Privacy Policy

Effective April 17, 2026

SOSUITE LLC · 312 W 2nd St, Unit #A448, Casper, WY 82601

1. Introduction

SOSUITE LLC (“Sorcrr,” “we,” “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use sorcrr.com, app.sorcrr.com, market.sorcrr.com, our mobile applications, and related services (collectively, the “Platform”).

By using the Platform, you consent to the practices described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

Information You Provide

  • Account data: Name, email address, phone number, password, profile photo
  • Profile information: Work experience, skills, education, bio, video introductions
  • Company data: Company name, address, industry, logo, team members (for employer accounts)
  • Service listings: Offering details, pricing, availability, bounty settings (for Market providers)
  • Job postings: Job descriptions, salary ranges, requirements, bounty amounts (for employers)
  • Communications: Messages, chat content, support tickets, feedback
  • Video content: Profile videos, application videos, interview recordings you choose to upload
  • Payment information: Processed by Stripe—we do not store credit card numbers (see Section 7)

Information Collected Automatically

  • Usage data: Pages visited, features used, clicks, time spent, search queries
  • Device information: IP address, browser type, operating system, device identifiers
  • Location data: Approximate location based on IP address (we do not track precise GPS location)
  • Referral data: Share chain interactions, referral link clicks, conversion events

Information from Third Parties

  • OAuth providers: Name, email, and profile photo from Google, LinkedIn, or Apple when you sign in
  • Stripe: Payout status and account verification status (not payment card details)
  • Calendar providers: Availability time slots from Google Calendar or Apple Calendar (see Section 5)

3. How We Use Your Information

Purpose Data Used
Provide and operate the Platform Account data, profile, listings, bookings
Match candidates with jobs Profile, skills, experience, AI matching scores
Match buyers with providers Search queries, location, preferences, availability
Process payments and bounties Transaction data, Stripe account status
Track and distribute referral bounties Share chain data, referral links, conversion events
Power AI features (SAI, matching, analysis) Profile data, job data, interaction history
Send notifications and communications Email, phone, push notification tokens
Prevent fraud and enforce Terms Usage patterns, device info, IP address
Improve the Platform Aggregated usage analytics, feedback

4. Contact Import & Address Book

With your explicit, opt-in permission, Sorcrr may access your device’s address book to help you discover people you know on the Platform.

Key commitment: Contact data (phone numbers and email addresses) is transmitted securely, used for real-time matching against existing Sorcrr users, and is not stored on our servers after matching completes. We never sell, share, or retain your contact list.

  • You can revoke address book access at any time through your device settings
  • We do not message or contact people from your address book without their independent consent
  • The “Invite Friends” feature sends invitations only when you explicitly choose to invite specific contacts

5. Calendar Integration

Sorcrr Market allows providers to connect Google Calendar or Apple Calendar for availability management.

  • Calendar access is authorized via OAuth 2.0—you grant and revoke access through Google or Apple directly
  • We read event times only to determine busy/free slots—we do not access event titles, descriptions, attendees, or other details
  • We create calendar events for confirmed bookings with only the information necessary (time, service name, booking reference)
  • Calendar data is not shared with other users, third parties, or used for advertising
  • You can disconnect your calendar at any time from Commerce > Calendar Settings

6. SAI AI Assistant & Data Processing

SAI (Sorcrr AI) is an integral part of the Sorcrr experience. SAI is powered by Google Vertex AI (Gemini models) and is designed to summarize what happens inside your account, draft recommendations, and surface signals that help you move faster.

Baseline condition: SAI is a foundational part of the Platform, not a feature you can disable. By using Sorcrr, you agree that SAI may read the chat content described below to generate summaries, narratives, and recommendations visible inside your account. If you do not consent to this processing, do not create an account — or close your existing account at any time (see Section 11).

What SAI Reads

To produce helpful outputs, SAI processes content from chats you participate in, including:

  • Message text in application group chats, direct messages, and team chat threads
  • Internal briefs and internal remarks attached to jobs, applications, or candidates within your team
  • Timestamps and sender metadata (who sent what, when)
  • Attached documents such as resumes, cover letters, CVs, and portfolio files shared inside a chat
  • Profile and job data relevant to the conversation (skills, experience, job descriptions, requirements)
  • Interview recordings and transcripts you upload or that are produced by the Platform

What SAI Produces

  • Short-form summaries of long chat threads or application histories
  • Hiring recommendations and candidate-matching signals (assistive only — humans make the final call)
  • Draft messages, job descriptions, and narratives you can edit before sending
  • Candidate rankings and similarity scores based on vector embeddings

SAI output is visible only inside the chat thread or account that triggered it, or inside the SAI sidebar views for the account owner and their team. SAI does not post output into other users’ accounts or share it outside the Platform.

