Privacy Policy

Effective: July 24, 2025

At socra Inc., also known as socra, our mission is to help people collaborate and achieve more with AI. We are dedicated to providing you with a great experience. As a company registered in Delaware, USA, we’ve crafted this Privacy Policy to ensure everyone understands how we collect, use, store, and share (“process”) your information when you use our Website, Apps, and other Products and Services—collectively referred to as the “Services” or “Platform.”

By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service. If you do not agree with our policies and practices, please do not use our Services. For more information about your rights and obligations, please review our Terms of Service.

Our Privacy Commitment

At socra, we prioritize your privacy and data security above all else. We do not use your content to train our AI models, nor do we allow third parties to do so. Your data belongs to you and your team alone. This core principle guides all our privacy practices and technical safeguards.

1. Collection and Use of Information

We collect information from you in several ways when you use our Services. This information includes:

1.1 Personal Information

“Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual. This includes, but is not limited to, identifiers such as names, email addresses, profile information, IP addresses, and other similar identifiers.

When you sign up for or use our Services, you voluntarily provide us with certain Personal Information, including your name, email address, username, language preference, and profile picture, based on your consent or as necessary for the performance of the Services.

Visible User Identity Information: To enable socra’s core collaborative functionality, certain basic identity information is visible to other platform users when they search for collaborators or interact with shared content. Specifically, your name, username, and profile picture (if provided) are visible to other users within the platform for collaboration purposes.

This visibility serves essential business purposes and enables key platform features, including:

User Discovery: Allowing colleagues and collaborators to find and identify you when searching for team members or project participants
Collaboration: Enabling team formation and identification of contributors within shared workspaces
Trust and Transparency: Building user confidence through identifiable contributors rather than anonymous interactions
Platform Functionality: Supporting core features such as user mentions, team assignments, and shared projects

By creating an account, you acknowledge and consent to this visibility of your basic identity information to other platform users as an essential component of the collaborative platform experience.

GDPR Legitimate Interest Balancing Assessment for Visible Identity Information: For users in the EEA and UK, we rely on legitimate interest as the legal basis for making basic identity information (name, username, profile picture) visible to other platform users during collaboration and user search. Our balancing assessment considers:

Our Legitimate Interest: Operating a collaborative platform requires user discoverability and contributor identification, which necessitate visible identity information for team formation and project collaboration
User Impact: Making basic identity information visible to other users enables core platform functionality while users retain control over all other personal information
Balancing Result: The legitimate business need for collaborative functionality outweighs the minimal privacy impact of visible identity information, as users voluntarily create accounts knowing this is a collaborative platform

Right to Object: EEA and UK users who object to visible identity information on legitimate interest grounds have the right to object. Please contact us at team@socra.com to discuss your specific concerns and explore available options.

1.2 User Content

As part of our Services, we collect and store the content you provide on our Platform, which includes your input and the output generated by AI. This user-generated content, collectively referred to as “User Content,” encompasses the information, questions, answers, actions, goals, conversations with AI, AI-generated responses, and any other relevant details that you provide to or receive from socra.

Collaborative AI Platform Functionality: As a collaborative AI platform, socra enables users to work together on AI-powered projects and share AI-generated insights. Your User Content visibility depends on your workspace context:

Personal Workspaces: When working in your personal workspace, all User Content is private by default and only accessible to you
Team Workspaces: When you create a team workspace and invite other users, or when you accept an invitation to join an existing team workspace, you explicitly consent to sharing User Content created within that workspace with other team members who have access to that specific workspace
Selective Sharing: You can choose to share specific AI conversations, outputs, or projects with selected collaborators or other users outside your immediate workspace
Public Sharing: You may choose to make certain User Content public to share insights, examples, or solutions with the broader socra community
Real-time Collaboration: During collaborative sessions, other participants may view your inputs to AI and the resulting outputs in real-time to enable effective teamwork

Your Control: You maintain full control over your User Content sharing preferences. You can determine who has access to your AI conversations, outputs, and collaborative projects through our privacy controls and permission settings.

Please be mindful of the information you share. When you contribute User Content to a Team Workspace or make it public, it becomes part of that shared context, and we cannot control how other users may use or share that content.

We treat your User Content with the utmost confidentiality and use it solely for the purpose of delivering and improving our Services and providing tailored support to meet your needs. For clarity, “improving our Services” refers to debugging, understanding usage patterns to enhance features, and providing support, not using your content to train our or third-party AI models.

Access to User Content by socra personnel is strictly limited on a need-to-know basis, primarily for providing technical support, ensuring service reliability, and investigating potential policy violations. All personnel with such access are bound by strict confidentiality obligations.

