Privacy Policy

Soperai ("the Platform", "the Service") is an all-in-one AI tools platform that provides access to 300+ artificial intelligence models for text generation, image creation, video production, voice synthesis, SEO tools, social media tools, e-commerce automation, and other AI-powered applications.

We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains:

• What personal information we collect and why
• How we collect, store, use, and share your data
• How long we retain your data
• What rights you have over your personal data
• How to contact us with privacy-related requests

Throughout this document, "personal data" or "personal information" means any information that identifies or can reasonably be used to identify you as an individual. "Processing" means any operation performed on your data, including collection, storage, use, and deletion.

We collect the minimum data necessary to provide, secure, and improve the Soperai platform. Below is a complete breakdown of every category of data we may collect.

2.1 Account & Registration Data

When you create a Soperai account, we collect:

• Name — first and last name as provided
• Email address — used for account authentication, billing, and communications
• Password — stored as an irreversible cryptographic hash; we never store plain-text passwords
• Profile picture — optional, only if you upload one
• Account creation date and time
• Social login identifiers — if you register via Google or other OAuth providers, we receive a unique identifier and your public profile email only

2.2 Billing & Payment Data

When you purchase a paid plan or add-on credits:

• Billing name and address
• Payment method type (e.g., Visa, Mastercard, PayPal)
• Last four digits of card — for display and reference only
• Transaction IDs and payment timestamps
• Subscription tier and billing history

2.3 Usage & Generation Data

To provide the service and calculate billing accurately, we log:

• Prompts and inputs you submit to AI tools
• Generated outputs (text, images, audio, video) — stored temporarily or permanently depending on your save/download actions
• AI model selected for each generation request
• Timestamps of each generation request
• Credit consumption per request — used for billing and usage tracking
• Tool category used (e.g., text, image, video, SEO)
• Language selected for generation

2.4 Technical & Device Data

• IP address — used for security, fraud detection, and approximate geolocation
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution
• Referring URL — the page you visited before arriving at Soperai
• Session duration and page interactions
• Error logs — technical errors generated during your use of the platform

2.5 Communications Data

• Support ticket content and attachments you send us
• Responses to surveys or feedback forms
• Email correspondence with our team
• Chat messages sent through our support chat widget

We collect your data through several methods:

3.1 Directly from You

• When you register for an account
• When you subscribe to a paid plan or purchase credits
• When you submit prompts and use AI tools
• When you contact our support team
• When you complete surveys or feedback requests
• When you upload files or images to AI tools

3.2 Automatically (Technical Data)

• Browser cookies and local storage (see Section 8)
• Server access logs generated when you visit any Soperai page
• Analytics scripts that track page views and interaction events
• API call logs generated when you use any Soperai tool

3.3 From Third Parties

• OAuth providers (Google, etc.) — when you choose to sign in with a social account
• Payment processors — billing confirmation and fraud signals
• Analytics partners — aggregated behavioural data
• Security services — IP reputation and bot detection signals

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar legal frameworks, we process your personal data under the following legal bases:

• Contract Performance (Art. 6(1)(b) GDPR): Processing is necessary to fulfil your subscription, process payments, deliver AI-generated outputs, and manage your account.
• Legitimate Interests (Art. 6(1)(f) GDPR): We process certain data for platform security, fraud prevention, abuse detection, analytics, and service improvement — where our interests do not override your fundamental rights.
• Consent (Art. 6(1)(a) GDPR): We rely on your consent for marketing communications and non-essential cookies. You may withdraw consent at any time.
• Legal Obligation (Art. 6(1)(c) GDPR): We may process data to comply with applicable law, tax obligations, court orders, or law enforcement requests.

We do not sell your personal data. We share your data only in the limited circumstances described below, and only with parties who are contractually bound to protect it.

6.1 AI Model Providers (Sub-processors)

When you use an AI tool, your prompt and relevant input data is transmitted to the selected AI model provider (e.g., OpenAI, Anthropic, Google, Mistral, etc.) to generate a response. Each provider processes your input under their own privacy and data handling policies, which we have reviewed for compliance before integration. By using Soperai, you acknowledge this necessary data transfer.

6.2 Payment Processors

Billing data is shared with our PCI-DSS compliant payment processors (such as Stripe or PayPal) to complete transactions. These processors do not receive your AI usage data or generated content.

6.3 Analytics & Performance Services

We use analytics tools (such as Google Analytics) that may collect anonymised or pseudonymised behavioural data to help us understand platform usage. These services do not receive individually identifiable information beyond what is technically necessary (e.g., IP addresses, which are partially anonymised).

6.4 Legal & Regulatory Disclosure

We may disclose your personal data to government authorities, law enforcement agencies, or regulators when required by applicable law, a valid court order, or to protect the safety and rights of Soperai, our users, or the public.

6.5 Business Transfers

In the event of a merger, acquisition, sale of assets, or insolvency proceeding, your personal data may be transferred to the successor entity as part of that transaction. We will notify you via email and/or prominent platform notice before such a transfer occurs and before your data becomes subject to a different privacy policy.

