Privacy Policy of SOFI AI

Among the types of Personal Data that we collect, by itself or through third parties, there are: Tracker; Usage Data; email address; first name; last name; phone number; payment info; Data communicated while using the service; various types of Data.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection. Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.

Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.

Methods of processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.

Legal basis of processing

The Owner may process Personal Data relating to Users if one of the following applies:

• Users have given their consent for one or more specific purposes.
• Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof.
• Processing is necessary for compliance with a legal obligation to which the Owner is subject.
• Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner.
• Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

Place

The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located. Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own.

Retention time

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:

• Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
• Personal Data collected for the purposes of the Owner's legitimate interests shall be retained as long as needed to fulfill such purposes.

The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: Access to third-party accounts, Analytics, Contacting the User, Hosting and backend infrastructure, Handling payments, Remarketing and behavioral targeting, Advertising, Registration and authentication, Tag Management and Interaction with live chat platforms.

For specific information about the Personal Data used for each purpose, the User may refer to the section "Detailed information on the processing of Personal Data".

Our app complies with the Google API Services User Data Policy, including the Limited Use requirements. We understand the importance of protecting user data and have implemented measures to ensure compliance with the policy. We only use user data for the purposes outlined in our privacy policy and do not share or sell user data to third parties. By using our app, you acknowledge and agree to our compliance with the Google API Services User Data Policy.

Google Sheets: We allow you to get data and update your Spreadsheet.

Google Calendar: We read the list of events on your calendar to avoid overbooking. Also, we add events to your Calendar when a customer book an appointment.

This Application's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Important: We explicitly affirm that we do not use data obtained through Google Workspace APIs to develop, improve, or train generalized AI and/or ML models. All data accessed through Google Workspace APIs is used solely for the specific purposes outlined in this privacy policy and in accordance with Google's Limited Use requirements.

This Application may ask for some Facebook permissions allowing it to perform actions with the User's Facebook account and to retrieve information, including Personal Data, from it. This service allows this Application to connect with the User's account on the Facebook social network, provided by Facebook Inc.

For more information about the following permissions, refer to the Facebook permissions documentation and to the Facebook privacy policy.

The permissions asked are the following:

Basic information

By default, this includes certain User's Data such as id, name, picture, gender, and their locale. Certain connections of the User, such as the Friends, are also available. If the User has made more of their Data public, more information will be available.

About Me

Provides access to the 'About Me' section of the profile.

Business Management API

Read and write with Business Management API.

Contact email

Access the User's contact email address.

Instagram basic

Allows reading an Instagram account profile information and media.

Personal Data is collected for the following purposes and using the following services:

Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following:

• Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
• Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
• Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
• Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
• Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data.
• Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
• Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format.
• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

This Application uses Trackers. To learn more, the User may consult the Cookie Policy.

We can process your personal information solely if we have a legal basis for such processing. Legal bases are as follows:

• your consent to the relevant processing activities;
• compliance with a legal or regulatory obligation that lies with us;
• the carrying out of public policies provided in laws or regulations or based on contracts, agreements and similar legal instruments;
• studies conducted by research entities, preferably carried out on anonymized personal information;
• the carrying out of a contract and its preliminary procedures, in cases where you are a party to said contract;
• the exercising of our rights in judicial, administrative or arbitration procedures;
• protection or physical safety of yourself or a third party;
• the protection of health – in procedures carried out by health entities or professionals;
• our legitimate interests, provided that your fundamental rights and liberties do not prevail over such interests; and
• credit protection.

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User

The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use this Application. The Data Controller, unless otherwise specified, is the Owner this Application.