1.3 Communication Information

When you talk to us via email, social media, or other channels, we may collect and store the information you share with us.

1.4 Usage Data

At socra, we may collect and analyze usage data to improve our Platform and enhance the user experience. This usage data includes information about your interactions with socra, such as the features you use, the duration of your sessions, and the frequency of your visits.

1.5 Log Data

We also collect information when you interact with our Services, such as when you navigate our website or use our mobile application. This information may include your IP address, browser type, operating system, the referring web page, pages visited, location, mobile carrier, device information (including device and application IDs), search terms, and cookie information.

To enhance your experience, we offer the option to sign up with your Google account. When you choose to sign up with Google, we collect and use your Google account information, such as your name, profile photo, and email address, to create and personalize your socra account.

1.7 Cookies

We use cookies and similar tracking technologies to enhance your experience on our Platform. Cookies are small text files that are stored on your device when you visit our website or use our mobile application. These cookies help us analyze website traffic and personalize content. For more information about the types of Cookies, please refer to our Cookie Policy.

1.8 Analytics

We are committed to your privacy while using analytics to improve our Platform. We may use both our own internal analytics systems and third-party analytics services (e.g., Google Analytics) to understand user behavior and improve our Services. When we use third-party analytics services, your data is subject to their privacy policies and practices. We strive to minimize data collection and use privacy-focused configurations when possible.

2. Children’s Privacy

2.1 Age Requirements and Verification

socra is intended for users who are at least 13 years of age. During account creation, we require all users to input their date of birth. If a user indicates they are under 13 years of age, our system will not allow them to proceed with account creation or access our Services. This verification process helps ensure compliance with children’s privacy protection requirements.

2.2 No Collection from Children Under 13

We do not knowingly collect, use, or disclose personal information from children under 13 years of age. Our Services are not designed for or directed to children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete such information from our systems.

2.3 Parental Notice

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us immediately at team@socra.com. We will investigate and take appropriate action, including deleting the child’s information and terminating any associated account.

3. We Do Not Sell Your Data

We will never sell your data. Your information is only used to provide and improve our Services, communicate with you, ensure Platform security, enforce our Terms of Service, and comply with laws.

We may share your information in the following circumstances:

4.1 Visible Identity Information

As described in Section 1.1, your name, username, and profile picture (if provided) are visible to other platform users to enable collaborative functionality and user discovery.

As described in Section 1.2, your User Content (including AI conversations, inputs, outputs, and collaborative projects) may be shared based on your workspace context and sharing preferences:

Team Workspace Members: When you create a team workspace and invite others, or when you accept an invitation to join a team workspace, other team members who have access to that workspace can view User Content created within that shared workspace
Individual Workspace Sharing: When working in your personal workspace, you may choose to selectively share specific content with collaborators
Public Community: You may choose to make certain User Content public to share with the broader socra community
Real-time Collaboration Participants: Other users participating in live collaborative sessions can view your inputs and AI outputs during those sessions

Your level of control varies by context: in team workspaces, sharing with team members occurs based on your explicit consent when creating or joining the workspace, while selective sharing and public sharing are always under your explicit control through our privacy and permission settings.

4.3 Third-Party Service and API Providers

We may share your information with third-party service and API providers who perform services on our behalf. These providers are contractually obligated to protect your data and are prohibited from using it for any purpose other than providing services to us. These categories include:

AI Model Providers: To provide the core functionality of our service, we send relevant User Content to our AI model partners (e.g., OpenAI, Google, Anthropic). Importantly, this data is sent in a de-identified manner without direct user identifiers such as names, email addresses, or account IDs attached. We have contractual agreements and have implemented technical configurations with these partners that strictly prohibit them from using your User Content to train their AI models. Your content cannot and will not be used to improve their models. While your data is subject to their security and data handling policies for the brief time it is processed, some providers may temporarily retain data for safety and abuse monitoring purposes for up to 30 days before deletion, as per their policies. We take deliberate steps to protect your information throughout this process.
Analytics Services: We may use third-party analytics services (e.g., Google Analytics) to understand how users interact with our platform. These services collect usage data, traffic patterns, and user behavior information to help us improve our Services. Your data shared with these services is subject to their respective privacy policies and data handling practices.
Cloud Hosting Providers: We use infrastructure partners (e.g., Amazon Web Services) to host our application and store your data securely.
Payment Processors: To process payments for services, we share necessary billing information with trusted payment processors (e.g., Stripe).
Communication Services: To send you emails and notifications, we may use third-party communication platforms.

Please note that some third parties, particularly AI Model Providers, may temporarily retain data for safety and abuse monitoring purposes for up to 30 days before deleting it, as per their policies.