6.6 With Your Explicit Consent

We may share your data with third parties for purposes not listed above only with your prior explicit consent, which you may revoke at any time.

Given the nature of our platform, this section provides specific and important information about how your AI-related data is handled.

7.1 Prompt Logging

Every prompt you submit to any Soperai AI tool is logged against your account. This logging is essential for:

• Accurate billing and credit calculation
• Usage tracking against your plan quota
• Dispute resolution and refund processing
• Abuse prevention and policy enforcement
• Technical error diagnosis

7.2 Generated Outputs

Content generated through Soperai tools (text, images, videos, audio) is associated with your account. Generated outputs:

• Are private to your account and not visible to other users
• May be stored temporarily on our servers to facilitate download
• Are not used to train Soperai's internal systems without consent
• Are not shared with other Soperai users
• Remain available in your account history for the retention period applicable to your plan

7.3 Model Training

Soperai does not currently use your personal prompts or generated outputs to train Soperai's own AI models. When prompts are transmitted to third-party AI providers (e.g., OpenAI, Anthropic), those providers' own data-use policies apply. Many enterprise-tier API integrations explicitly exclude user data from model training by default — we select provider tiers with the strongest data protection where available.

7.4 Content Moderation

Soperai applies automated and human content moderation to detect and prevent policy-violating content. Flagged prompts or outputs may be reviewed by our trust and safety team. This review is conducted for platform safety purposes and does not constitute general surveillance of user activity.

Soperai uses cookies and similar tracking technologies to operate the platform, remember your preferences, analyse usage, and deliver a personalised experience. Below is a complete breakdown of the types of cookies we use.

Managing Cookies

You can control and delete cookies through your browser settings at any time. Disabling essential cookies will prevent the platform from functioning correctly. You can also manage your cookie preferences through the Cookie Settings panel available in the footer of our website.

For detailed information about the specific third-party cookies we use and their retention periods, please visit our full Cookie Policy or contact us directly.

We retain your data for as long as necessary to fulfil the purposes described in this policy, or as required by applicable law. The table below outlines our standard retention periods by data category.

Protecting your data is a core responsibility we take seriously. Soperai implements multiple layers of technical and organisational security measures:

Technical Measures

• TLS/HTTPS encryption for all data in transit between your browser and our servers
• AES-256 encryption for sensitive data stored at rest
• Bcrypt password hashing — passwords are never stored or transmitted in plain text
• Two-factor authentication (2FA) available for all accounts
• Automatic session expiry after periods of inactivity
• Rate limiting and DDoS protection on all API endpoints
• Intrusion detection systems and real-time security monitoring
• Regular penetration testing by independent security professionals
• Automated vulnerability scanning of all production systems

Organisational Measures

• Strict access controls — staff access to personal data is limited to those with a legitimate business need
• All staff handling personal data receive data protection training
• Third-party sub-processors are vetted for security compliance before integration
• Data breach response procedures are in place with defined notification timelines

While we implement industry-leading security measures, no system is completely immune to attack. We encourage you to use a strong, unique password and enable two-factor authentication on your Soperai account.

Depending on your location, you have the following rights regarding your personal data. We honour these rights for all users globally, not only those in regulated jurisdictions.

How to Exercise Your Rights

To exercise any of the above rights, please contact us via the Contact Us page or email our Privacy Team directly. Please include your registered email address and a clear description of your request.

We will respond to all valid requests within 30 days of receipt. In complex cases, we may extend this by a further 60 days with written notification. We may need to verify your identity before fulfilling a request.

Soperai is not intended for use by individuals under the age of 16 years old (or the applicable age of digital consent in your jurisdiction, where higher). We do not knowingly collect personal data from children under this age.

If you are a parent or guardian and believe that your child has provided personal data to Soperai without your consent, please contact us immediately at our Contact Us page. We will promptly investigate and delete any such data.

Soperai operates globally and your data may be processed in countries other than your country of residence, including countries that may not offer the same level of data protection as your home jurisdiction.

When transferring personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to third countries, we ensure adequate protection through one or more of the following mechanisms:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions issued by the European Commission for the relevant recipient country
• Binding Corporate Rules (BCRs) where applicable within corporate groups
• UK International Data Transfer Agreements (IDTAs) for transfers from the United Kingdom

You may request a copy of the safeguards we have in place for international transfers by contacting our Privacy Team via the Contact Us page.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this page
• Send a notification to your registered email address for material changes
• Display a prominent notice on the platform when you next log in, for significant changes
• Maintain an archive of previous versions available on request

Your continued use of Soperai after we post a revised Privacy Policy indicates your acceptance of the updated terms. If you do not agree with material changes, you should stop using the platform and may request account deletion.

If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us through any of the following channels:

When submitting a data rights request, please include your registered email address, the specific right you wish to exercise, and any relevant details. We may need to verify your identity before processing the request.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For EEA users this is your national Data Protection Authority (DPA); for UK users, the Information Commissioner's Office (ICO) at ico.org.uk; for California users, the California Privacy Protection Agency (CPPA).