Sously AI Logo

Privacy Policy

Privacy Policy

Effective Date: 12.09.2025

1. Who We Are

Soulsy AI, a service provided by Individual Entreprenuer NAZARUK OLEKSANDR OLEKSANDROVICH (ФОП НАЗАРУК ОЛЕКСАНДР ОЛЕКСАНДРОВИЧ) ("Company," "we," "us," "our"), provides an AI‑powered cooking assistant that helps you parse recipes, organize collections, manage timers, estimate nutrition, and receive AI‑generated guidance. We act as the data controller for personal data processed in connection with the Service.

2. Data Protection Contact

If you have questions or requests regarding this Policy or your data, you can reach our privacy team at: Email: support@sously.ai Address: Kharkiv, Ukraine, vul. Akademika Pavlova 307, 61168

3. Scope

This Policy explains how we collect, use, share, store, and protect personal data when you access or use our websites, apps, APIs, and related services (the "Service"). Capitalized terms used but not defined here have the meanings in our Terms of Service.

4. What We Collect

  • Account Data: email address, name (if provided), authentication identifiers (including from OAuth/identity providers via our auth service), and basic account settings.
  • Profile Data (Optional): allergies and dietary preferences you provide to personalize features. These may constitute special‑category (sensitive) data under GDPR. We only process them with your explicit, separate consent, which you can withdraw at any time.
  • Content You Provide: recipes you save/parse (including URL, parsed metadata, and, where applicable, a limited portion of page HTML for parsing fidelity), collections, notes, cooking sessions, timers, and AI chat messages.
  • Payment/Billing Data: handled by Paddle.com as Merchant of Record. Paddle collects and processes your payment instrument details, tax information, and billing address subject to Paddle’s terms and privacy notice. We receive limited billing/transaction metadata from Paddle (e.g., subscription status, product/price IDs, customer/subscription IDs, and your country for tax purposes). We do not receive or store your full payment card details.
  • Usage & Device Data: IP address, device/browser characteristics, timestamps, pages/actions, error logs, coarse location (inferred from IP), and cookie/SDK identifiers. See our Cookie Policy for details.
  • Support & Communications: messages you send us (email, in‑product), and related metadata.

5. How We Use Data (Purposes & Legal Bases)

  • Provide and operate the Service (contract): account creation, authentication, feature delivery (parsing, timers, collections, search), and customer support.
  • Personalize features (consent for sensitive data; legitimate interests/contract for non‑sensitive): allergy/dietary personalization, saved preferences, and content organization.
  • Process payments and manage subscriptions (contract/legal obligation): via Paddle (Merchant of Record), tax/VAT handling, invoices/receipts.
  • Security, abuse prevention, and service integrity (legitimate interests): rate‑limiting, fraud/abuse detection, incident response, logging and auditing.
  • Analytics and product improvement (legitimate interests/consent where required): feature usage insights, performance monitoring, and UX improvements. Where possible, this is done using aggregated or anonymized data.
  • Legal compliance (legal obligation): responding to lawful requests, enforcing terms, tax and accounting.

We do not sell personal data. We do not use sensitive profile data (e.g., allergies/diet) for advertising.

6. Special‑Category (Sensitive) Data

Allergy and dietary information are processed only with your explicit, separate consent. You can withdraw consent at any time in your profile/settings or by contacting us. If consent is withdrawn, we will stop processing such data for personalization and delete it (unless retention is required by law or for the establishment, exercise, or defense of legal claims).

7. AI Features

Your questions and relevant recipe context may be sent to AI model providers to generate responses. We take reasonable steps to minimize personal data in prompts and to prevent inclusion of sensitive data unless necessary to deliver the requested feature and consent has been obtained. AI outputs may be inaccurate or incomplete and are for informational purposes only (not medical advice).

8. Cookies and Similar Technologies

We use strictly necessary cookies to run the Service. With your consent, we may use analytics or functional cookies. You can accept, reject, or customize non‑essential cookies via our cookie banner and settings at any time. For details about categories, purposes, and third parties, see our Cookie Policy.

9. Sharing and Disclosures

We share personal data only as described:

  • Merchant of Record & Payments: Paddle.com handles checkout, billing, tax, and compliance. We receive limited subscription/transaction metadata.
  • Cloud Hosting/Database/Cache/Job Queue Providers: to store and process Service data (e.g., our application servers, PostgreSQL database, Redis/queues, object storage, and backups).
  • AI/Model Providers: to generate cooking guidance and related outputs.
  • Email/Comms Providers: to send account, transactional, and support communications.
  • Analytics/Monitoring & Security: to measure usage, diagnose issues, and prevent abuse.
  • Professional Advisors & Legal: where necessary for legal, audit, or compliance purposes.
  • Business Transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

We require processors to implement appropriate safeguards and process personal data only under our instructions.

10. International Transfers

If we transfer your personal data outside your jurisdiction (including outside the EEA/UK), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions. Details are available on request.

11. Retention

We retain personal data only as long as necessary for the purposes described:

  • Account data: for the life of your account and up to 30 days after deletion, then securely deleted or anonymized. Data may persist in backups for a limited period (typically 35–90 days) before being permanently erased.
  • Profile (allergy/diet) data: until you withdraw consent or delete it, or your account is deleted.
  • Content (recipes, collections, sessions, chat): while your account is active or until you delete the items; certain derived/aggregated analytics may be retained in anonymized form.
  • Logs and security records: typically 12–18 months unless needed longer for investigations or legal obligations.
  • Billing records: as required by tax and accounting laws.

12. Your Rights

Subject to local law, you may have the right to: access, rectify, erase, or port your data; object to or restrict certain processing; and withdraw consent at any time (without affecting lawfulness before withdrawal). You can exercise many of these rights directly from your account settings page (e.g., to update your profile, download your content, or delete your account) or by contacting our privacy team. Exercising these rights is free of charge. You may also lodge a complaint with your local data protection authority.

13. Children

The Service is not intended for individuals under 16 years of age. Do not use the Service if you are under 16. We do not knowingly collect personal data from children under this age threshold.

14. Security

We employ administrative, technical, and organizational measures appropriate to the risk, including TLS encryption in transit, access controls, least‑privilege credentials, rate‑limiting, input validation, and auditing. See also our Security Measures document for more detail. No method of transmission or storage is 100% secure.

15. Third‑Party Links and Content

The Service may link to third‑party sites or display third‑party content (e.g., original recipe sources). We are not responsible for the privacy practices of third parties. Review their policies before providing data.

16. Content, Copyright, and Takedowns

We respect intellectual property rights and site terms. If you believe content hosted by us infringes your rights, please follow the notice process in our DMCA/IP Takedown section of the Terms of Service. We may remove or disable access to allegedly infringing content.

17. Changes to This Policy

We may update this Policy to reflect changes in our practices or legal requirements. If we make material changes, we will provide reasonable notice (e.g., by email or in‑app). The “Effective Date” will be updated. Continued use of the Service after changes means you accept the updated Policy.

18. Contact

If you have general questions, you can contact us at: Email: support@sously.ai Address: Kharkiv, Ukraine, vul. Akademika Pavlova 307, 61168

19. Subprocessors and Categories (Overview)

We use service providers to operate the Service. The categories may include:

  • Payments/Merchant of Record: Paddle.com (checkout, billing, tax compliance).
  • Cloud hosting, database, storage, caching, job queues, and monitoring providers.
  • AI/model providers used to generate responses (e.g., large language models).
  • Email and customer support tooling.
  • Analytics and product performance tooling.

We will update this section or provide a separate subprocessor list if material changes occur.