Privacy Policy

Last Updated: 2023-11-21

Introduction

Welcome to Sophinauta Ltd. This privacy policy outlines our practices regarding the collection, use, and protection of personal data through our mobile applications and websites.

Sophinauta Ltd is committed to ensuring the privacy and security of our users’ data. We understand the importance of personal data and are dedicated to processing it responsibly and in compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) in Europe.

Our services are designed with your privacy in mind, and this policy applies to all individuals who use our mobile apps or visit our websites. Whether you are a longtime user or new to our services, we want you to understand how we use your information and the ways in which you can protect your privacy.

Our Privacy Policy explains:

• What information we collect and why we collect it.
• How we use that information.
• The choices we offer, including how to access, update, and remove information.

We hope this policy helps you understand our data practices and the choices you have regarding your personal data. If you have any questions or concerns about our use of your personal information, please do not hesitate to contact us through the provided channels.

Data We Collect

At Sophinauta Ltd, our goal is to offer you a seamless and efficient user experience. To achieve this, we collect certain personal data, which allows us to tailor our services to your needs and preferences. Here’s a breakdown of the types of information we collect and the rationale behind it:

Personal Data Collected:

1. Identifiers:
   • Examples: This includes data such as your name, email address, phone number, and other similar information.
   • Purpose: These identifiers help us personalize your experience, enable account creation and management, and facilitate direct communication for support and updates.
2. Usage Data:
   • Examples: This encompasses information on how you interact with our apps and websites, including pages visited, features used, and time spent on our services.
   • Purpose: Usage data assists us in understanding how our services are utilized. This insight is crucial for enhancing user experience, identifying preferences, and troubleshooting issues. It also aids in the development of new features and functionalities.
3. Location Data:
   • Optional Collection: We only collect this data if you provide explicit consent, as applicable.
   • Purpose: Location data can be used to offer location-specific services, enhance certain functionalities (e.g., local weather updates, localized content), and improve overall service efficiency.

Purpose of Collection:

Our data collection is guided by the principle of purpose limitation. This means we only collect data necessary for specific, explicit, and legitimate purposes:

1. To Provide and Improve Our Services:
   • Tailoring user experience to individual preferences and needs.
   • Developing new features and functionalities that enhance our offerings.
2. For Customer Support and Communication:
   • Facilitating efficient and effective customer service.
   • Communicating important updates, changes, or security alerts.
3. For Analytics and Service Optimization:
   • Analyzing data trends to better understand how our services are used.
   • Implementing improvements based on user feedback and usage patterns.

It is our commitment to use your data responsibly and transparently, ensuring it aligns with both your interests and our mission to deliver exceptional digital experiences.

Information Access and Disclosure

At Sophinauta Ltd, we understand that your information is a critical aspect of your privacy. Therefore, we are transparent about the scenarios in which your data might be accessed or shared. Here’s how we handle your information:

Internal Access for Service Provision and Improvement:

1. Internal Access:
   • Who: Access to your data is limited to authorized Sophinauta Ltd employees and contractors who need the information to perform their job functions, such as customer service and technical support.
   • Why: To provide, maintain, and improve our services, including troubleshooting, data analysis, and testing.
   • How: We employ strict internal policies and technical controls to ensure data security and privacy.

Disclosure to Third Parties:

1. Under Legal Requirements:
   • Circumstances: We may disclose your information when required by law, such as in response to a court order, subpoena, or other legal process.
   • Process: In such cases, we make efforts to verify the legitimacy of the request before any disclosure and aim to disclose only the information that is legally required.
2. With Explicit Consent:
   • Consent-Based Sharing: We only share your data with third parties when we have your explicit consent to do so.
   • Control: You have the ability to manage your consent preferences and may withdraw consent at any time, affecting future data sharing.

Our Commitment:

• No Sale of Personal Data: We firmly stand by our commitment not to sell any personal data to third parties for marketing, advertising, or other purposes.
• Third-Party Partners: If we share data with partners for service provision (e.g., cloud hosting), they are bound by confidentiality agreements and data processing terms that align with this policy and applicable data protection laws.