4.4 Legal Requirement

We may disclose your information if we are required to do so by law, or if we believe that it is necessary to protect our rights or the rights of others.

5. Information Retention

At socra, we understand the importance of data retention and the need to balance it with privacy considerations. We retain your Personal Information for as long as your account is active. If you choose to delete your account, or it becomes inactive, we will initiate the deletion process as described in Section 6. We may retain certain information for a brief period after deactivation (e.g., 30 days) to allow for account recovery or to finalize administrative tasks. In certain cases, we may be required to retain your data for longer periods to comply with legal obligations, resolve disputes, or enforce our Terms of Service.

6. Information Deletion

You can delete your account at any time. When you initiate account deletion, we will begin the process of erasing your information from our production systems. This process may take up to 30 days. After it is complete, your personal information and User Content will be permanently and irreversibly deleted. Please note that residual copies of your data may remain in our secure, encrypted backup systems for a limited period (e.g., up to an additional 30 days) as part of our disaster recovery protocols, after which they will also be permanently deleted. Please note that while your personal information will be deleted, User Content you have contributed to a shared context (such as a Team or a Public Workspace) may persist as part of that shared space. Where possible, we will anonymize your contributions by removing personal identifiers.

7. How We Process Your Information

We process your information for various purposes to ensure the provision of our Services and improve our system and your overall experience. This includes analyzing your interactions, goals, preferences, and feedback to deliver personalized guidance and enhance our Services. We may also use your information for communication, such as responding to inquiries, providing updates, and sending emails and notifications. We utilize your information to improve our system and algorithms, allowing us to provide more accurate and effective Services over time. Additionally, we process your information to maintain the security of our Platform, prevent fraud, and comply with applicable laws and our Platform Policy, based on your consent or as necessary for the performance of the Services.

8. Where We Store Your Information

We store and process your Personal Information on secure servers located in the United States of America. Your Personal Information, when provided to us, is subject to storage, processing, and access by our team and third parties with whom we share Personal Information. By accessing our Services and providing your Personal Information, you explicitly consent to the export, storage, and utilization of your Personal Information as described in this Privacy Policy. We prioritize the security of your Personal Information and implement reasonable safeguards in accordance with applicable data protection laws. However, please note that no data transmission or storage can be completely secure. If you have any concerns regarding the security of your Personal Information, please contact us using the information provided in Section 14 (Contact Us) of this privacy policy.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We respect these rights and have processes in place to help you exercise them.

9.1 Universal Privacy Rights

All users have the following rights:

Right to Access: You can request information about how we collect, use, and share your personal information.

Right to Correction: You can request that we correct inaccurate personal information about you.

Right to Deletion: You can request that we delete your personal information, subject to certain legal exceptions.

Right to Opt-Out: You can opt-out of certain uses of your personal information, such as marketing communications. All marketing emails include an unsubscribe link, and you can also manage your communication preferences in your account settings or by contacting us at team@socra.com.

9.2 Additional Rights for EEA and UK Residents

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

Right to Restrict Processing: You can request that we limit how we use your personal information in certain circumstances.

Right to Data Portability: You can request to receive your personal information in a portable format and transfer it to another service.

Right to Object: You can object to our processing of your personal information based on legitimate interest or for direct marketing.

Right to Withdraw Consent: Where we process your information based on consent, you can withdraw that consent at any time.

Right to Lodge a Complaint: You can file a complaint with your local data protection authority. For EEA authorities, visit https://edpb.europa.eu/about-edpb/about-edpb/members_en. For UK residents, contact the Information Commissioner’s Office at https://ico.org.uk/.

9.3 How to Exercise Your Rights

To exercise any of these rights:

Email us at team@socra.com with “Privacy Rights Request” in the subject line
Clearly specify which right you wish to exercise and provide sufficient information to verify your identity
We will respond within 30 days for most requests (up to 45 days with possible 45-day extension for complex requests for California residents under CCPA, 1 month for GDPR requests which may be extended to 3 months for complex cases)
Most requests are free, though we may charge a reasonable fee for excessive requests

9.4 Legal Basis for Processing (EEA/UK Residents)

We process your personal data based on the following legal grounds:

Contract Performance: For providing our Services, account management, and core platform functionality
Consent: For marketing communications, optional features, and where you’ve given specific consent
Legitimate Interest: For improving our Services, security monitoring, fraud prevention, analytics, and maintaining visible identity information necessary for core collaborative platform functionality
Legal Obligation: For compliance with applicable laws and regulations

10. International Data Transfers

If you are accessing our Services from outside the United States, please be aware that your Personal Information may be transferred to, stored, and processed in the United States. For EEA and UK residents, we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) and other measures required by GDPR.

