This privacy notice discloses the privacy practices for Sophya (sophya.ai, blog.sophya.ai, and app.sagelearning.ai, operated by Sage Learning Inc.). This privacy notice applies solely to information collected by these websites.

We are BC privacy-compliant, GDPR-compliant, Australian privacy law-compliant, and CCPA-compliant. In general, the Sophya team believes deeply that privacy is a fundamental human right, and we make every attempt to anonymize and encrypt your data wherever possible. You can learn more below about your rights as a consumer under CCPA and GDPR, and we will facilitate this process to the greatest extent possible.

We clearly outline in this Privacy Policy exactly what data we may be collecting, and seek to provide as many examples as possible for you to understand what happens with your data.

We do not sell your personal information.

Personal Data or Personal Information (PI) is information that relates to you, your household, or one of your devices.

Sophya collects personal information about you from various sources to provide our service and to manage our site. Some data is provided by you. Other data is collected automatically.

We collect your email when you sign up for our service or contact us by email, and collect other contact information (name, email, phone number, address) when you purchase our service. We use the information you provide to respond to your questions, to provide our service, and to provide customer support to you. We also send emails to tell you about our own services which may be relevant to you.

We share this information for business purposes with third parties and service providers in the following categories:

• Core providers to deliver our service (such as identity verification, e.g. Google authentication)
• Automation tools (for sending emails)
• Internal business operations (such as email providers and data storage)
• Customer support (generally via our team internally)

When you pay for our service, you directly provide payment information to a payment processor who processes the transaction on our behalf.

Commercial information consists of your buying habits and purchases. When you purchase our products, we retain a record of your purchase through our payment processor. This information is used for internal business operations (e.g to verify purchases and provide sales assistance to you)

We collect IP address (a form of geolocation information) and electronic activity (i.e. how you use our website or application), along with information about your device type and operating system when you visit our website and purchase our products. This information is collected on our behalf by third parties that provide services for:

• Troubleshooting and bug fixing (e.g. so that we can help troubleshoot issues you may be experiencing related to your browser)
• Data analytics (to understand how you use our website)
• Core providers to deliver our service (such as identity verification)

We use this information to operate and improve our website and product efforts.

We retain all customer records such as purchases and support tickets indefinitely. Requests to fulfill rights as described below will be retained for at least 24 months.

We will never knowingly collect the personal information of children under 18 without explicit parental or guardian consent. Our website is not intended or developed for children or minors who do not have explicit parental or guardian consent.

This website uses cookies to recognize you when you visit our website.

Cookies are small text files that are stored on your computer. They are designed to hold a small amount of data specific to a website or server that can be accessed either by the website or your computer. We use cookies to capture information described in the What Data We Collect, Why, How It’s Shared section above, such as IP address and electronic activity data.

We use this information to remember your site preferences. Additionally, we use this data to analyze site traffic. We do not sell your personal information.

Our Data Protection Officer can be contacted at aloha@sophya.ai if you have any questions or concerns.

You may exercise certain consumer rights under the California Consumer Privacy Act (CCPA). Email us at aloha@sophya.ai to exercise these rights.

You may request the information we have collected about you. The right to access includes disclosure of:

1. The categories of personal information we have collected about you
2. The categories of sources from which your personal information is collected
3. The business or commercial purpose for collecting your personal information
4. The categories of third parties with whom we share your personal information
5. The specific pieces of personal information we have collected about you

We will provide this information directly to you in a portable format.

If you make a request more than twice a year, you may be required to pay a small fee for this service.

You may exercise your right to deletion. We will delete any personal information that is not critical to the normal business operation of Sophya from our records and direct all of our service providers to do the same.

We consider data to be critical to our business operation if they are used to:

• Provide goods or services to you
• Detect and resolve issues related to security or functionality
• Comply with legal obligations

If you exercise your consumer rights:

• We will not deny goods or services to you
• We will not charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
• We will not provide a different level or quality of goods or services to you

You may designate someone an authorized agent to make a request under CCPA on your behalf. You can do this by providing written permission to authorize an agent to act on your behalf; the agent will need to verify their identity with us. Agents authorized by power of attorney are exempt from having to provide written permission, but must show documentation that power of attorney has been granted.

We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

If you are a customer requesting to exercise rights under CCPA, we will verify your identity through a government ID which includes your picture.

If you are not a customer, we will need to verify the email address associated with the personal information we have collected about you.

If we cannot verify your identity, we cannot fulfill requests to exercise any rights accorded to you by CCPA.

As stated before, we do not sell your personal information.

This section of the Privacy Policy applies only if you use our website or Services covered by this Privacy Policy from a country that is a Member State of the European Union, and supplements the information in this Privacy Policy.

We process Personal Data for the purposes set out in this Privacy Policy:

• As necessary for the performance of the contract between you and Sophya (for example, to provide you with the Services you request and to identify and authenticate you so you may use the website)
• As necessary to comply with legal requirements
• As necessary for our legitimate interests (for example, to manage our relationship with you and to improve the website and our Services)
• Based on consent by our customers (for example, to communicate with you about our products and services), which may subsequently be withdrawn at any time (by emailing aloha@sophya.ai) without affecting the lawfulness of processing based on consent before its withdrawal.

You may be entitled, in accordance with applicable law, to object to or request the restriction of processing of your Personal Data, and to request access to, rectification, erasure and portability of your own Personal Data. Requests should be submitted by contacting us by emailing aloha@sophya.ai.

Last updated: 6/24/2020