Privacy Policy

Last updated: February 10, 2025

This Privacy Policy describes how Y AI, Corp (“we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use our website or any related services and integrations (collectively, the “Services”). It also explains your rights and how to contact us if you have any questions or concerns.

1. WHAT INFORMATION DO WE COLLECT?

A. Information You Provide to Us

We may collect personal information that you provide to us when you:

  • Sign up for an account, request information, or contact us.
  • Connect your application(s) (such as Google Drive, Google Calendar, GitHub, or Slack) to the Services.

Examples of personal information we may collect include your name, email address, login credentials to third-party services (handled via secure OAuth protocols), and any other information you choose to provide.

B. Information We Automatically Collect

When you use or interact with the Services, we automatically collect certain technical information, such as:

  • IP address and browser type.
  • Device and operating system information.
  • Usage details (e.g., pages viewed, timestamps, and navigation paths).

We use this data primarily to maintain and improve the security and performance of our Services, as well as for internal analytics.

2. HOW DO WE USE YOUR INFORMATION?

We process your information for the following purposes:

  1. Retrieval-Augmented Generation (GenAI) Context:
    • We retrieve and index your data from connected third-party services to provide enhanced context for AI-generated interactions, aiming to improve your end-user experience.
  2. Service Provision and Improvement:
    • We use your information to operate, maintain, and enhance our Services, including troubleshooting and technical support.
    • We may also analyze usage trends to refine our Services and user experience.
  3. Security and Fraud Prevention:
    • All data is encrypted both at rest and in transit.
    • We follow industry best practices to protect data from unauthorized access, disclosure, alteration, or destruction.
  4. Compliance:
    • We may process your information to comply with applicable laws, regulations, or legal obligations (e.g., responding to lawful requests from authorities).

3. USE OF THIRD PARTY USER DATA

Our Services integrate with certain third-party services, requiring use of OAuth scopes. Here is how we access, use, and store user data:

  1. Restricted Access:
    • We only request the minimum OAuth scopes needed to provide or improve user-facing features that are prominent in our application.
  2. Limited Use:
    • Data obtained through third-party API Services is used solely to enable or improve features that you choose to interact with.
    • We may use non-private data related to how you use our services to develop, train, or improve AI/ML models for broader use.
    • We do not transfer your data to third parties unless it is necessary to provide you with the requested functionality (e.g., authorized operations on your files) or is required by law.
    • We will not process your personal data for purposes incompatible with those disclosed in this policy without obtaining renewed consent, except where legally required.
  3. No Human Reading of Data:
    • Data from your account(s) is processed programmatically to index and provide you with retrieval-augmented AI experiences.
    • Human access to any user data is strictly controlled and occurs only if required for debugging, security investigations, or legal compliance.
  4. No Sale or Unauthorized Transfer:
    • Your data is never sold to third parties.
    • We will not share or transfer your data except for legitimate, necessary purposes as permitted by law and with your explicit authorization (where applicable).

4. HOW LONG DO WE KEEP YOUR INFORMATION?

We retain personal information only for up to 90 days or as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need for your personal information, we will securely delete or anonymize it.

De-Identified Information: After deleting your personal information, we may retain non-identifiable data (e.g., aggregated usage patterns, metadata stripped of identifiers) indefinitely to improve our Services, train AI models, or comply with analytics requirements. This data cannot reasonably be linked back to you.

5. HOW DO WE KEEP YOUR INFORMATION SAFE?

We take reasonable and appropriate measures to protect the personal information we process. These safeguards include:

  • Encryption at Rest and in Transit: Your data is encrypted to prevent unauthorized access.
  • Access Controls: Only authorized personnel with a valid business need have access to user data.
  • Ongoing Security Reviews: We regularly review our information collection, storage, and processing practices.

Although we strive to protect your personal information, no electronic transmission or storage technology is 100% secure. Use of the Services is at your own risk.

