Privacy Policy

IP Anonymization: Your IP address is immediately anonymized before storage. We remove the last digit, making it impossible to identify you personally.

Security measures:

• ✓ Google Cloud Platform (enterprise-grade security)
• ✓ Encrypted storage at rest
• ✓ Access limited to authorized personnel
• ✓ Regular security reviews

Sofia uses AI to understand your questions and provide pricing information:

Service	Purpose	Data Shared
OpenAI GPT-4o	AI responses	Your questions (anonymized)
Google Cloud	Hosting & storage	Anonymized usage data

International Transfers: Query data is processed by OpenAI in the USA under Standard Contractual Clauses, ensuring GDPR-equivalent protection.

Why we can process this data:

We use legitimate interests as our legal basis. Since we only collect anonymized data (which isn't personal data under GDPR), explicit consent isn't required. However, we're transparent about what we collect.

Your rights under UK GDPR:

• Right to access - Request a copy of your data
• Right to rectification - Correct inaccurate data
• Right to erasure - Request deletion of your data
• Right to restrict processing - Limit how we use your data
• Right to object - Object to our processing

Note: Since data is anonymized, we may not be able to link stored data to your identity.

Sofia uses minimal browser storage for essential functionality only:

Name	Purpose	Duration
sofia_authenticated	Session login status	Until tab closed
sofia_session_id	Group your conversation	Until tab closed

✓ No tracking cookies - We don't use any third-party analytics or advertising cookies.

Since all stored data is anonymized (not personal data under GDPR), we retain it for service improvement:

Data Age	Storage	Access
0-12 months	Active storage	Immediate
12+ months	Archived storage	On-demand

Historical data helps us identify product coverage gaps and improve Sofia's responses over time.