Privacy Policy

Last Updated: March 21, 2025

Introduction

At Sohri, we are committed to protecting your privacy while providing you with an exceptional AI-powered text-to-speech experience. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our services. We believe in transparency and want you to fully understand our privacy practices.

Information We Collect

Account Information

When you create an account with Sohri through our supported social login options (Google, Meta, or Discord), we collect:

Basic Profile Information: Your name, email address, and profile picture.
Account Identifiers: Unique IDs that help us maintain account security.
Public Profile Data: Information you've made publicly available on these platforms.
Language and Time Zone: To provide localized service.

Important Notes:

We only receive information necessary for account creation and security.
We do not access private posts, friend lists, or other personal data beyond what is required.
You can review and modify social login permissions through your account settings.

Device and System Information

To optimize your experience, we collect essential information about your digital environment:

Device Information: The type of device you're using, which helps us adapt our interface to your screen.
System Details: Your operating system and browser version to ensure compatibility and smooth functionality.
Performance Metrics: How our service performs on your device, allowing us to optimize speed and functionality.
Technical Settings: Display and system preferences to provide a seamless, personalized experience.

Location and Network Information

To provide reliable service and maintain security, we collect basic connection data:

IP Address: We receive your general location through your IP address, limited to city and country level—we never track your exact location without explicit permission.
Network Type: Whether you're using WiFi or mobile data, which helps us optimize data delivery.
Connection Quality: Your connection strength, which allows us to adjust service delivery for stable performance.
Regional Data: Your time zone and language settings to provide properly localized content.

Text Input Data

When you use our text-to-speech service, we process:

Text Content: The text you submit for voice generation.
Voice Selection Parameters: Your choices regarding voice type, tone, speed, and other audio characteristics.
Project Metadata: Names, descriptions, and organizational information you provide for your audio projects.

Support Feature Information

When you use the "Support" feature to donate to creators:

Transaction Information: We collect details necessary to process the transaction via our payment processor PayPal Complete Payments (PPCP), including the support amount, currency, date/time, and transaction ID. We do not directly collect or store your full payment card numbers or bank account details. These are handled directly by the payment processor.
Payment Processor Data: Our payment processor (e.g., PayPal) collects information according to their own privacy policy, which may include your payment account details (e.g., PayPal account ID), billing address, and other information required to complete the transaction. We encourage you to review their privacy policy.
Support Metadata: We collect the identifier of the creator you are supporting and the content associated with the support (if applicable).
Optional Message: If you choose to leave a message for the creator, we collect that message content.
Supporter Identification: If you are logged in, your Sohri account identifier may be associated with the support transaction (though you may have options for anonymity depending on feature implementation).
Anonymity Option: Supporters may tick 'Donate anonymously'. When enabled, we store only an anonymized supporter token and hide personal identifiers from the Creator.
Creator Payout Information: For creators receiving support, we (or our payment processor) collect necessary information to facilitate payouts, such as their linked PayPal account ID or other required payout details. Sohri's own database does not store the full PayPal account information; it only maintains the linkage status, token, and masked final digits of the account.

How We Use Your Information

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: When you have given us clear consent to process your personal data.
Contract Performance: When processing is necessary to provide the services you've requested.
Legitimate Interests: For purposes such as improving our services, ensuring security, and enhancing user experience.
Legal Obligations: When we are legally required to process your data.

Core Service Functions

We use your information to:

Provide Our Services: Generate high-quality audio from your text inputs using our AI technology.
Maintain Your Account: Create and secure your account environment.
Personalize Your Experience: Remember your preferences and settings.
Process Transactions: Handle payments for services (if applicable) and support donations, manage payouts to creators, and provide related customer support.
Facilitate Support Feature: Enable listeners to support creators, process donations, deliver optional messages, and display support history (where applicable) to both supporters and creators.
Ensure Security: Protect your account and content from unauthorized access.

Service Enhancement and Development

We analyze usage patterns to:

Improve Features: Understand which features are most valuable to users.
Enhance Quality: Identify areas where we can improve service quality.
Optimize Performance: Ensure stable and efficient service operation.
Develop New Features: Create new capabilities, such as the Support feature, based on user needs and feedback.

Data Security

Protection Measures

We implement comprehensive security measures to protect your data:

Encryption: All data is encrypted both in transit and at rest using industry-standard protocols.
Access Controls: Strict authentication measures and access limitations for our staff.
Regular Security Audits: Continuous monitoring and testing of our security systems.
Secure Infrastructure: State-of-the-art hosting and network security configurations.

Data Retention and Deletion

Active Account Information

While your account is active, we retain:

Account Information: Basic profile data necessary for account functionality.
Saved Projects: Audio works and associated metadata that you choose to save.
Settings and Preferences: Your customized service settings.

Retention Periods

Generated Audio Content: Stored for as long as your account remains active, allowing you continuous access to your created works.
Account Activity Logs: Maintained for 12 months for security and support purposes.
Payment Information: Payment transaction metadata (excluding full card numbers) related to direct service purchases or support donations is retained as required by financial regulations and for accounting, typically for several years (e.g., 5-7 years, depending on jurisdiction). Data handled directly by payment processors is subject to their retention policies. We do not retain Creators' full payout credentials; those remain with PayPal. Sohri only keeps the minimal linkage token required for payouts.
Support Messages: Optional messages sent via the Support feature may be retained alongside the transaction data or according to general user content policies.

