Privacy Policy

1. Who We Are

Soviic is a workflow automation platform for small and medium-sized businesses, operated by CyberSentinel Services LLC, a Texas limited liability company ("Company," "we," "us," or "our").

• Company: CyberSentinel Services LLC (DBA: Soviic)
• Address: 3245 Main St Ste 235-609, Frisco, TX 75034
• Email: [email protected]
• Website: soviic.com

This Privacy Policy applies to the Soviic website (soviic.com), the Soviic application (app.soviic.com), and any related services we provide (collectively, the "Service").

2. Information We Collect

2.1 Information You Provide Directly

• Waitlist / early access signups: Email address and optional first name
• Account registration: Name, business name, email address, and password
• Profile information: Industry, team size, business type
• Payment information: Processed by Stripe — we do not store full card numbers
• Communications: Emails, support tickets, and feedback you send us

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, time spent, clicks
• Device and browser information: Browser type, operating system, screen resolution
• IP address: Used for fraud prevention and geographic analytics
• Cookies and similar technologies: Session management and analytics (see Section 7)

2.3 Information From Third-Party Integrations

When you connect third-party services (Gmail, Slack, Stripe, Google Calendar, etc.) to Soviic, we receive the access tokens and data necessary to perform those integrations on your behalf. We access only what you explicitly authorize. We do not access, read, or store integration data beyond what is required to execute your configured workflows.

3. How We Use Your Information

• To provide, operate, and maintain the Soviic Service
• To process transactions and send billing confirmations
• To send product updates, security notices, and account notifications
• To respond to customer support requests
• To improve and develop new features based on usage patterns
• To send marketing communications — only with your consent and only from Soviic
• To detect, prevent, and investigate security incidents or fraud
• To comply with legal obligations

4. How We Share Your Information

We share your information only in the following limited circumstances:

4.1 Service Providers (Subprocessors)

We use trusted third-party providers to operate Soviic. These providers process data only on our behalf and under our instructions:

• Supabase — Database and authentication (PostgreSQL)
• Vercel — Application hosting and deployment
• Stripe — Payment processing and billing
• Mailchimp (Intuit) — Waitlist and email communications
• Google Workspace — Business email operations
• Cloudflare — DNS, CDN, and DDoS protection
• Resend or SendGrid — Transactional email delivery
• PostHog — Product analytics and session recording
• Sentry — Error tracking and monitoring

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Soviic, our users, or the public.

4.3 Business Transfers

If Soviic or CyberSentinel Services LLC is acquired, merged, or undergoes a change of control, your information may be transferred as part of that transaction. We will notify affected users before any such transfer and provide options to delete your data if desired.

5. Data Retention

• Active accounts: Retained for the duration of the account relationship
• Waitlist data: Retained until you unsubscribe or request deletion
• Workflow and integration data: Retained while your account is active and for 30 days after account deletion
• Billing records: Retained for 7 years as required by tax law
• Security and audit logs: Retained for 12 months
• Deleted account data: Purged within 30 days of deletion request, except where legal retention is required

6. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your data in a machine-readable format
• Opt-out of marketing: Unsubscribe from marketing emails at any time using the link in any email we send
• Withdraw consent: Withdraw consent for optional data processing at any time

To exercise any of these rights, email [email protected]. We will respond within 30 days.

7. Cookies and Tracking

Soviic uses the following types of cookies and tracking technologies:

• Essential cookies: Required for the Service to function (session management, authentication). Cannot be disabled.
• Analytics cookies: PostHog and Cloudflare Analytics collect anonymous usage data to help us improve the product. You may opt out via your browser settings.
• No advertising cookies: We do not use cookies for advertising or cross-site tracking.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in to Soviic.

8. Data Security

Security is a core design principle of Soviic, informed by the founder's cybersecurity background. We implement the following safeguards:

• All data encrypted in transit using TLS 1.2 or higher
• All data encrypted at rest using AES-256 (via Supabase)
• Authentication via Supabase Auth with JWT tokens and secure session management
• OAuth 2.0 for all third-party integration connections
• API keys and integration credentials encrypted at rest and never exposed in client-side code
• Row-level security (RLS) in the database — users access only their own data
• Rate limiting on authentication endpoints to prevent brute-force attacks
• HTTPS enforced on all endpoints
• Audit logging for security-relevant actions

No method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to [email protected].

9. Children's Privacy

Soviic is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at [email protected] and we will delete it promptly.

10. International Data Transfers

Soviic is operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure our service providers provide adequate data protection through standard contractual clauses or equivalent safeguards.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your California rights, contact [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify active users via email or in-app notification at least 30 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy:

• Email: [email protected]
• Mail: CyberSentinel Services LLC (DBA: Soviic)
  3245 Main St Ste 235-609
  Frisco, TX 75034
• General inquiries: [email protected]