SoCo

Privacy Policy

Last updated: February 20, 2026

SoCo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the SoCo platform at so-co.app and related services (the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account
  • Profile Information: Display name, avatar, and preferences you set in your account
  • Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
  • Content: Projects, tasks, cycles, team data, chat messages, and other content you create within the Service
  • Communications: Emails, support requests, and feedback you send to us

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, and time spent in the Service
  • Device Information: Browser type, operating system, device type, and screen resolution
  • Log Data: IP address, access times, referring URLs, and error logs
  • Cookies: We use essential cookies for authentication and session management. See Section 7 for details.

1.3 Information from Third Parties

  • OAuth Providers: If you sign in with Google, we receive your name, email address, and profile picture from Google
  • Integrations: When you connect third-party services (Slack, Google Calendar, etc.), we receive data necessary to provide the integration

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your subscription
  • Power AI features (task generation, cycle planning, recommendations)
  • Send service-related communications (account verification, security alerts, product updates)
  • Respond to your support requests and inquiries
  • Analyze usage patterns to improve the user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

3. AI and Your Data

SoCo uses artificial intelligence (powered by Google Gemini) to provide features like conversational planning, task generation, and progress insights. When you interact with AI features:

  • Your input is sent to our AI provider to generate responses
  • We do not use your content to train third-party AI models
  • AI interactions are stored as part of your project data and subject to the same data protection measures
  • You can delete AI-generated content at any time

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Service Providers: Third parties that help us operate the Service (hosting, payment processing, AI processing, email delivery), bound by data processing agreements
  • Team Members: Other users within your team or organization, as determined by your sharing and collaboration settings
  • Legal Compliance: When required by law, subpoena, court order, or governmental request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
  • With Your Consent: When you explicitly authorize sharing with a specific third party

4.1 Our Service Providers

  • Supabase — Database, authentication, and backend infrastructure
  • Vercel — Website hosting and deployment
  • Stripe — Payment processing
  • Google (Gemini API) — AI features
  • Resend — Transactional email delivery

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, accounting, or security purposes.

Project and task data you create is retained until you delete it or close your account.

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure authentication with password hashing
  • Row-level security on database access
  • Regular security reviews and updates
  • Limited employee access to personal data on a need-to-know basis

While we strive to protect your information, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to support@so-co.app.

7. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and core functionality. Cannot be disabled.
  • Functional Cookies: Remember your preferences and settings (e.g., sidebar state, theme).

We do not currently use advertising or tracking cookies. If we add analytics cookies in the future, we will update this policy and provide opt-out options.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal information and account
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your personal information for certain purposes
  • Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at support@so-co.app. We will respond within 30 days.

8.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to opt out of the sale of personal information. We do not sell personal information.

8.2 European Economic Area Residents (GDPR)

If you are located in the EEA, we process your personal information based on the following legal bases: performance of a contract (providing the Service), legitimate interests (improving and securing the Service), and consent (where applicable). You have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.

10. International Data Transfers

Your information may be processed and stored in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@so-co.app
Website: so-co.app