This Privacy Policy explains how SoroCode (OPC) Private Limited, operating as SoroAI (“SoroAI”, “we”, “us” or “our”), collects, uses, discloses and safeguards information when you visit www.soroai.com (the “Site”) or engage our customer-intelligence and consulting services (the “Services”). We are committed to processing personal data in accordance with India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”) and, where applicable, other data-protection laws such as the GDPR.
1. Who we are
SoroAI is an AI-first customer-intelligence platform and consultancy. For the purposes of the DPDP Act, SoroCode (OPC) Private Limited acts as a Data Fiduciary in respect of personal data collected through the Site, and typically as a Data Processor in respect of client interaction data processed on our clients’ behalf under a services agreement.
2. Information we collect
2.1 Information you provide
- Contact & enquiry data — name, business email, company, role and message content when you request access, book a strategy session or email us.
- Engagement data — information exchanged during onboarding, consulting and support.
2.2 Information collected automatically
- Usage & device data — IP address, browser type, pages viewed, referring URLs and timestamps.
- Cookies — essential cookies required to operate the Site and, only with your consent, optional analytics cookies (see Section 7).
2.3 Client interaction data
When delivering the Services, we process customer interaction records supplied or authorised by our clients — such as chat transcripts, call recordings, emails, support tickets and public reviews. This data is processed strictly on our clients’ instructions and governed by the relevant services agreement and Data Processing Addendum.
3. How we use information
- To respond to enquiries and provide, operate and improve the Services;
- To surface sentiment, risk and analytics insights for our clients;
- To fine-tune and evaluate models for a client’s authorised context (never to sell your data);
- To secure the Site, prevent fraud and meet legal obligations;
- With your consent, to send relevant updates you may opt out of at any time.
4. Legal bases for processing
We process personal data where you have given consent, where processing is necessary for a contract with you, to comply with a legal obligation, or for our legitimate interests (such as securing and improving the Site) where these are not overridden by your rights.
5. How we share information
We do not sell personal data. We share it only with: (a) trusted sub-processors and cloud/AI infrastructure providers acting under contract; (b) professional advisers; (c) authorities where required by law; and (d) a successor entity in the event of a merger or acquisition. Sub-processors are bound by confidentiality and data-protection obligations consistent with this Policy.
6. Model providers & AI processing
Depending on client configuration, interaction data may be processed by SoroAI in-house models, a client-approved third-party API (for example Google Gemini or OpenAI), or a fully local/on-premise model. Where a local deployment is chosen, data need not leave the client’s environment. Model-provider terms apply to any data routed to them, and configuration is documented per engagement.
7. Cookies & consent
The Site uses essential cookies necessary for basic functionality, and optional analytics cookies that are set only after you select “Accept all” in our cookie banner. You may decline optional cookies, and you can withdraw or change your choice at any time by clearing site data in your browser. Your preference is stored locally in your browser.
8. Data retention
We retain personal data only for as long as necessary for the purposes described here, to satisfy legal, accounting or reporting requirements, or as set out in a client agreement. Client interaction data is retained per the applicable services agreement and deleted or returned on its termination.
9. Data security
We maintain reasonable technical and organisational safeguards — including encryption in transit, access controls and a cloud-native, security-first architecture — to protect personal data against unauthorised access, alteration or disclosure. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.
10. International transfers
Where personal data is transferred outside India, we take steps to ensure an adequate level of protection through appropriate contractual and technical safeguards consistent with applicable law.
11. Your rights
Subject to applicable law, you may have the right to access, correct, update or erase your personal data; to withdraw consent; to seek grievance redressal; and to nominate another individual to exercise your rights in the event of death or incapacity (as provided under the DPDP Act). To exercise any right, contact us using the details below.
12. Children’s data
The Site and Services are intended for business users and are not directed at children. We do not knowingly collect personal data from children without verifiable parental or guardian consent as required by law.
13. Changes to this Policy
We may update this Policy from time to time. Material changes will be indicated by updating the “Last updated” date above and, where appropriate, by a notice on the Site.
14. Contact & grievance officer
For any privacy question, request or complaint, contact:
We will acknowledge and address verifiable requests within the timelines required by applicable law.