Privacy Policy
1. Introduction
SOSUITE LLC (“Sorcrr,” “we,” “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use sorcrr.com, app.sorcrr.com, market.sorcrr.com, our mobile applications, and related services (collectively, the “Platform”).
By using the Platform, you consent to the practices described in this policy. If you do not agree, please do not use our services.
2. Information We Collect
Information You Provide
- Account data: Name, email address, phone number, password, profile photo
- Profile information: Work experience, skills, education, bio, video introductions
- Company data: Company name, address, industry, logo, team members (for employer accounts)
- Service listings: Offering details, pricing, availability, bounty settings (for Market providers)
- Job postings: Job descriptions, salary ranges, requirements, bounty amounts (for employers)
- Communications: Messages, chat content, support tickets, feedback
- Video content: Profile videos, application videos, interview recordings you choose to upload
- Payment information: Processed by Stripe—we do not store credit card numbers (see Section 7)
Information Collected Automatically
- Usage data: Pages visited, features used, clicks, time spent, search queries
- Device information: IP address, browser type, operating system, device identifiers
- Location data: Approximate location based on IP address (we do not track precise GPS location)
- Referral data: Share chain interactions, referral link clicks, conversion events
Information from Third Parties
- OAuth providers: Name, email, and profile photo from Google, LinkedIn, or Apple when you sign in
- Stripe: Payout status and account verification status (not payment card details)
- Calendar providers: Availability time slots from Google Calendar or Apple Calendar (see Section 5)
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide and operate the Platform | Account data, profile, listings, bookings |
| Match candidates with jobs | Profile, skills, experience, AI matching scores |
| Match buyers with providers | Search queries, location, preferences, availability |
| Process payments and bounties | Transaction data, Stripe account status |
| Track and distribute referral bounties | Share chain data, referral links, conversion events |
| Power AI features (SAI, matching, analysis) | Profile data, job data, interaction history |
| Send notifications and communications | Email, phone, push notification tokens |
| Prevent fraud and enforce Terms | Usage patterns, device info, IP address |
| Improve the Platform | Aggregated usage analytics, feedback |
4. Contact Import & Address Book
With your explicit, opt-in permission, Sorcrr may access your device’s address book to help you discover people you know on the Platform.
Key commitment: Contact data (phone numbers and email addresses) is transmitted securely, used for real-time matching against existing Sorcrr users, and is not stored on our servers after matching completes. We never sell, share, or retain your contact list.
- You can revoke address book access at any time through your device settings
- We do not message or contact people from your address book without their independent consent
- The “Invite Friends” feature sends invitations only when you explicitly choose to invite specific contacts
5. Calendar Integration
Sorcrr Market allows providers to connect Google Calendar or Apple Calendar for availability management.
- Calendar access is authorized via OAuth 2.0—you grant and revoke access through Google or Apple directly
- We read event times only to determine busy/free slots—we do not access event titles, descriptions, attendees, or other details
- We create calendar events for confirmed bookings with only the information necessary (time, service name, booking reference)
- Calendar data is not shared with other users, third parties, or used for advertising
- You can disconnect your calendar at any time from Commerce > Calendar Settings
6. AI & Data Processing
Sorcrr uses Google Vertex AI (Gemini) to power AI features. Here’s how your data interacts with AI:
What AI Processes
- SAI conversations: Your messages to the AI assistant are processed to generate responses. Conversation history is stored to provide context within sessions.
- Profile matching: Your skills, experience, and preferences are converted to vector embeddings for similarity matching. These embeddings are mathematical representations, not readable text.
- Interview analysis: If you upload an interview recording, AI transcribes and analyzes it. Transcriptions are stored with the interview record.
- Job descriptions: AI assists in writing and improving job descriptions based on your input.
What AI Does Not Do
- AI does not make autonomous hiring or booking decisions
- AI outputs are never used to discriminate based on protected characteristics
- Your data is not used to train third-party AI models—Google Vertex AI processes data per Google Cloud’s Data Processing Addendum
- AI does not access your payment information, passwords, or calendar event details
AI Credits
AI features beyond basic usage require purchased credits. Credit purchases are processed through Stripe. Usage is tracked per-request and visible in your account settings.
