Privacy Policy

This Privacy Policy explains how Sophialogy ("Sophialogy," "we," "us," or "our") collects, uses, discloses, and protects information about you when you use our websites, applications, games, learning experiences, leaderboards, and related services (collectively, the "Services").

We built Sophialogy to support better conversations, stronger relationships, and clear thinking—and we designed it to be privacy‑first and free to use. This policy is written to be both human‑readable and legally precise.

2) What We Collect

The information we collect depends on how you use the Services.

2.1 Without an Account

• Device & Security Logs. IP address, device/browser type, timestamps, and basic event logs for security, abuse prevention, and service reliability.
• Cookies/Local Storage (Strictly Necessary). Items needed to operate core site functions (e.g., load balancing, session continuity, preference tokens). We do not use advertising cookies. If we later offer optional analytics, we will request consent where required.

2.2 If You Create an Account (Optional)

• Profile. Display name (which may be public if you opt into recognition features), email, password (hashed), and preferences.
• Learning Data. Progress, attempts, scores, badges, saved scenarios, and settings.
• Community & Leaderboards (Optional). If you join public features, your display name and achievements may be visible to others. You can opt out or change your display name at any time.

2.3 Donations (Optional)

• Donor Info. Name, email, and billing details. Payments are processed by third‑party processors (e.g., Stripe, PayPal). We do not store full payment card numbers.
• Receipts & Records. Donation amount, date, and transaction IDs for financial records, fraud prevention, and legal obligations.

2.4 Communications

• Support & Feedback. Messages you send us (e.g., support, surveys, feature requests) and associated metadata.
• Email Preferences. Your subscription status and content preferences for updates or announcements.

2.5 Automatically Collected (Service Operation)

• Telemetry. Basic performance diagnostics (e.g., error codes, load times) and high‑level usage patterns to keep services reliable and improve UX.

2.6 Sensitive Data

We do not intentionally collect sensitive personal information (e.g., health data, precise geolocation, government IDs). Please do not submit such information to the Services.

3) Why We Use Your Information (Purposes)

• Provide & Operate the Services. Authenticate accounts, remember preferences, maintain progress, power leaderboards (if enabled), and deliver content.
• Improve & Personalize. Diagnose problems, enhance usability, measure learning outcomes, and personalize training paths (where enabled).
• Safety & Integrity. Prevent abuse, detect fraud, secure accounts, and investigate violations of our Terms of Service.
• Communicate with You. Service announcements, updates, security notices, and responses to your inquiries.
• Legal & Compliance. Comply with laws, tax/financial recordkeeping for donations, and enforce agreements.

4) Legal Bases for Processing (EEA/UK only)

Where the GDPR/UK GDPR applies, we process personal data on the following bases:

• Contract (Art. 6(1)(b)): To provide requested Services and features.
• Legitimate Interests (Art. 6(1)(f)): To keep Services secure and reliable, prevent abuse, and improve features, balanced against your rights and expectations.
• Consent (Art. 6(1)(a)): For optional features (e.g., marketing emails, any future non‑essential cookies/analytics) and public recognition features you enable.
• Legal Obligation (Art. 6(1)(c)): Records for donations, responding to lawful requests, and compliance with applicable law.

5) How We Share Information

We do not sell your personal information. We share information only as described below:

• Service Providers (Processors). Vendors that help us operate the Services (e.g., hosting, security, email delivery, payment processing, customer support). They may access information only to perform services for us and must protect it under contract.
• Public Features You Enable. If you join leaderboards/community recognition, your display name and achievements may be visible to others.
• Legal, Safety, and Security. We may disclose information to comply with law, respond to lawful requests, or protect the rights, safety, and security of users, the public, or Sophialogy.
• Business Changes. If we are involved in a merger, acquisition, or asset transfer, information may be transferred as part of that transaction, subject to this Policy.

We do not share personal information with third parties for their own marketing.

6) International Data Transfers

Sophialogy is based in the United States, and information may be processed in the U.S. and other countries. Where required, we use Standard Contractual Clauses (SCCs) and equivalent safeguards (e.g., UK IDTA/Addendum) for cross‑border transfers. We evaluate local laws and take supplementary measures, where appropriate.