After Account Termination

If you initiate the deletion of your account:

30-Day Export Window: You have 30 days to export any saved works.
Data Deletion: Most personal information is deleted within 30 days of account termination.
Backup Removal: Complete removal from backup systems may take up to 90 days.
Aggregated Analytics: Non-identifiable, aggregated data may be retained for service improvement.

Your Rights and Choices

Accessing and Updating Your Information

Access Request: You have the right to request a copy of the personal information we hold about you.
Correction/Update: You can correct or update most of your basic profile information and preferences directly through the "Manage Account" or relevant settings sections within the platform.
Response Time: Contact us at [email protected] to request access or correction. We will respond to access or correction requests requiring manual intervention within 30 days.

Deleting Your Information

Right to Erasure: You can request the deletion of your personal information.
How to Initiate Deletion: You can initiate the deletion of your account directly through the "Manage Account" section within your user settings on the platform.
Processing Time: Once deletion is initiated or requested, we will process the request within 30 days. Note that certain data, such as support transaction records required for financial compliance, may be retained for longer periods as legally mandated, even after account deletion.

Opting Out of Communications

Marketing Emails: You can opt out of promotional communications by clicking the "Unsubscribe" link in any marketing email.
Service Notifications: Essential service notifications cannot be opted out of as they are necessary for account maintenance and security.

Restricting or Objecting to Processing

Rights: In certain circumstances, you may have the right to restrict or object to certain types of data processing.
How to Exercise: Contact us at [email protected] with your specific request.

Data Portability

Requesting Data Transfer: You have the right to request a copy of your data in a machine-readable format.
How to Request: Email us at [email protected], and we will provide your data in a commonly used format.

Note: We may need to verify your identity before processing any of these requests.

Children's Privacy

Age Restrictions

Our service is not intended for children under 13 years old. We do not knowingly collect information from children under this age limit.

Protection Measures

We are actively implementing age verification measures to prevent access by minors. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly.

Third-Party Services

Service Providers

We work with trusted partners to provide various features and capabilities:

Cloud Storage Providers: To securely store your data.
Payment Processors: To handle transactions securely for service purchases and the Support feature (PayPal Complete Payments (PPCP) - see PayPal Privacy Statement for details). Their use of your data is governed by their respective privacy policies.
Analytics Services: To help us understand how our service is used.
Authentication Providers: To enable secure social login functionality.

All our partners are bound by strict data protection agreements and are required to comply with applicable data protection laws.

International Data Transfers

Cross-Border Processing

By using our services, you acknowledge that your information may be transferred to and processed in countries other than your country of residence, including the United States and South Korea.

Safeguards

When we transfer personal data across borders, we ensure appropriate safeguards are in place through:

Standard Contractual Clauses: Legal mechanisms approved by regulatory authorities.
Privacy Shield Certification: Where applicable for transfers to certain countries.
Data Processing Agreements: Contractual protections with our service providers.

Data Breach Procedures

Notification Process

In the unlikely event of a data breach that affects your personal information:

Timely Notification: We will notify affected users via email as soon as possible and no later than 72 hours after becoming aware of the breach.
Information Provided: We will provide details about the incident, including what happened, the data involved, and steps we are taking to address it.
Guidance: We will offer guidance on how you can protect your information.

Changes to This Policy

Policy Updates

We may update this policy from time to time to reflect changes in our practices or for legal reasons:

Notification of Changes: If we make material changes, we will notify you at least 30 days before the changes take effect.
Communication Methods: Notifications will be sent via email and posted prominently within our service.
Previous Versions: Prior versions of this policy will be archived and available upon request.

Your Continued Use

By continuing to use our service after the updated policy takes effect, you agree to the revised terms. If you do not agree with the changes, you may terminate your account before the new policy becomes effective.

Cookie Usage

Essential Cookies

We use only essential cookies that are strictly necessary for authentication and security purposes:

Authentication Cookies: To keep you securely logged in.
Security Cookies: To protect against unauthorized access and fraud.

Cookie Controls

While these cookies are essential for the service to function, you can clear cookies through your browser settings at any time. Please note that blocking all cookies will prevent our service from functioning properly.

Voice Data Processing

Voice Generation Technology

Our text-to-speech technology converts your text inputs into natural-sounding voice outputs. This process:

Does not involve recording or storing your voice.
Does not create a voice profile or voiceprint of you as a user.
Does not use your personal voice characteristics in any way.

AI Model Training

We do not use customer text inputs to train or improve our AI models without explicit consent.
Our voice synthesis models are trained on professionally recorded voice data with proper consent from voice talent.

Contact Information

For privacy-specific matters or to exercise your data rights:

Email: [email protected]
Business Hours: Monday–Friday, UTC 00:00–09:00

For general inquiries and support:

Email: [email protected]
Mailing Address: 12F, Taeyang Building, 38-4, Teheran-ro 4-gil, Gangnam-gu, Seoul, Republic of Korea