Home

GDPR Privacy Policy

Last updated

Effective date: January 02, 2025

This GDPR Privacy Policy explains how Sorn.ai (“Sorn.ai”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data of individuals located in the European Economic Area (EEA), United Kingdom, and Switzerland, in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679 — “GDPR”).

This policy applies to all personal data processed through our website www.sorn.ai, products, services, and related communications (collectively, the “Services”).

1. Data Controller

For the purposes of the GDPR, Sorn.ai is the Data Controller responsible for your personal data.

Contact email: privacy@sorn.ai (You may replace this with a Data Protection Officer email if appointed.)

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Information You Provide Directly

  • Name
  • Email address
  • Company name
  • Job title
  • Contact details
  • Messages or inquiries submitted via forms
  • Account or onboarding information (if applicable)

2.2 Information Collected Automatically

  • IP address
  • Device and browser information
  • Usage data (pages visited, time spent, interactions)
  • Referring URLs
  • Cookies and similar tracking technologies

2.3 Business & Client Data

If you are a business client, we may process limited professional data necessary to provide our services (e.g., website URLs, public business information, analytics inputs).

3. Legal Bases for Processing (Article 6 GDPR)

We process personal data only when we have a lawful basis, including:

  1. Consent — where you have explicitly agreed (e.g., marketing emails, cookies)
  2. Contractual Necessity — to provide or manage our Services
  3. Legal Obligation — to comply with applicable laws
  4. Legitimate Interests — such as improving our Services, ensuring security, preventing fraud, and responding to inquiries (balanced against your rights)

4. How We Use Personal Data

We use personal data to:

  • Provide, operate, and improve our Services
  • Respond to inquiries and support requests
  • Deliver reports, audits, or insights requested by you
  • Communicate service updates and administrative notices
  • Conduct analytics and performance monitoring
  • Ensure security and prevent abuse
  • Comply with legal and regulatory obligations

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Cookies and Tracking Technologies

Sorn.ai uses cookies and similar technologies to:

  • Enable core website functionality
  • Analyze website traffic and usage
  • Improve user experience

Where required by law, we obtain prior consent before placing non-essential cookies. You may manage cookie preferences through your browser or cookie banner.

6. Data Sharing and Transfers

6.1 Third-Party Processors

We may share personal data with trusted service providers acting as Data Processors, such as:

  • Hosting and infrastructure providers
  • Analytics tools
  • Email and communication services
  • Payment processors (if applicable)

All processors are contractually bound to comply with GDPR requirements.

6.2 International Data Transfers

If personal data is transferred outside the EEA, we ensure appropriate safeguards, including:

  • EU Standard Contractual Clauses (SCCs)
  • Transfers to countries with adequacy decisions
  • Equivalent legal protections

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, including legal, accounting, or reporting obligations.

Retention periods depend on:

  • The nature of the data
  • Legal requirements
  • Contractual obligations

When data is no longer required, it is securely deleted or anonymized.

8. Data Subject Rights

Under the GDPR, you have the following rights:

  • Right of Access — obtain a copy of your personal data
  • Right to Rectification — correct inaccurate or incomplete data
  • Right to Erasure (“Right to be Forgotten”)
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object to processing based on legitimate interests
  • Right to Withdraw Consent at any time
  • Right to Lodge a Complaint with a supervisory authority

You may exercise your rights by contacting privacy@sorn.ai. We will respond within one month, as required by law.

9. Data Security

We implement appropriate technical and organizational security measures to protect personal data against:

  • Unauthorized access
  • Loss or destruction
  • Alteration or disclosure

However, no system can be guaranteed to be 100% secure.

10. Children’s Data

Our Services are not intended for individuals under the age of 16, and we do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this GDPR Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Continued use of the Services constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this GDPR Privacy Policy or our data practices, please contact:

Email: privacy@sorn.ai Website: https://www.sorn.ai