Transparency and Trust:

• Notification: Should there be any significant changes to the way we use or share your data, we will notify you and provide options to manage your information.
• Queries and Concerns: We welcome any questions regarding our data handling practices and are committed to addressing your privacy concerns.

Your Rights

At Sophinauta Ltd, we not only respect your privacy but also empower you to exercise control over your personal data. Under data protection laws, particularly the GDPR for users in the European Union, you have several rights concerning your data. Here’s an overview of these rights and how you can exercise them:

Access Your Personal Data:

• Right to Access: You have the right to request access to your personal data that we hold. This includes knowing what personal data we have, how we use it, and to whom it has been disclosed.
• How to Exercise: To receive a copy of your personal data, submit a request by email to legal@sophinauta.com.

Request Correction or Deletion:

• Correction: If you believe any of the personal data we hold is incorrect or incomplete, you can request a correction.
• Deletion: You can also request the deletion of your personal data, especially if it is no longer necessary for the purposes it was collected.
• How to Exercise: To request corrections or deletion, please contact us at legal@sophinauta.com.

Object to Processing and Request Data Portability:

• Object to Processing: You have the right to object to the processing of your personal data under certain conditions.
• Data Portability: You have the right to request that we transfer your data to another organization, or directly to you, under certain conditions.
• How to Exercise: To object to processing or to request data portability, please contact us via email at legal@sophinauta.com.

Withdraw Consent at Any Time:

• Consent Withdrawal: Where we rely on your consent to process your personal data, you have the right to withdraw this consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• How to Exercise: You can withdraw your consent using the settings on our app/website or by contacting us directly.

Additional Information:

• Response Time: We aim to respond to all legitimate requests within one month. However, it may take us longer if your request is particularly complex or you have made several requests.
• No Fee Usually Required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Contact Us:

For any questions or requests regarding your rights over your personal data, please contact us at legal@sophinauta.com. We are committed to addressing your concerns and facilitating the exercise of your data rights.

Data Protection

At Sophinauta Ltd, we understand the importance of data security in protecting your privacy. We employ a comprehensive approach to data security, encompassing various robust technical and organizational measures to safeguard your information against unauthorized access, alteration, disclosure, or destruction. Here’s how we do it:

Technical Measures:

1. Encryption: We use industry-standard encryption technologies to protect data both in transit (e.g., SSL/TLS) and at rest.
2. Access Control: Strict access controls are enforced. Only authorized personnel have access to personal data, and they are required to maintain the confidentiality of the information.
3. Secure Architecture: Our systems are designed with security in mind, incorporating practices like secure coding, regular penetration testing, and network defenses.
4. Data Segregation: Sensitive data is segregated from other information to reduce risk and enhance security.

Organizational Measures:

1. Employee Training: Regular training programs are held for our employees to ensure they are aware of our privacy and security policies and their individual responsibilities.
2. Policy Enforcement: We have clear internal policies and procedures for handling personal data, including guidelines for data breach response.
3. Vendor Management: We rigorously evaluate our vendors and third-party service providers for their data security practices to ensure alignment with our security standards.

Regular Security Audits and Updates:

1. Security Audits: We conduct regular security audits to assess and identify potential vulnerabilities in our systems and processes.
2. Continuous Monitoring: Our security team continuously monitors our systems for unusual activities and potential threats.
3. Updates and Patch Management: We regularly update our systems and applications to incorporate the latest security patches and enhancements.
4. Incident Response Plan: In the event of a security breach, we have a well-defined incident response plan to swiftly address and mitigate the impact.

Commitment to Continuous Improvement:

• Feedback and Improvement: We actively seek feedback and conduct reviews of our security practices to continually improve our data security measures.
• Transparency in Security Practices: Should there be any significant security updates or incidents, we commit to informing our users promptly and transparently.

Data Deletion

At Sophinauta Ltd, we want to ensure that you have full control over your data. Therefore, we have established clear protocols for handling content that you choose to delete from your product accounts. Here’s what happens when you delete content:

Immediate Removal from Active Systems:

1. Deletion Process: When you delete content (such as messages, files, or account data) from our products, it is immediately removed from your view and the view of others.
2. System Update: This deletion is promptly reflected in our active systems, meaning the content is no longer accessible during regular use of our services.