Third-Party AI Provider

SAI is powered by Google Vertex AI (Gemini model family). Your data is processed under Google Cloud’s enterprise Data Processing Addendum (DPA), which includes the following commitments:

  • Your chat content is not used to train Google’s foundation models or any model outside your Sorcrr account. This is contractually guaranteed by the Vertex AI enterprise DPA.
  • Data is processed in Google Cloud regions under Standard Contractual Clauses approved by the European Commission for international transfers.
  • Google acts as a data processor on Sorcrr’s behalf — Sorcrr is the controller of your data.

Retention of SAI Data

  • SAI-generated outputs (summaries, recommendations, drafts) are retained for the lifetime of the chat or account that contains them, and are deleted when that chat or account is deleted.
  • SAI processing logs (request and response records used for debugging and abuse prevention) are retained for 90 days, then automatically purged.
  • Vector embeddings derived from your profile and content are retained while your account is active and deleted within 30 days of account closure.

What SAI Does Not Do

  • SAI does not make autonomous hiring, firing, or booking decisions — all decisions remain with human users
  • SAI outputs are never used to discriminate based on race, gender, age, disability, or other protected characteristics
  • SAI does not access your payment card details, passwords, device address book contents, or calendar event titles
  • SAI does not read chats you are not a participant in, and does not cross organizational boundaries (data is scoped to your user, team, or company)
  • Your chat content is not used to train third-party AI models (see DPA above)

AI Credits

AI features beyond basic usage require purchased credits. Credit purchases are processed through Stripe. Usage is tracked per-request and visible in your account settings.

7. Payment Data & Stripe

All payment processing is handled by Stripe, Inc. Sorcrr does not store, process, or have access to your full credit card numbers.

  • What Stripe stores: Payment method details, transaction history, bank account information for payouts
  • What Sorcrr stores: Transaction amounts, timestamps, booking/job references, payout status, Stripe customer and account IDs
  • Stripe Connect: If you receive payouts, Stripe collects identity verification data (name, date of birth, government ID) as required by financial regulations. This data is stored by Stripe, not Sorcrr.

Stripe’s handling of your data is governed by the Stripe Privacy Policy.

8. Cookies & Analytics

Cookies

Sorcrr uses essential cookies for authentication and session management. We do not use third-party advertising cookies or cross-site tracking cookies.

Google Analytics (GA4)

We use Google Analytics 4 (measurement ID: G-9XZBXVWHXS) to understand how users interact with the Platform. GA4 collects:

  • Page views, session duration, and navigation paths
  • Approximate geographic location (country/city level)
  • Device type, browser, and operating system
  • Referral sources (how you found Sorcrr)

GA4 data is aggregated and used solely for improving the Platform. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Firebase Analytics

Our mobile applications use Firebase Analytics for app usage data (screen views, feature usage, crash reports). Firebase is operated by Google and governed by Google’s privacy policies.

9. Data Sharing

We do not sell your personal data. We share information only in these circumstances:

  • With other users: Your public profile, listings, and reviews are visible to other Platform users as necessary for the service to function
  • With service providers: Stripe (payments), Google Cloud (infrastructure, AI), Firebase (hosting, notifications), SendGrid (email)
  • For referral chains: When you participate in a referral, your name may be visible to other chain participants (not your contact details)
  • For legal compliance: When required by law, regulation, legal process, or government request
  • For safety: To protect the rights, property, or safety of Sorcrr, our users, or the public
  • In business transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)

10. Data Security

We implement robust security measures to protect your data:

  • Encryption in transit: All data transmitted between your device and our servers uses TLS/HTTPS
  • Encryption at rest: Sensitive data is encrypted in our databases (Google Cloud SQL)
  • Authentication: RS256 JWT tokens with JWKS validation, two-tier defense-in-depth architecture
  • Access control: IAM-locked Cloud Run services, no direct public access to backend services
  • Secret management: All credentials stored in Google Cloud Secret Manager (no hardcoded secrets)
  • Monitoring: Security middleware with XSS, SQL injection, and bot detection on all API endpoints

No system is 100% secure. While we take extensive measures to protect your data, we cannot guarantee absolute security. If we discover a data breach that affects your personal information, we will notify you in accordance with applicable law.

