Infinite Reality to confirm that Infinite Reality has forwarded the request to you and/or to advise the Data Subject to submit their request to you.
7.2 To the extent you are unable to independently address a Data Subject Request, Infinite Reality shall provide, upon written request from you and at your expense, commercially reasonable assistance to you as is necessary to allow you to respond to a request from a Data Subject.
8. Data Transfers.
8.1 You acknowledge and agree that Infinite Reality may access and Process Your Personal Data on a global basis as necessary to provide the Services in accordance with the Terms. If Your Personal Data that is subject to GDPR is transferred to any country outside of the European Economic Area (EEA) that is not recognized by the European Commission as providing an adequate level of protection for Personal Data, either directly or via onward transfer (each a “Data Transfer”), then Module Two terms (to the extent you are a Controller of Your Personal Data) or Module Three terms (to the extent you are a Processor of Your Personal Data) of the Standard Contractual Clauses shall apply, provided, however, the Standard Contractual Clauses will not apply to a Data Transfer if (a) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the Processing in question, (b) the Data Transfer is necessary for the establishment, exercise or defense of legal claims in the context of specific administrative, regulatory or judicial proceedings; or (c) the Data Transfer is necessary in order to protect the vital interests of the Data Subject or of another natural person.
8.3 If the Module Two or Module Three terms apply, (a) in Clause 7, the optional docking clause shall not apply, (b) in Clause 9, Option 2 will apply and the process for providing notice for Sub-Processor changes will be as set forth in Section 6 of this DPA, and the time period for objections will be thirty (30) days, (c) in Clause 11, the optional language will not apply, (D) in Clause 17, the EU Standard Contractual Clauses will be governed by the laws of the Federal Republic of Germany, and (e) in Clause 18(b), disputes relating to this DPA shall be resolved in the courts of the Federal Republic of Germany.
9. General Provisions.
9.1 Entire Terms; Severability. This DPA constitutes the entire agreement between the Parties concerning the subject matter hereof and supersedes any and all oral or written agreements or understandings between the Parties, as to the subject matter of this DPA. In the event of a conflict between this DPA and the Terms, this DPA will govern and control with respect to the subject matter of this DPA. If any term of this DPA is deemed invalid or unenforceable, such term shall be deemed reformed or deleted, as the case may be, but only to the extent necessary to comply with the applicable law, rule or regulation, and the remaining provisions of this DPA shall remain in full force and effect.
9.2 Waiver. The waiver of a breach of any provision of this DPA will not operate or be interpreted as a waiver of any other or subsequent breach.
9.3 Amendment. Notwithstanding anything to the contrary herein, Infinite Reality reserves the right to amend or modify this DPA, in its sole discretion, by posting a revised version, which shall become effective and binding the next business day after it is posted.
9.4 Liability. This DPA does not provide any basis for you or any other person to recover damages of any type other than those set forth in the Terms and subject to all limitations set forth therein.
9.5 Governing Law. This DPA is governed by the law stipulated in the Terms, except to the extent required by applicable Data Protection Laws, in which case the jurisdiction set forth in the applicable Data Protection Law applies.
9.6 Notices. All notices and communications given under this DPA (a) to Infinite Reality shall be provided in accordance with the notice requirements set forth in the Terms and (b) to you shall be provided by email sent to the address related to your use of the Services under the Terms.
9.7 Authorization. You represent that you are authorized to agree to and enter into this DPA for and on behalf of yourself, and as applicable, your affiliates.
ANNEX I: TECHNICAL AND ORGANIZATIONAL MEASURES
Infinite Reality has implemented and maintains appropriate technical and organizational measures, which include those measures described below:
Organizational management and dedicated staff responsible for the development, implementation and maintenance of Infinite Reality’s information security program.
Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to Infinite Reality’s organization, monitoring and maintaining compliance with Infinite Reality’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
Data security controls which include, at a minimum, logical segregation of data, restricted (e.g. role-based) access and monitoring, and utilization of commercially available industry standard encryption technologies for Personal Data that is transmitted over public networks (i.e. the Internet) or when transmitted wirelessly or at rest or stored on portable media (i.e. laptop computers).
Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access promptly when employment terminates or changes in job functions occur).
Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that Infinite Reality’s passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on Infinite Reality’s computer systems; (iii) must have defined complexity; and (iv) newly issued passwords must be changed after first use.
Physical and environmental security of data centers, server room facilities and other areas containing Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons into and out of Infinite Reality’s facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.
Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from Infinite Reality’s possession.
Change management procedures designed to test, approve and monitor all material changes to Infinite Reality’s technology and information assets.
Incident management procedures designed to allow Infinite Reality to investigate, respond to, mitigate and notify of events related to Infinite Reality’s technology and information assets.
Network security controls designed to protect systems from intrusion and limit the scope of any successful attack.
Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
Disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergencies or disasters.
ANNEX II: LIST OF SUB-PROCESSORS
The Sub-Processors listed below have been engaged by Infinite Reality on or before the Effective Date, and may assist in Processing Your Personal Data.
