Data protection

Privacy policy

This policy explains how Sofia SAS collects, uses and protects your personal data when you use our services.

Last updated: March 28, 2026

1. Introduction

Sofia SAS acts as data controller for the personal data processed through the Sofia platform.

We are committed to complying with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act.

2. Data collected

Data you provide

  • Contact email address and account information.
  • Information related to connected social accounts.

Technical and usage data

  • Browsing data and product interactions (analytics).
  • Technical data required for security and diagnostics.

3. Collection methods

  • Direct collection via forms and account creation.
  • Collection when connecting third-party services (e.g., social accounts, payment).
  • Collection via cookies and similar technologies, subject to your consent.

4. Use of data

  • Provide and improve platform features.
  • Manage accounts, security and fraud prevention.
  • Measure service performance and experience quality.
  • Process support requests and legal obligations.

5. Data sharing

We share certain strictly necessary data with trusted subcontractors, under GDPR-compliant contracts.

  • Microsoft Azure (cloud hosting and infrastructure, European Union).
  • Stripe (secure payment processing).
  • Google Analytics (audience analysis).
  • Microsoft Clarity (behavioral analysis and heatmaps).
  • Sentry (monitoring and error tracking).

We do not sell your personal data to third parties.

6. Data retention

Data is retained for the period strictly necessary for the purposes stated above, then deleted or anonymized, unless a legal obligation requires otherwise.

Technical and security data may be retained longer when necessary for incident detection, defense of our rights, or compliance with regulatory obligations.

7. Security

Sofia SAS implements appropriate technical and organizational measures to protect your data against loss, unauthorized access, alteration or disclosure.

  • Access controls and principle of least privilege.
  • Encryption of data flows and sensitive data where relevant.
  • Monitoring, logging and incident management.

8. Your rights (GDPR)

You have the following rights:

  • Right of access, rectification and erasure.
  • Right to restriction and objection to processing.
  • Right to data portability.
  • Right to withdraw your consent at any time.

To exercise your rights, contact us at [email protected].

9. Cookies

We use cookies and similar technologies to ensure the site functions properly, measure audience and improve user experience.

Non-essential cookies are only activated after your consent. You can change your preferences at any time from your browser settings or the consent management tool when available.

10. Changes

This policy may evolve to account for regulatory, technical or service changes. The update date appears at the top of this page.

11. Contact

For any question regarding this policy or the processing of your data, you can contact our GDPR point of contact at [email protected].

Company: Sofia SAS
Main data hosting: European Union (Ireland, Microsoft Azure)