1. Our Privacy Principles

We believe your Personally Identifiable Information (PII) is yours to share. Therefore, we put you in the driver’s seat whenever possible. We aim to give you meaningful choices about how your data is collected, used, and shared. For example, you can use SOPsApp™ without participating in social features that display your professional profile to others. However, we do collect and process certain personal data to deliver our services. This Notice of Privacy Practices explains what data we collect, how we use it, and your rights under applicable U.S. state privacy laws.

2. Personally Identifiable Information

PII is Information that can identify you directly or indirectly. It includes:

a)      Name, email, phone, account ID, geolocation, employment/education data, photos/avatars, device and app identifiers (e.g., unique ID assigned to your phone, tablet, or computer)

3. Sensitive Personal Information (SPI)

SPI is a subset of personal information. We do not actively request SPI, but we may process and store it if you submit it. It may include, if voluntarily submitted:

a)      Government issued IDs (e.g., SSNs, driver’s licenses), financial or payment data, health related or biometric information, race/ethnicity, religious or sexual orientation, exact geolocation

4. Data We Collect

We collect the following types of data:

a)      Explicit User Data: Voluntarily submitted data, such as 

                           i.          Name, email, phone number

                          ii.          Professional or educational details

                         iii.          Uploaded content (e.g., SOPs, profile photos)

b)      Implicit User Data: Passively/automatically collected behavioral data, such as

                            i.          Clicks, scroll behavior, timestamps

                          ii.          Usage patterns and interaction logs

c)      System Data: Technical information captured during your use of the app, such as

1. IP address, browser type, operating system

2. Device type and identifiers

5. How We Collect Information

a)      Directly: When you input data or select options while registering, creating a profile, submitting or creating SOPs, or otherwise interacting with features that overtly require your input

b)      Indirectly: Through your interactions with app screens and features (e.g., usage patterns, timestamps)

c)      Automatically: Via system activity during your sessions

6. Data Storage Locations

a)      With Client: Stored on user’s device. Certain data cached locally.

b)      In Transit: Encrypted in transit via HTTPS/TLS.

c)      On Server: Currently hosted by Supabase, backed by AWS/Google Cloud Service (U.S. based).

7. Security Measures

a)      Encryption at rest and in transit (AES-256, TLS 1.2+)

b)      Role-Based Access Control (RBAC)

c)      VPN/firewall protections, secure API access

d)      Logging, audit trails, 2FA for administrator access

e)      Internal logging, audits, and employee security training

8. Internal Access

Access to personal data is strictly limited to authorized personnel with operational roles (e.g., CEO, CTO, support). Access is granted only on a need-to-know basis.

9. Current Core Technology and Infrastructure Providers

The following third-party services form the technical foundation of SOPsApp™. Without them, the app would not function. These partners are not ancillary tools. They are essential to how the app operates. All are bound by robust contractual commitments to confidentiality and data protection.

a)      Supabase (cloud-hosted database and file storage)

b)      AWS / Google Cloud (Core infrastructure and hosting)

c)      OpenAI (AI content generation and language processing)

d)      Firebase / Flutterflow (Front-end app development and delivery tools)

10. How We Use Your Data

We use your data to:

a)      Operate and maintain the app, including account authentication, profile setup, and feature access

b)     Improve performance and stability, including bug detection, load balancing, and crash diagnostics

c)      Train, calibrate, and refine AI features, including chat responses, content generation, and personalization

d)     Customize your experience, such as tailoring feeds, notifications, and recommendations based on your preferences and behavior

e)     Facilitate social interactions, including messaging, commenting, liking, sharing, and user tagging

f)       Enable content creation tools, such as AI-generated text, images, or insights based on user inputs

g)      Monitor and enforce community standards, by detecting and responding to spam, abuse, or prohibited conduct

h)     Perform usage analytics, including metrics on feature engagement, session activity, and app navigation patterns

i)       Conduct research and product development, using anonymized or aggregated data to understand trends and test new features

j)       Support user support services, including help tickets, chat assistance, and troubleshooting

k)      Provide location-based features, such as localized content, time zone preferences, or region-specific legal notices

l)       Enhance accessibility, for example, by remembering interface preferences and device settings

m)    Detect and prevent fraud, abuse, or security threats, including unauthorized access and content manipulation

n)     Comply with legal obligations, including recordkeeping, lawful disclosures, and consumer rights compliance (e.g., CCPA)

o)     Deliver updates, service notifications, or account alerts, including policy changes and system messages

p)     Send promotional messages, only with your consent, about new features, content, or events (opt-out available)

q)     Support business operations, including audits, mergers, and internal reporting

r)      Honor your data rights and preferences, including data access, deletion, and consent withdrawal requests

11. User Rights

a)      Right to Know:
Request a summary of the categories and specific pieces of personal information we collect, use, disclose, or share

b)      Right to Access:
Request access to the personal data we maintain about you in a portable format

c)      Right to Delete:
Request deletion of your personal information, subject to certain legal exceptions

d)      Right to Correct:
Request correction of inaccurate personal information we maintain about you

e)      Right to Opt Out of “Sale” or “Sharing”:
If we were to begin selling or sharing data, opt out of the sale or sharing of your personal information for purposes like cross-context behavioral advertising or targeted ads

f)       Right to Limit Use of Sensitive Personal Information:
We do not require or intentionally collect SPI to operate SOPsApp™. However, California residents who voluntarily provide SPI through their profiles, SOPs, or AI inputs, have the right to limit its use and disclosure under California law and may contact support@sopsapp.com to restrict or delete it. Regardless of your location, you can choose not to provide SPI, and doing so will not affect your ability to use our services.

g)      Right to Appeal
If we deny your request, you may have the right to appeal that decision

h)      Right to Non-Discrimination
You will not be denied services, charged different prices, or penalized for exercising your privacy rights

To exercise your rights, email us at support@sopsapp.com.

12. Retention and Deletion

a)      Deleted data is permanently inaccessible but may remain in backups for up to 90 days.

b)      Supabase stores backups from 7–30 days depending on service tier.

c)      Aggregated and deidentified data may be retained indefinitely for analytics, product development, or SOP enhancement.

13. Account Termination

a)      Account deletion removes personal data.

b)      Public contributions (e.g., published SOPs) remain.

c)      Data recovery post-deletion is not guaranteed.

14. Tracking Technologies

We do not use cookies. However, we may use in-app analytics and session tracking to improve performance, fix issues, and understand usage trends. We do not sell or share data for advertising purposes.

15. AI Features and Data Processing

a)      Prompts and AI interactions are processed via third-party APIs, such as OpenAI. Inputs and outputs are transmitted securely and are not retained by OpenAI to train or improve its models, per our contractual agreement. Limited, short-term logging (up to 30 days) may occur for abuse detection and operational integrity.

b)      Leader Legion, Inc. owns the AI-generated outputs produced through SOPsApp™, subject to applicable intellectual property laws. You are responsible for the content you submit and for reviewing AI outputs before relying on them.

c)      AI functionality is governed by third-party API terms, including OpenAI’s usage policies. By using AI features within the app, you agree to those applicable terms, including restrictions on prohibited content and responsible use.

d)      No warranties are made regarding the accuracy, legality, or suitability of AI-generated content. AI responses may be incomplete, outdated, or factually incorrect. They are not a substitute for professional, legal, medical, or other expert advice.

16. International Use

SOPsApp™ is currently intended for U.S. users only. All data is stored in U.S.-based infrastructure.

17. Changes to This Policy

We may update this Privacy Notice, which is accessible on our website. Continued use of the Software indicates acceptance of the revised policy.

18. Contact

Email: support@sopsapp.com