SoterGenius Privacy Policy

Last updated: 17 June, 2024

  1. OVERVIEW

    SoterGenius is an AI-based compliance and safety tool. At the SoterGenius team, we are committed to protecting your privacy rights, so you can focus on the health and safety tasks that matter most to your business — with peace of mind.

    Soter Analytics Inc. (hereinafter “Soter”, “we”, “us” or “our”) recognizes the trust that our consumers (“you”) place in us when providing personal information whilst using our SoterGenius product (“SoterGenius”).

    This Privacy Policy covers our collection, use, and disclosure of and explains the choices available to you with respect to your. personal information (referred to herein as “personal information” or “PI”) as defined under the U.S. State Privacy Laws.

    If you have any questions or concerns about how we process your information or about this Privacy Policy, you can email us any time at info@soteranalytics.com.

  2. DEFINITIONS

    In this Privacy Policy the following terms shall have the following meanings:

    our Website” means the website www.soteranalytics.com;

    Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

    Consumers" as defined under privacy laws, including but not limited to in California, Colorado, Connecticut, Utah, Nevada and Virginia, including the California Consumer Privacy Act (California Civil Code § 1798.100 et seq.), as amended including, without limitation, by the California Privacy Rights Act (the “CCPA”); the Colorado Privacy Act (Colorado Revised Statute Title 6 Article 1 Part 13 § 6-1-1301 et seq.) (“CPA”); Connecticut’s Act Concerning personal data Privacy and Online Monitoring (Public Act No. 22-15); Utah’s Consumer Privacy Act (Utah Code Ann. § 13-61-101 et seq.), and the Virginia Consumer Data Privacy Act (Va. Code Ann. § 59.1-575 et seq.) (collectively, the “U.S. State Privacy Laws").

  3. OUR PRINCIPLES OF DATA PROTECTION

    Our approach to data protection is built around four key principles. They’re at the heart of everything we do relating to personal information.

    Transparency: We take a human approach to how we process personal data by being open, honest and transparent.

    Enablement: We enable connections and efficient use of personal data to empower productivity and growth.

    Security: We champion industry leading approaches to securing.

  4. DISCLOSURES RELATED TO YOUR INPUTS IN THE SOTERGENIUS

    Your prompts (inputs), your embeddings, and your training data:
  • are NOT available to other customers.
  • are NOT used to improve any 3rd party large language models (LLMs).
  • are NOT used to automatically improve any models for your use in your resource (The models are stateless, unless you explicitly fine-tune models with your training data).

    SoterGenius is using the Azure OpenAI Service which is fully controlled by Microsoft; Microsoft hosts the OpenAI models in Microsoft’s Azure environment and the SoterGenius does NOT interact with any services operated by OpenAI (e.g. ChatGPT, or the OpenAI API).

  1. INFORMATION WE PROCESS

    SoterGenius processes information we receive directly from you, automatically collected when you use our Website or collected through third parties.

    Information Soter Receives Directly From You

    Information needed to create an account:
    In order to use SoterGenius, you have to create a Soter Dashboard and provide information that is needed for us to create an account for you and manage your ability to log in and out:
  • Identifiers, including first and last name and email address.
  • Your password for Soter Dashboard (hashed).
  • Geographic information, such as the US state your company is located in.

    If you upgrade your account to a paid account, we may collect:
  • Billing information, including name, address, and telephone number.
  • Financial information, including credit card information or bank account information collected by our payment processors on our behalf.
  • Information about your chosen SoterGenius plan.

    Information you provide to us through your use of SoterGenius:
  • Information you provide in compliance-related tasks uploaded to SoterGenius platform, such as attachments, photo and video content. Please note that we have an option available to blur background and/or faces of people on the video whilst using TaskAssesment tool of the SoterGenius.
  • Audio recordings, and transcripts of those recordings, if you choose audio option to interact with SoterGenius chat.
  • Professional or employment information, which may include your title or role at your company if you elect to provide this information.
  • Any other information you choose to provide while using SoterGenius that identifies or can be reasonably associated with you.

    Other information you may provide to us when you interact with us in other ways:
    If you directly interact with our staff, such as our sales, customer success, or user operations groups, we may process the following information voluntarily provided by you:
  • Your requests, questions, and responses to us via forms, or email, or other means.
  • Information to verify your identity.

    Information automatically processed when you visit our Website

    We may also collect the following information:
  • Metadata and inference information related to your use of SoterGenius, our Website, and third-party integrations to better understand the way you work in SoterGenius. We may log the actions you take as you use SoterGenius, including but not limited, to the number of your SoterGenius chats.
  • Internet network activity, cookies, and similar tracking technologies, including data our servers automatically record, including IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, and other such information.