7. Payment Data & Stripe
All payment processing is handled by Stripe, Inc. Sorcrr does not store, process, or have access to your full credit card numbers.
- What Stripe stores: Payment method details, transaction history, bank account information for payouts
- What Sorcrr stores: Transaction amounts, timestamps, booking/job references, payout status, Stripe customer and account IDs
- Stripe Connect: If you receive payouts, Stripe collects identity verification data (name, date of birth, government ID) as required by financial regulations. This data is stored by Stripe, not Sorcrr.
Stripe’s handling of your data is governed by the Stripe Privacy Policy.
8. Cookies & Analytics
Cookies
Sorcrr uses essential cookies for authentication and session management. We do not use third-party advertising cookies or cross-site tracking cookies.
Google Analytics (GA4)
We use Google Analytics 4 (measurement ID: G-9XZBXVWHXS) to understand how users interact with the Platform. GA4 collects:
- Page views, session duration, and navigation paths
- Approximate geographic location (country/city level)
- Device type, browser, and operating system
- Referral sources (how you found Sorcrr)
GA4 data is aggregated and used solely for improving the Platform. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Firebase Analytics
Our mobile applications use Firebase Analytics for app usage data (screen views, feature usage, crash reports). Firebase is operated by Google and governed by Google’s privacy policies.
9. Data Sharing
We do not sell your personal data. We share information only in these circumstances:
- With other users: Your public profile, listings, and reviews are visible to other Platform users as necessary for the service to function
- With service providers: Stripe (payments), Google Cloud (infrastructure, AI), Firebase (hosting, notifications), SendGrid (email)
- For referral chains: When you participate in a referral, your name may be visible to other chain participants (not your contact details)
- For legal compliance: When required by law, regulation, legal process, or government request
- For safety: To protect the rights, property, or safety of Sorcrr, our users, or the public
- In business transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
10. Data Security
We implement robust security measures to protect your data:
- Encryption in transit: All data transmitted between your device and our servers uses TLS/HTTPS
- Encryption at rest: Sensitive data is encrypted in our databases (Google Cloud SQL)
- Authentication: RS256 JWT tokens with JWKS validation, two-tier defense-in-depth architecture
- Access control: IAM-locked Cloud Run services, no direct public access to backend services
- Secret management: All credentials stored in Google Cloud Secret Manager (no hardcoded secrets)
- Monitoring: Security middleware with XSS, SQL injection, and bot detection on all API endpoints
No system is 100% secure. While we take extensive measures to protect your data, we cannot guarantee absolute security. If we discover a data breach that affects your personal information, we will notify you in accordance with applicable law.
11. Data Retention
- Active accounts: Your data is retained as long as your account is active
- Deleted accounts: Profile data is deleted within 30 days of account closure. Certain data may be retained longer as required by law (e.g., tax records for 7 years)
- Contact import data: Not stored—processed in real-time only
- AI conversation history: Retained for the duration of your account. Deleted upon account closure.
- Analytics data: Aggregated and anonymized analytics are retained indefinitely. Individual-level analytics are retained for 26 months (GA4 default)
- Payment records: Transaction records retained as required by financial regulations (typically 7 years)
12. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Request your data in a machine-readable format
- Objection: Object to processing of your data for certain purposes
- Withdraw consent: Withdraw consent for optional data processing (e.g., contact import, calendar access)
To exercise any of these rights, contact us at privacy@sorcrr.com. We will respond within 30 days.
13. Children’s Privacy
Sorcrr is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@sorcrr.com.
14. International Data Transfers
Sorcrr operates primarily in the United States. If you access the Platform from outside the US, your data may be transferred to and processed in the United States. By using the Platform, you consent to this transfer. We rely on Google Cloud’s data processing commitments and Stripe’s data transfer mechanisms to protect data transferred internationally.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will provide notice through the Platform or via email. Your continued use of Sorcrr after changes take effect constitutes acceptance.
16. Contact
For questions, concerns, or requests regarding your privacy:
- Privacy inquiries: privacy@sorcrr.com
- General support: support@sorcrr.com
- Legal: legal@sorcrr.com
- Company: SOSUITE LLC, 312 W 2nd St, Unit #A448, Casper, WY 82601