Backup Systems:

1. Retention in Backups: For operational and security reasons, deleted content may remain in our backup systems for a limited time.
2. Backup Lifecycle: These backups are regularly cycled, and the content is eventually erased permanently. This process typically takes 60 days, but the duration may vary based on our backup schedule and technical requirements.
3. Protection of Backups: While in backups, your data continues to be protected with the same robust security measures as our active systems.

Special Considerations:

• Legal Holds and Investigations: In certain rare cases, if there is a legal obligation or ongoing investigation, we might need to retain specific information beyond the standard retention period.
• Residual Copies: Even after deletion from active systems and backups, residual copies of your data may exist on our systems for a brief period due to the distributed nature of our data storage systems.

Your Choices:

• Data Management Tools: We provide tools and settings in our products to help you manage your data, including the deletion of content.
• Assistance: If you need help or have specific requests regarding the deletion of your data, please contact our support team.

Transparency and Compliance:

• Compliance with Laws: Our data deletion practices are designed to comply with applicable data protection laws.
• Notification: If there are any changes to our data deletion practices, we will update this policy and notify you as required by law.

Data Retention

At Sophinauta Ltd, our data retention practices are guided by the principle of retaining data only as long as necessary to fulfill the purposes for which it was collected, as outlined in this policy. Here’s a detailed look at our data retention approach:

Retention Period:

• Purpose-Based Retention: The duration for which we retain your data depends on the purpose for which the data was collected and the nature of the data. For example:
• Account Information: As long as you have an active account with us.
• Transactional Data: For the duration required by tax, legal, and audit purposes.
• Interaction Data: Such as usage and preference data, for a period that enables us to improve and personalize our services.
• Legal and Regulatory Requirements: In some cases, we are legally required to keep certain types of data for a specified period (e.g., financial records for tax purposes).

Review and Deletion:

• Regular Review: We regularly review the data we hold to determine whether its retention is still necessary.
• Deletion or Anonymization: When data is no longer needed for the purposes outlined in this policy or required by law, it is either securely deleted or anonymized.

Specific Scenarios:

• User-Requested Deletion: If you request the deletion of your personal data, we will remove your data from our active systems and it will be deleted from backups in accordance with our backup deletion protocols, unless otherwise required by law.
• Account Closure: Upon closing your account, your data will be retained for a necessary period to comply with legal obligations and then deleted or anonymized.

Transparency and Updating:

• Policy Updates: This retention policy may be updated to reflect changes in our practices or legal requirements.
• Notification of Changes: Users will be informed of any significant changes to our data retention practices.

Contact for Queries:

• Queries and Requests: Should you have any questions regarding our data retention practices or wish to request more details about the retention period for specific types of data, please contact us at legal@sophinauta.com.

Data Location

Sophinauta Ltd is committed to transparency regarding the storage and processing of your personal data. Understanding the location of your data is crucial, as it relates to the regulatory and legal frameworks that govern its protection.

Data Storage and Processing Facilities:

• Primary Locations:
• Cloud Services: We use cloud services from reputable vendors, with data centers primarily located in North America and Europe.
• Geographical Diversity: To ensure reliability and high availability, our data storage solutions are geographically diverse, reducing risks associated with data loss and downtime.

Compliance with Data Protection Laws:

• Legal Frameworks: The location of our data centers and cloud providers is selected with careful consideration of local and international data protection laws, such as GDPR in Europe.
• Cross-Border Data Transfer: When data is transferred across borders, we take the necessary steps to ensure that the transfer complies with applicable laws and that the data remains protected to the standards set out in this policy.

Security and Privacy:

• Vendor Selection: Our data storage and processing vendors are chosen based on their commitment to security and privacy, aligning with our standards.
• Data Protection Measures: Robust security measures are in place at all data storage and processing locations, including physical security, encryption, and access controls.