11. Data Retention & Account Deletion

How to Delete Your Account

You can permanently delete your Sorcrr account and the personal data we hold for you through either of these paths:

  • Inside the app: Open Settings > Personal Data > Delete Account. After you confirm the dialog, your account is immediately soft-deleted (you are signed out and the account stops appearing in search and listings) and scheduled for full purge within 30 days.
  • Web form (no sign-in required): Submit a request at sorcrr.com/account-deletion. This form is intended for users who have uninstalled the app or cannot sign in. You only need your email address and optional account ID.
  • Email: Write to privacy@sorcrr.com from the email address on your account.

What the Deletion Flow Looks Like

  1. You submit a deletion request via app, web form, or email
  2. We send an acknowledgement email to the address on file
  3. We verify the request is coming from the account owner (via the email we already have on file, or a simple confirmation link)
  4. We execute the deletion pipeline — soft-delete immediately, full purge within 30 days
  5. We send a final confirmation email once purge is complete

If you change your mind within 30 days of your request, reply to the confirmation email or contact privacy@sorcrr.com and we can cancel the deletion.

What Gets Deleted Within 30 Days

  • Profile (name, photo, bio, work experience, skills, education)
  • Uploaded videos, thumbnails, and documents (resumes, cover letters, portfolios)
  • Chat messages, internal remarks, and internal briefs authored by you
  • SAI conversation history and SAI-generated outputs tied to your account
  • Vector embeddings derived from your content
  • Job postings, applications, service listings, and bookings you created
  • Notifications, notification preferences, device tokens
  • Referral links you own (chain attribution is retained in anonymized form for accounting)
  • SAI processing logs older than 90 days are already purged; the remainder is purged with your account

What Is Retained for Up to 7 Years

To comply with US and international tax, accounting, and anti-fraud obligations, we retain the following for up to 7 years after account closure:

  • Transaction records: invoices, payment receipts, payout records, refund records
  • Bounty payout history (amounts, counterparties, dates)
  • Tax and 1099 reporting data
  • Anti-fraud and abuse records where we have a reasonable belief of a policy violation

These records are minimized — we keep only what financial and legal regulations require, and they are not used for any product or marketing purpose.

Other Retention Rules

  • Active accounts: Your data is retained as long as your account is active
  • Contact import data: Not stored — processed in real-time only (see Section 4)
  • SAI processing logs: 90 days, then auto-purged (see Section 6)
  • Analytics data: Aggregated and anonymized analytics are retained indefinitely. Individual-level analytics are retained for 26 months (GA4 default)
  • Backups: Encrypted backups are purged according to our backup retention schedule, typically within 35 days of account deletion

12. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to the financial-records retention described in Section 11). You can delete your account inside the app at Settings > Personal Data > Delete Account, via our web deletion form (no sign-in required), or by emailing privacy@sorcrr.com.
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Withdraw consent: Withdraw consent for optional data processing (e.g., contact import, calendar access)

To exercise any of these rights, contact us at privacy@sorcrr.com. We will respond within 30 days.

13. GDPR & European Privacy Rights

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional rights and disclosures apply under the General Data Protection Regulation (GDPR).

Lawful Basis for Processing:

  • Contract Performance — Processing necessary to provide Sorcrr’s core services (account management, job matching, payments)
  • Legitimate Interest — Processing for security, fraud prevention, and platform improvement
  • Consent — Analytics, personalization, and marketing communications (you may withdraw consent at any time via Settings > Privacy)

Additional Rights:

  • Right to lodge a complaint with your local data protection supervisory authority
  • Right to request restriction of processing
  • Right not to be subject to automated decision-making with legal effects (Sorcrr’s AI features are assistive only)

International Data Transfers: Your data is transferred to the United States for processing. We rely on Google Cloud’s Data Processing Agreement and Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your data during international transfers. Stripe uses similar mechanisms for payment data.

14. Children’s Privacy

Sorcrr is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@sorcrr.com.

15. International Data Transfers

Sorcrr operates primarily in the United States. If you access the Platform from outside the US, your data may be transferred to and processed in the United States. We rely on Google Cloud’s Data Processing Agreement and Standard Contractual Clauses (SCCs) to ensure adequate data protection for international transfers. Stripe uses similar mechanisms for payment data.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will provide notice through the Platform or via email. Your continued use of Sorcrr after changes take effect constitutes acceptance.

17. Contact

For questions, concerns, or requests regarding your privacy:

  • Privacy inquiries: privacy@sorcrr.com
  • General support: privacy@sorcrr.com
  • Legal: legal@sorcrr.com
  • Company: SOSUITE LLC, 312 W 2nd St, Unit #A448, Casper, WY 82601