  1. HOW WE USE YOUR DATA: PURPOSES, CATEGORIES AND DISCLOSURES

    We need to disclose the information we collect about you to make SoterGenius run smoothly and to operate our business under the following conditions:
  • Service providers and subprocessors. We may provide access or disclose your information to select third parties that use the information on our behalf to assist in providing SoterGenius, our Website, and features. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, artificial intelligence enabled functionality, Google analytics, data hosting, and other services.
  • Affiliates and subsidiaries. We may disclose the information we collect within the Soter group entities to provide SoterGenius to you.
  • Business transfers. If the ownership of all or substantially all of our business changes, or all or some of our assets are sold as part of a bankruptcy or other proceeding, we may transfer your information to the new owner so that the services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Privacy Policy until the acquiring party updates it. If such transfer is subject to additional mandatory restrictions under applicable laws or agreements, Soter will comply with those restrictions.
  • Law Enforcement. To comply in good faith with a valid legal subpoena, request, or other lawful process. We will notify individuals or consumers of that request unless: we are prohibited from doing so by law or court order; or there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors.

    The table below describes the categories of PI we collect as well as examples of types of data that fit within such categories, in the left column. The middle column lists Processing Purposes applicable to each category of PI.

CATEGORY OF PI PROCESSING PURPOSES CATEGORIES OF RECIPIENTS
Identifiers and contact information (such as name phone number email address IP address phone number and affiliation in a certain company) - Providing our products and services
- Customizing your experience offers and content
- Registering and administering accounts
- Customer service and communications
- Research development and analytics
- Market research and customer satisfaction
- Safety security and compliance with legal obligations
- For purposes disclosed at the time you provide your personal information
- Affiliates and subsidiaries.
- Business transfers.
- Law Enforcement.
Aggregated and de-identified data We may aggregate and/or de-identify information related to your use of SoterGenius (for example how many chats you created) so that such information can no longer be linked to you or your account.

We may use such aggregated and de-identified data for any purpose including but not limited to research and marketing purposes.
- Service providers and subprocessors.
- Affiliates and subsidiaries.
- Business transfers.
Personal Records (such as name billing address telephone number employment bank account number credit card number and debit card number) - Providing our products and services
- Customizing your experience offers and content
- Registering and administering accounts
- Customer service and communications
- Research development and analytics
- Market research and customer satisfaction
- Safety security and compliance with legal obligations
- For purposes disclosed at the time you provide your personal information
- Affiliates and subsidiaries.
- Business transfers.
- Law Enforcement.
- Service providers and subprocessors.
Location Data (such as the US state your company is located in) - Customizing your experience whilst using SoterGenius chat in order to receive state-specific health and safety information
- Market research and customer satisfaction
- Safety security and compliance with legal obligations
- For purposes disclosed at the time you provide your personal information
- Affiliates and subsidiaries.
- Business transfers.
- Law Enforcement.
Sensitive Personal Information (such as race ethnicity and religious affiliation that you voluntarily provide) - Providing our products and services
- Customizing your experience offers and content
- Registering and administering accounts
- Customer service and communications
- Research development and analytics
- Market research and customer satisfaction
- Safety security and compliance with legal obligations
- For purposes disclosed at the time you provide your personal information
- Affiliates and subsidiaries.
- Business transfers.
- Law Enforcement.
  1. INTERNATIONAL DATA TRANSFERS AND DATA RESIDENCY

    All your personal information will be hosted within our infrastructure located in the United States of America.

    For the purpose of enhancing your experience with our services, certain anonymized personal information may be shared with our subsidiaries and affiliates. This information is used solely for customer success and customer support purposes, ensuring that you receive the best possible service.

  2. SECURITY

    Security is a priority for us when it comes to your privacy and data protection. We’re committed to protecting your personal information and have appropriate technical and organizational measures in place to make sure that happens.

  3. DATA RETENTION

    Because there are so many different types of PI in certain categories, and so many purposes and use cases for different data, we are unable to provide retention ranges based on categories of PI in a way that would be meaningful and transparent to you. Actual retention periods for all PI will depend upon how long we have a legitimate purpose for the retention — consistent with the collection purposes and applicable law. For instance, we may maintain business records for so long as relevant to our business, and may have a legal obligation to hold PI for so long as potentially relevant to prospective or actual litigation or government investigation. Nevertheless, after 5 years of your last use of our Website and SoterGenius, your personal information will be automatically deleted.

    We apply the same criteria for determining if we have a legitimate purpose for retaining your PI that you ask us to delete. If you make a deletion request, we will conduct a review of your PI to confirm if legitimate ongoing retention purposes exist, will limit the retention to such purposes for so long as the purpose continues, and will respond to you with information on any retention purposes on which we rely for not deleting your PI.

  4. OTHER IMPORTANT INFORMATION

    Use by children under 16

    If you are under the age of 16, you may not have an SoterGenius account or use Soter’s other products or services. We do not knowingly process any information from, or direct any of our products or services to, children under the age of 16.