11. Additional Information for California Residents

This section provides additional information for California residents as required by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

11.1 Categories of Personal Information We Collect

In the preceding 12 months, we have collected the following categories of personal information:

Identifiers: Name, email address, username, IP address, device identifiers
Internet or Network Activity: Website usage data, log data, cookies
Geolocation Data: General location information derived from IP address
Audio, Electronic, Visual, or Similar Information: Profile pictures (if provided), communication content
Inferences: Preferences and insights derived from your usage patterns

11.2 Sources of Personal Information

We collect personal information from the following sources:

Directly from you when you create an account or use our Services
Automatically through your use of our Services
From third-party authentication providers (e.g., Google)
From your interactions with our customer support

11.3 Business Purposes for Collection

We collect and use personal information for the following business purposes:

Providing, maintaining, and improving our Services
Communicating with you about our Services
Ensuring security and preventing fraud
Complying with legal obligations
Internal research and development
Quality assurance and debugging

We may share personal information with:

AI model providers (e.g., OpenAI, Google, Anthropic) - for service functionality only
Analytics service providers (e.g., Google Analytics) - for usage analysis and platform improvement
Cloud hosting providers (e.g., Amazon Web Services)
Payment processors (e.g., Stripe)
Communication service providers
Legal and professional advisors when required by law

11.5 Additional California Consumer Rights

In addition to the rights described in Section 9, California residents have additional rights under CCPA:

Right to Limit Sensitive Personal Information: You have the right to limit our use of sensitive personal information to specific purposes.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights, including by denying services, charging different prices, or providing different service quality.

Sale Disclosure: We do not sell your personal information and have not sold personal information in the preceding 12 months.

Note: You can exercise your privacy rights using the process described in Section 9.3 above, or email us at team@socra.com with “California Privacy Request” in the subject line.

11.6 Authorized Agents

You may designate an authorized agent to make privacy requests on your behalf. The agent must provide proof of authorization, and you may be required to verify your identity directly with us.

12. Data Security

We implement comprehensive security measures to protect your Personal Information. As described in Section 4.3, your data may be shared with third-party service providers (including AI model providers, cloud hosting providers, and payment processors) solely for the purpose of delivering our Services to you. All such sharing is governed by strict contractual obligations and technical safeguards to protect your information. We use industry-standard security protocols and follow industry best practices to safeguard your information.

We do not commercialize or train with your data, and we do not allow third parties to do so either. You maintain control and ownership of your data, subject to the necessary sharing described in this Privacy Policy for service delivery.

Our security infrastructure includes multiple layers of protection:

Authentication System: Robust user authentication with secure login protocols
Access Controls: Strict access management to ensure only authorized personnel can access systems
Review Processes: Regular security audits and monitoring procedures
Rate Limiting: Protection against malicious attacks and abuse through automated rate limiting
Secure Infrastructure: Industry-standard server security and data storage solutions

These technical and organizational measures are designed to ensure the ongoing confidentiality, integrity, and availability of your Personal Information.

13. Data Breach Notification

While our comprehensive security measures make data breaches highly unlikely, we maintain transparent procedures in the unlikely event that a security incident affects your personal information. We continuously monitor our systems and have implemented multiple layers of protection to prevent unauthorized access to your data.

In the unlikely event of a data breach that may compromise your personal information, we will:

Rapid Response: Immediately contain the incident and assess the scope of any potential data exposure
Authority Notification: Notify relevant regulatory authorities within 72 hours where legally required (such as under GDPR)
User Notification: Inform affected users without undue delay through email and prominent platform notifications
Transparent Communication: Provide clear details about what happened, what information may have been involved, and what we’re doing to address the situation
Remedial Action: Implement immediate corrective measures and offer appropriate assistance, which may include identity monitoring services where warranted
Ongoing Updates: Keep you informed throughout our investigation and resolution process

If you suspect any unauthorized access to your account, please contact us immediately at team@socra.com.

14. Governing Law and Jurisdiction

This Privacy Policy and any disputes arising from or relating to the privacy practices described herein are governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law principles.

15. Changes to This Privacy Policy

We reserve the right, at our sole discretion, to modify or replace this Privacy Policy at any time. By continuing to access or use our Service after any revisions become effective, you agree to be bound by the revised Privacy Policy. If you do not agree to the new Privacy Policy, you are no longer authorized to use the Service.

16. Contact Us

If you have any questions about our practices or this Privacy Policy, please contact us at team@socra.com. We are here to address any concerns or inquiries you may have regarding your privacy and the use of our Services.