Last updated: September 8, 2025
What Data We Collect
Why We Collect It
Who We Share It With
User Rights
Account → Delete Account ORHow to Contact Us
We collect the following types of data:
We use your data to:
We only share your data when necessary to operate the app:
We do not sell your data.
We process (a) to perform our contract with you (account, sync, core features), and (b) for our legitimate interests in operating, securing, and improving the app (diagnostics/analytics). Where required, we’ll ask for consent.
Third-party providers (non-exhaustive):
We may process data in the United States and other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses).
California notice: We do not “sell” or “share” personal information as defined by California law, and we do not use your data for cross-context behavioral advertising.
Account → Delete AccountWe retain your data as long as your account is active. When deleted:
Your data is encrypted in transit, and passwords are securely hashed. We do not apply application-level encryption to user content at rest. We use industry best practices to keep your information safe. For session replay, we avoid recording sensitive fields and take steps to reduce captured personal text (e.g., by excluding obvious sensitive inputs).
This app is not intended for children under 13. We do not knowingly collect data from minors. If we learn we've done so, we will delete it.
On the website, we may use privacy-preserving analytics and bot protection. For signup/security we use Cloudflare Turnstile, which processes limited technical signals (e.g., user agent, IP-derived network info, and interaction patterns) solely to detect bots—not for advertising. Learn more: https://www.cloudflare.com/turnstile-privacy-policy/
You can block cookies in your browser settings; some site features may not work without them.
We use Vexo Analytics in the mobile app to understand feature usage and improve stability. Vexo collects technical and usage data such as device/OS/app version, country (from IP), session timestamps, screen views, taps/gestures, navigation paths, and crash/diagnostic events. If Session Replay is enabled, Vexo records an obfuscated playback of UI interactions; we do not intend to capture passwords or payment details. Data is used only to operate, secure, and improve the app.
During testing phases (e.g., Alpha or Beta), analytics—including Session Replay and heatmaps—are enabled by default and required for participation. There is no per-account opt-out for testing builds. If you do not agree, please do not use the testing builds and wait for a public release.
Caution: Masking reduces but does not eliminate the risk of incidental capture. Please avoid entering sensitive information into free-text fields during testing.
We process analytics for our legitimate interests in quality assurance, security, and product improvement. Where local law requires consent for optional features, participation in the testing program signifies that consent.
Until we adopt a fixed retention window, analytics may be retained by our provider until we delete them from our project. Our target is to introduce a rolling deletion policy (≤ 180 days) before general availability.
Details: https://www.vexo.co/privacy/
Premium purchases made on our site are processed by Stripe (or another PCI-DSS compliant provider). Payment details are transmitted over TLS directly to the processor and never touch our servers. We receive only a payment token and basic billing info (email, last-4, expiry) for receipts and fraud prevention.
Apple/Google in-app purchases may be processed by Apple/Google; we don’t receive your full card details.
We may update this policy. Material changes will be announced in-app or via email. Continued use after the effective date constitutes acceptance.
Questions or requests? Contact us at support@sopho.app