    Marketing Practices and Choices

    If you receive email from us, we may use certain analytics tools about your interaction with the email, which may include the date and time when you opened our email and whether you clicked on any links or banners within our emails. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

    You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding SoterGenius our other services, promotions, and special events that might appeal to your interests. In promotional marketing commercial email messages, you can also opt out by following the instructions located at the top and bottom of such emails or contact us at info@soteranalyctics.com

    Please note that, regardless of your request, we may still use and disclose certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt out of certain transactional, operational, or service-related emails, including those reflecting our relationship or transactions with you.

  5. YOUR PRIVACY RIGHTS

    Regardless of what state or country you are located in, we respect your ability to know, access, correct, export, restrict the processing of, and delete your information, and have extended those rights globally. We will not discriminate against you for exercising your privacy rights information about your rights.

    Upon your request, and subject to applicable legal exceptions, we will:
  • provide access to and/or a copy of certain information we hold about you.
  • provide you with information about categories of information we collect or disclose about you, the categories of sources of such information, the business or commercial purpose for collecting your information, and the categories of third parties to which we disclose your information. For your convenience and so you don’t have to request it, we’ve included that information in section 5 of this Privacy Policy.
  • prevent the processing of your information for promotional purposes (including any direct marketing processing based on profiling).
  • update information which is out of date or incorrect. You may also always change your personal information on your Soter Dashboard.
  • delete certain information which we have about you.
  • restrict the way that we process and disclose some of your information.
  • transfer your information to a third party provider of services.
  • revoke your consent for the processing of your information.

    If you request these rights, we will need to verify your identity and may need to verify your relationship with Soter for security and to prevent fraud. You may be able to designate an authorized agent to make requests on your behalf. In order for an authorized agent to be verified, the authorized agent must present signed, written permission to make such requests or a power of attorney. We may also contact you to verify your identity before processing the authorized agent’s request.

    We may take additional steps to verify that you are authorized to make the request. If you are an end user of Soter’s services and not a direct consumer of Soter (for example, your company uses Soter and you’re an employee or authorized representative of that company), you should direct requests relating to your information to the administrator of your company’s Soter account. We will redirect you to your administrator or notify the administrator directly.

    Please note, however, that certain information may be exempt from such requests in some circumstances (for example, if we need to keep processing your information for our legitimate interests or to comply with a legal obligation). Depending on applicable law, you may have the right to appeal our decision to deny your request. If we deny your request, we will provide you with information on how to appeal the decision, if applicable, in our communications with you.

    Privacy Information for California Residents

    Categories of information collected and disclosed.

    If you are a California resident, you have certain rights under the CCPA, and we want to provide you with the following additional information about the purpose for which we use each category of personal information we collect (as defined by CCPA), the categories of third parties to which we disclose personal information for a business purpose or for cross-context behavioral advertising, which includes our use of third-party analytics services and online advertising services.

    For more information about each category of personal information, purpose of use, and third parties to which we disclose personal information, please see section 5 of our Privacy Policy.

    Your choices regarding online advertising and related activities.

    You have the right to opt out of the disclosure of your personal information for purposes of online cross-context behavioral advertising and related activities and can do so by sending us an email at info@soteranalytics.com

    Other CCPA rights.

    We do not offer any financial incentives in exchange for your personal information. If we ever do, we will provide you with additional disclosures regarding those incentives at the time they are offered.

    The CCPA also allows you to limit the use or disclosure of your sensitive personal information (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA.

    California “Shine the Light” disclosure.

    The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. We do not currently disclose your personal information to third parties for their own direct marketing purposes.

    Privacy Information for Nevada Residents

    Under Nevada law, certain Nevada consumers may opt out of the sale of information about you. We do not sell your data in accordance with Nevada Senate Bill 220. However, if you are a Nevada resident you may submit a request to opt out of any potential future sales under Nevada law by letting us know via email at info@soteranalytics.com. Please note, if needed, we may take reasonable steps to verify your identity and the authenticity of the request.

    To exercise the rights pertaining to the processing of personal data or to submit requests concerning the processing of personal data, please contact us using the contact details provided at the end of this Policy. If you contact us to exercise any of the rights above we will check your entitlement and respond in most cases within 1 month.

    While it is our policy to respect the rights of data subjects, please be aware that those rights are not absolute and they are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests and some of these rights may be limited (for example the right to withdraw consent) where we are required or permitted by law to continue processing your personal data to defend our legal rights or meet our legal and regulatory obligations.

  1. CONTACTING US

    If you have any questions about SoterGenius or this Policy, please contact us by email at info@soteranalytics.com. Please ensure that your query is clear, particularly if it is a request for information about the personal information we hold about you.

  2. CHANGES TO OUR PRIVACY POLICY

    We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on our Website. We recommend that you check this page regularly to keep up-to-date.