S
Soma AIAEO PLATFORM
Free Audit

Privacy Policy

This policy explains how Soma AI collects, uses, and protects your information.

Last Updated: April 12, 2026Effective: April 12, 2026

1. Introduction

Soma AI ("Company," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website at withsoma.ai and the Soma AI platform (collectively, the "Service").

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with these practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, job title, and password when you create an account
  • Billing Information: Payment card details, billing address, and transaction history (processed securely through Stripe; we do not store full card numbers)
  • Brand Information: Brand names, website URLs, competitor names, and industry categories you enter for monitoring
  • Communication Data: Messages, feedback, and support requests you send to us
  • Team Management Data: Email addresses and roles of team members you invite to your account

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, monitoring runs initiated, reports viewed, and interaction patterns within the Service
  • Device Information: Browser type, operating system, device type, screen resolution, and language preferences
  • Log Data: IP address, access times, referring URLs, and server response codes
  • Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to maintain sessions, remember preferences, and analyze usage (see Section 7)

2.3 Information from Third Parties

  • Authentication Providers: If you sign in via Google or other OAuth providers, we receive your name, email, and profile picture as authorized by you
  • AI Platform Responses: We collect and store responses from AI platforms (ChatGPT, Claude, Gemini, Perplexity, Grok, Llama) when monitoring your brand visibility. These are publicly generated responses and do not contain your private data
  • Publicly Available Data: We may collect publicly available information about your brand from websites, reviews, and media to provide optimization recommendations

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Soma AI platform, including monitoring AI search visibility, generating reports, and delivering recommendations
  • Account Management: To create and manage your account, process billing, and manage team access
  • Communication: To send service updates, billing confirmations, security alerts, and support responses
  • Analytics and Improvement: To understand usage patterns, identify issues, and improve the Service
  • Security: To detect, prevent, and address fraud, abuse, and security incidents
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Marketing: To send promotional communications about new features or services, with your consent where required by law. You can opt out at any time

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With trusted third parties who assist us in operating the Service, including:
    • Supabase (database and authentication infrastructure)
    • Stripe (payment processing)
    • Resend (transactional email delivery)
    • Vercel (hosting and content delivery)
    • AI platform providers (for brand visibility queries only)
  • Within Your Organization: With other team members in your account, according to the role-based permissions you configure
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity
  • Legal Requirements: When required by law, subpoena, court order, or government regulation
  • Protection of Rights: To protect the rights, property, or safety of Soma AI, our users, or the public
  • With Your Consent: In any other circumstance where you have given explicit consent

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account Data: Retained for the duration of your account plus 30 days after termination
  • Monitoring Data: AI visibility reports and monitoring history are retained for the duration of your subscription
  • Billing Records: Retained for 7 years as required by tax and financial reporting regulations
  • Communication Records: Support correspondence retained for 3 years
  • Usage Logs: Retained for 12 months for analytics and security purposes

You may request deletion of your data at any time by contacting us. We will process deletion requests within 30 days, subject to legal retention requirements.

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/SSL) and at rest
  • Row Level Security (RLS) policies ensuring strict data isolation between accounts
  • Secure authentication with PKCE flow and auto-refresh tokens
  • Role-based access controls within multi-tenant architecture
  • Regular security assessments and monitoring
  • PCI DSS compliance through Stripe for payment processing

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for authentication, session management, and core functionality. These cannot be disabled
  • Preference Cookies: Store your settings such as brand selection, workspace preferences, and display options
  • Analytics Cookies: Help us understand how you use the Service so we can improve it

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request that we limit processing of your information in certain circumstances
  • Objection: Object to processing of your personal information for direct marketing purposes
  • Withdrawal of Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at hello@withsoma.ai. We will respond within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it
  • Right to Delete: You may request deletion of your personal information, with certain exceptions
  • Right to Opt Out: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" mechanism
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, email us at hello@withsoma.ai with the subject line "CCPA Request."

10. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your jurisdiction.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission as the legal mechanism for cross-border data transfers. By using the Service, you consent to the transfer of your information as described in this section.

11. European Privacy Rights (GDPR)

If you are located in the EEA or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

  • All rights listed in Section 8 above
  • Legal Basis: We process your personal data based on: (a) your consent, (b) performance of our contract with you, (c) our legitimate interests (improving the Service, preventing fraud), and (d) compliance with legal obligations
  • Data Protection Authority: You have the right to lodge a complaint with your local data protection authority

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at hello@withsoma.ai, and we will take steps to delete such information.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service at least 30 days before they take effect. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

For GDPR-related inquiries, you may also contact our data protection team at hello@withsoma.ai with the subject line "Data Protection Inquiry."