Ongoing Evaluation:

• Regular Assessment: We regularly assess the adequacy of our data storage and processing locations, considering changes in technology, law, and the specific needs of our service.
• Updates and Notifications: Should there be significant changes to the location of our data storage and processing, we will update this policy and notify our users accordingly.

Contact Us:

• Inquiries: For any inquiries regarding the location of our data storage and processing facilities, please reach out to us at legal@sophinauta.com.

Transfering Data Outside the EU

Sophinauta Ltd is dedicated to handling all personal data, especially data transferred from the European Union, in full compliance with the GDPR. Understanding the importance of GDPR in protecting EU citizens’ data rights, we have implemented the following measures and protocols for international data transfers:

GDPR Compliance in Data Transfers:

• Legal Frameworks:
• We ensure that any transfer of personal data out of the EU is based on a recognized legal framework or mechanism deemed adequate by the European Commission, such as the EU-US Privacy Shield or Standard Contractual Clauses.
• Adequacy Decisions:
• Where possible, we transfer personal data to countries that have been granted an ‘adequacy decision’ by the European Commission, meaning their data protection laws are deemed to offer a level of protection equivalent to that within the EU.

Safeguards for Data Transfers:

• Binding Corporate Rules (BCRs):
• For transfers within our corporate group, we may use BCRs, which are internal rules providing adequate safeguards for transferring personal data outside the EU.
• Data Processing Agreements:
• We enter into Data Processing Agreements with third-party service providers that include GDPR-compliant clauses to ensure the protection and lawful processing of transferred data.

Transparency and Data Subject Rights:

• Informing Data Subjects:
• When personal data is transferred out of the EU, we ensure that data subjects are informed about the transfer, the reasons for it, and the safeguards in place.
• Upholding Data Subject Rights:
• Regardless of where personal data is processed, we uphold the rights of data subjects as per GDPR, including access, rectification, erasure, and data portability.

Ongoing Review and Compliance:

• Regular Audits: We conduct regular audits of our data transfer practices to ensure ongoing compliance with GDPR.
• Adapting to Changes: We stay informed about changes in data protection laws and update our practices accordingly.

Queries and Concerns:

• Contact Information: For any questions regarding the transfer of personal data from the EU, please contact us at legal@sophinauta.com.

Updates to Our Privacy Policy

At Sophinauta Ltd, we are continually evolving to not only improve our services but also to maintain compliance with legal and regulatory changes. As such, our privacy policy may undergo revisions. Here’s our approach to policy updates and addressing your queries:

Policy Updates:

• Regular Reviews and Updates:
• Frequency of Review: We regularly review our privacy policy to ensure it accurately reflects our data practices and adheres to current data protection laws.
• Circumstances for Updates: Updates may be prompted by changes in our data processing activities, new legal requirements, or technological advancements.
• User Notification:
• Method of Notification: Significant changes to our privacy policy will be communicated to our users via email, notifications within our apps or websites, or other direct communication methods.
• Advance Notice: Whenever possible, we will provide advance notice before changes take effect, giving you ample time to review the modifications.
• Accessibility of Policy:
• Availability: The latest version of our privacy policy will always be accessible on our website and through our mobile apps.
• Historical Versions: Upon request, we can provide previous versions of our privacy policy for your reference.

Addressing Your Questions and Concerns:

• Open Channels for Communication:
• Contact Details: For any questions, concerns, or comments regarding our privacy policy or data practices, you can contact us at legal@sophinauta.com.
• Responsive Support: Our dedicated team is committed to addressing your queries in a timely and clear manner.
• Feedback and Suggestions:
• Encouraging Feedback: We welcome your feedback regarding our privacy practices and policy.
• Improvement: Your suggestions play a crucial role in helping us enhance our data protection efforts and privacy practices.
• Data Protection Officer (DPO):
• Contacting the DPO: If you have specific concerns about how we handle your data, you can also reach out directly to our Data Protection Officer at legal@sophinauta.com.

Your Participation:

• Stay Informed: We encourage you to regularly review our privacy policy to stay informed about how we are protecting your data.
• Your Role: Your understanding and feedback on our privacy policy are invaluable in helping us maintain a high standard of data privacy and security.