7) Retention

We keep information only as long as necessary for the purposes described above, including to comply with legal obligations and resolve disputes. Typical retention periods:

If we anonymize or aggregate data, we may retain it without time limit.

8) Your Rights & Choices

8.1 Controls

• Access/Portability. Request a copy of your information.
• Correction. Fix inaccurate or incomplete data.
• Deletion. Request deletion of your account and associated personal information, subject to legal retention obligations (e.g., donation records).
• Restriction/Objection. Where applicable, you may restrict or object to certain processing.
• Consent Withdrawal. You can withdraw consent at any time (e.g., marketing emails) without affecting prior lawful processing.
• Leaderboard/Recognition. Opt out at any time or choose a pseudonymous display name.

To exercise these rights, email privacy@sophialogy.com or use available in‑product controls. We may request information to verify your identity. Authorized agents (where allowed by law) may make requests on your behalf with proper authorization.

8.2 California (CPRA) & Other U.S. State Rights

Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with privacy laws may have additional rights, including: confirm processing; access/know; correct; delete; portability; opt out of sale/sharing/targeted advertising; and limit use/disclosure of sensitive personal information. We do not sell personal information or share it for cross‑context behavioral advertising. You may also appeal a request decision by emailing privacy@sophialogy.com with subject line "Appeal." We will honor Global Privacy Control (GPC) signals for opt‑out requests where required.

8.3 EEA/UK Individuals

You have the rights described in Articles 15–21 GDPR (access, rectification, erasure, restriction, portability, objection). You also have the right to lodge a complaint with your local supervisory authority. If you reside in the EEA/UK and believe we have not resolved your concern, you may contact your authority; a list of EEA authorities is available from the European Data Protection Board, and the UK authority is the ICO.

9) Children's Privacy

The Services are intended for individuals 13 years and older. We do not knowingly collect personal information from children under 13 (or under the age required by local law). If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

10) Cookies & Similar Technologies

We use only what's necessary to operate the Services (e.g., session continuity, security, preferences). We do not use advertising cookies. If we introduce optional analytics or additional cookies in the future, we will update this Policy and, where required, request your consent and provide a cookie preferences panel.

11) Security

We use administrative, technical, and physical safeguards appropriate to the nature of the information we process, including:

• Encryption in transit and at rest, where appropriate.
• Role‑based access with least‑privilege and MFA for administrative access.
• Logging, monitoring, and vulnerability management practices.
• Vendor due diligence and contractual security commitments with processors.

However, no system is 100% secure. You are responsible for maintaining the security of your account credentials.

12) Third‑Party Links & Content

The Services may link to third‑party websites or resources. Their privacy practices are governed by their own policies, not this one.

13) Changes to This Policy

We may update this Policy from time to time. The "Effective Date" above indicates the latest revision. If we make material changes, we will provide prominent notice (e.g., on‑site banner or email, where appropriate). Your continued use of the Services after changes become effective constitutes acceptance.

14) Contact Us

• Privacy Requests: privacy@sophialogy.com
• Support: support@sophialogy.com
• Legal/DMCA: legal@sophialogy.com
• Mailing Address: Add your current mailing address for privacy requests and legal notices (update if it changes).

15) Data Processing & Subprocessors

We are the controller of personal data for the purposes described in this Policy. We use vetted processors to provide infrastructure and services (e.g., cloud hosting, email delivery, payment processing, customer support). We will maintain an up‑to‑date list of subprocessors at /subprocessors. We will provide notice and an opportunity to object to material changes, where required by law.

Organizations that use Sophialogy in an educational or workplace setting may request our Data Processing Addendum (DPA) by emailing legal@sophialogy.com.

16) International Addenda (Where Applicable)

• EEA/UK Addendum. Includes details on our SCCs and UK IDTA commitments, data subject rights, and transfer impact assessments (available upon request subject to confidentiality).
• California Addendum. We act as a service provider/"contractor" (as defined by CPRA) when processing personal information on behalf of organizational customers, and we prohibit retention, use, or disclosure for any purpose other than providing the Services.