6. YOUR PRIVACY RIGHTS

Depending on your jurisdiction, you may have certain rights over your personal information, such as:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Ask us to correct inaccuracies in your data.
  • Withdrawal of Consent: If we process data based on your consent, you can withdraw that consent at any time.
  • Opt Out of Marketing: You can unsubscribe from promotional communications at any time via the opt-out link within each email.
  • Data Download/Deletion Requests: You may request a copy of your personal data in a portable format by emailing talk@sophi.app. We will verify your identity and respond within 45 days (or earlier if required by law).
  • Account Deletion: You may delete your account at any time by initiating deletion within the settings section of the dashboard or emailing talk@sophi.app. Upon deletion, we will permanently and irreversibly erase all personal information associated with your account in our systems. Note:
    1. Soft Deletion Process: To prevent accidental data loss, account deletion triggers a 30-day “soft deletion” period where data is retained in encrypted backups but marked for permanent removal. After this period, all personal data is fully purged.
    2. De-Identified Data Exemption: As described in Section 4, non-identifiable data derived from your usage (e.g., anonymized behavioral patterns) may be retained indefinitely.
    3. Service Access: Deleting your account will immediately terminate your access to the Services.
    Note: Deletion may affect Service functionality, and we may retain de-identified data as described in Section 4.

To exercise your privacy rights, please contact us using the details in section 13 - CONTACT US.

7. AI-GENERATED CONTENT ACCURACY

Factual Responses of AI Assistant:

Our AI generates responses by predicting contextually relevant text. While we strive for accuracy:

  1. Not Factually Guaranteed: Outputs may contain inaccuracies. Do not rely on them for critical decisions.
  2. Correction Requests: To report factual inaccuracies about you in AI-generated content, contact talk@sophi.app. We will evaluate requests based on technical feasibility and legal obligations.

8. MINORS’ PRIVACY

Our Services are not intended for individuals under 18. We do not knowingly collect personal information from anyone under 18. If we discover that we have collected personal information from a minor without proper consent, we will promptly take steps to delete that information.

9. DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems offer a “Do-Not-Track” (DNT) feature. Because there is no consistent standard for DNT signals, we do not respond to them at this time. We will re-evaluate once a uniform standard is established.

10. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. The updated version will be indicated by an updated “Last Updated” date at the top of this document. If we make material changes, we may provide you with additional notice (e.g., an email notification or prominent post).

11. ADDITIONAL US STATE DISCLOSURES

Certain US states provide residents with specific privacy rights. This section supplements the Privacy Policy for users in those states.

1. Categories of Personal Data Collected:
We may collect the following categories of personal data:

  • Identifiers (e.g., name, email address, IP address)
  • Commercial information (e.g., records of Services usage)
  • Internet/network activity (e.g., pages viewed, timestamps)
  • Personal Information (e.g., third-party service credentials via OAuth)

2. Use of Personal Data:
Personal data is used for:

  • Providing and improving the Services
  • Security, fraud prevention, and legal compliance
  • Internal analytics and AI/ML model training (for non-private usage data only)
  • Purposes disclosed under Section 2: HOW DO WE USE YOUR INFORMATION?

3. Disclosure of Personal Data:
We may disclose personal data to:

  • Legal or governmental authorities as required by law
  • Third parties with user consent (e.g., authorized integrations)
  • For further details, review Section 3: USE OF THIRD PARTY USER DATA.

12. COUNTRY AVAILABILITY CLAUSE

The Services are currently available only to users located in the United States. By accessing or using the Services, you confirm that you reside in the United States. We do not authorize use of the Services in jurisdictions outside the United States at this time.

If you access the Services from other regions, you do so at your own risk and are solely responsible for compliance with local laws. We may restrict access or terminate accounts for non-US users without notice.

Note: Expansion to additional countries is under consideration and will be announced in future updates.

13. CONTACT US

For privacy-related questions or concerns, contact us at talk@sophi.app. This privacy policy is designed to comply with all applicable laws while accurately reflecting our product’s data handling practices.

By using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue using our Services. If you have any further questions or concerns, feel free to reach out using the contact details above.