Skip to main content
PrivacyTermsCookiesSecurityCompliance

Compliance

Revision: 1.0

Sophosic™ Inc. is committed to maintaining compliance with global data protection regulations and industry standards. This page outlines our compliance framework, data processing agreements, and regulatory adherence.

1. GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) for all users in the European Economic Area (EEA).

1.1 Data Subject Rights

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data
  • Right to data portability: Export your data in machine-readable format
  • Right to object: Opt-out of certain data processing activities

To exercise these rights, contact us at privacy@sophosic.ai.

2. CCPA Compliance

California residents have additional rights under the California Consumer Privacy Act (CCPA).

  • Right to know: Request disclosure of data collection and usage
  • Right to delete: Request deletion of personal information
  • Right to opt-out: Opt-out of data selling (note: we do not sell personal data)
  • Non-discrimination: Equal service regardless of privacy choices

3. Data Processing Agreements

We provide Data Processing Agreements (DPAs) for enterprise customers to ensure contractual data protection obligations.

  • Standard Contractual Clauses: EU-approved SCCs for data transfers
  • Custom DPAs: Tailored agreements for enterprise requirements
  • Request a DPA: Contact legal@sophosic.ai

4. Subprocessors

We engage third-party subprocessors to provide our services. All subprocessors are contractually required to maintain appropriate security and privacy standards.

SubprocessorPurposeLocation
RenderInfrastructure hostingUnited States
SupabaseDatabase and authenticationUnited States
StripePayment processingUnited States
OpenAIAI processingUnited States

5. Audit Logs & Data Retention

We maintain comprehensive audit logs and follow data retention policies to ensure accountability and compliance.

5.1 Audit Logging

  • User actions: Log all data access and modification activities
  • Administrative actions: Track all admin operations and changes
  • Retention period: Logs retained for 12 months (minimum)

5.2 Data Retention

  • Active data: Retained while account is active
  • Account deletion: Data deleted within 30 days of account closure
  • Backups: Backup data retained for up to 90 days

6. Compliance Certifications

We are working toward industry-recognized compliance certifications to demonstrate our commitment to data protection.

  • Current: GDPR compliant, CCPA compliant
  • In progress: SOC 2 Type II (targeted for 2025)
  • Roadmap: ISO 27001, HIPAA (for healthcare use cases)

7. Contact Us

For compliance inquiries, DPA requests, or data subject rights requests:

Compliance | Sophosic AI | Sophia