Privacy Policy
Last updated: March 4, 2026
1. Introduction
This Privacy Policy explains how Sopia ("we", "us", "our") collects, uses, and protects your personal data when you use our Service at sopia.xyz. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).
2. Data We Collect
We collect the following categories of data: Account data: email address, full name, and password (hashed). Organization data: organization name, member roles, and invitations. Usage data: SOPs created, checklists, execution history, AI interactions, and help requests. Technical data: browser type, IP address (anonymized), and session information. We do not collect payment information directly โ payments are handled by third-party processors.
3. How We Use Your Data
We use your data to: Provide and operate the Service, including AI-generated SOP creation and operator guidance. Manage your account and organization membership. Send transactional emails (account confirmation, invitations, escalation notifications). Improve the Service through aggregated, anonymized analytics. Comply with legal obligations. We do not sell your personal data to third parties. We do not use your data for advertising purposes.
4. AI Data Processing
When you use our AI features (SOP generation, AI help system), your process descriptions and questions are sent to third-party AI providers (Anthropic) for processing. This data is used solely to generate responses and is not used to train AI models. We do not share your organizational data or personally identifiable information with AI providers beyond what is necessary to generate the requested content.
5. Data Storage and Security
Your data is stored on Supabase servers located in the European Union (EU-West-1, Ireland). All data is encrypted in transit (TLS) and at rest. Row-level security policies ensure that each organization can only access its own data. We implement industry-standard security measures to protect against unauthorized access, alteration, disclosure, or destruction of your data.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. After trial expiration, your data is preserved and remains accessible if you subscribe. If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law. Anonymized and aggregated data may be retained indefinitely for analytics purposes.
7. Your Rights (GDPR)
Under the GDPR, you have the following rights: Right of access: request a copy of your personal data. Right to rectification: correct inaccurate personal data. Right to erasure: request deletion of your personal data. Right to data portability: receive your data in a structured, machine-readable format. Right to restrict processing: limit how we use your data. Right to object: object to processing of your data. To exercise any of these rights, contact us at hello@sopia.xyz. We will respond within 30 days.
8. Cookies and Tracking
We use essential cookies required for the Service to function (authentication, session management, locale preferences). We do not use advertising cookies or third-party tracking cookies. No cookie consent banner is required as we only use strictly necessary cookies.
9. Third-Party Services
We use the following third-party services to operate Sopia: Supabase: database hosting, authentication, and file storage (EU servers). Vercel: application hosting and deployment. Anthropic: AI processing for SOP generation and help system. Resend: transactional email delivery. Each of these providers has their own privacy policies and data processing agreements in place.
10. Changes and Contact
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "last updated" date at the top reflects the most recent revision. For any privacy-related questions or concerns, contact us at: Email: hello@sopia.xyz If you believe your data protection rights have been violated, you have the right to file a complaint with your local data protection authority.
Questions about your privacy? hello@sopia.xyz