Privacy Policy

Effective Date: January 1, 2024 | Last Updated: January 1, 2024

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Information Sharing
  5. Paddle Payment Processing
  6. Data Retention
  7. Data Security
  8. Your Rights
  9. GDPR Compliance
  10. CCPA Compliance
  11. Cookies and Tracking
  12. Children's Privacy
  13. Changes to This Policy
  14. Contact Us

1. Introduction

At Sorte.io ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Sorte.io, you consent to the data practices described in this policy.

Key Point: We are committed to protecting your privacy and complying with GDPR, CCPA, and other applicable data protection laws. We never sell your personal data.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, company name, phone number (optional)
  • Payment Information: Processed by Paddle (see Section 5)
  • Project Data: Code, databases, configurations, and other content you upload
  • Communications: Support tickets, emails, and feedback

2.2 Information Collected Automatically

  • Usage Data: Features used, actions taken, performance metrics
  • Device Information: IP address, browser type, operating system
  • Log Data: Access times, pages viewed, errors encountered
  • Cookies: Session cookies and preference settings (see Section 11)

2.3 Information from Third Parties

  • OAuth providers (GitHub, Google) for authentication
  • Analytics services for performance monitoring
  • Customer references or testimonials (with permission)

3. How We Use Your Information

We use the collected information for the following purposes:

Purpose Legal Basis (GDPR)
Provide and maintain the Service Contract fulfillment
Process payments and billing Contract fulfillment
Send service notifications Contract fulfillment
Provide customer support Contract fulfillment
Improve and optimize the Service Legitimate interest
Send marketing communications Consent
Detect and prevent fraud Legitimate interest
Comply with legal obligations Legal requirement

4. Information Sharing

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

4.1 Service Providers

We share data with trusted third parties who assist us in operating our Service:

  • Infrastructure: AWS, Oracle Cloud, Hetzner (hosting)
  • Payment Processing: Paddle (merchant of record)
  • Communications: Email service providers
  • Analytics: Performance monitoring tools
  • Security: Cloudflare (DDoS protection, CDN)

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or if necessary to protect our rights or prevent harm.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4.4 Aggregated Data

We may share aggregated, non-identifiable data for analysis, research, or marketing purposes.

5. Paddle Payment Processing

Important: All payment processing is handled by Paddle.com Market Limited ("Paddle"), our Merchant of Record.

When you make a purchase:

  • Your payment information is collected directly by Paddle
  • Sorte.io does not receive or store credit card details
  • Paddle handles all PCI compliance requirements
  • Paddle processes refunds according to our Refund Policy
  • For Paddle's privacy practices, see: paddle.com/legal/privacy

6. Data Retention

We retain personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

  • Account Data: Retained while account is active plus 30 days after deletion
  • Project Data: Deleted 30 days after account termination
  • Billing Records: Retained for 7 years for tax compliance
  • Support Communications: Retained for 2 years
  • Analytics Data: Anonymized after 90 days

7. Data Security

We implement industry-standard security measures to protect your information:

  • End-to-end encryption for data in transit (TLS 1.3)
  • Encryption at rest for databases and file storage
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • DDoS protection through Cloudflare
  • Regular backups with encrypted storage
  • Incident response procedures

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights

You have the following rights regarding your personal information:

8.1 Access and Portability

Request a copy of your personal data in a structured, machine-readable format.

8.2 Correction

Request correction of inaccurate or incomplete personal information.

8.3 Deletion

Request deletion of your personal information, subject to legal requirements.

8.4 Restriction

Request restriction of processing in certain circumstances.

8.5 Objection

Object to processing based on legitimate interests or for marketing purposes.

8.6 Withdraw Consent

Withdraw consent for processing where consent is the legal basis.

To exercise these rights, contact us at: privacy@sorte.io

9. GDPR Compliance (European Users)

For EU/EEA Residents

We comply with the General Data Protection Regulation (GDPR). Key points:

  • Legal Basis: We process data based on contract, consent, legitimate interest, or legal obligation
  • Data Protection Officer: Contact at dpo@sorte.io
  • EU Representative: [To be appointed if required]
  • Supervisory Authority: You may lodge a complaint with your local data protection authority
  • International Transfers: We use Standard Contractual Clauses for transfers outside the EU

10. CCPA Compliance (California Residents)

California Consumer Privacy Act Rights

California residents have additional rights under the CCPA:

  • Right to Know: Request disclosure of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: We do not sell personal information
  • Non-Discrimination: We will not discriminate for exercising privacy rights

To exercise these rights, call us at 1-800-XXX-XXXX or email privacy@sorte.io

11. Cookies and Tracking

11.1 Essential Cookies

Required for the Service to function:

  • Session cookies for authentication
  • Security cookies for fraud prevention
  • Load balancing cookies

11.2 Analytics Cookies

Used to improve the Service (with consent):

  • Usage patterns and feature adoption
  • Performance metrics
  • Error tracking

11.3 Marketing Cookies

Used for marketing purposes (with consent):

  • Conversion tracking
  • Retargeting (if enabled)

You can manage cookie preferences through your browser settings or our cookie consent tool.

11.4 Do Not Track

We respect Do Not Track signals and will not track users who have enabled this browser setting.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will delete it immediately.

If you believe we have collected information from a minor, please contact us at privacy@sorte.io.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting a notice on our website
  • Sending an email to registered users
  • Updating the "Last Updated" date

Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

For questions about this Privacy Policy or our data practices, please contact us:

Sorte.io Privacy Team
Email: privacy@sorte.io
Data Protection Officer: dpo@sorte.io
General Support: support@sorte.io
Website: https://sorte.io
Phone: 1-800-XXX-XXXX (CCPA requests)

For payment-related privacy concerns, contact Paddle directly:

Paddle.com Market Limited
Website: paddle.com/support
Privacy Policy: paddle.com/legal/privacy

15. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework participation
  • Standard Contractual Clauses for EU data transfers
  • Appropriate safeguards for UK data transfers
  • Compliance with local data protection laws