Skip to main content
← Sorca

Privacy Policy

Last updated: March 2026

1. Information We Collect

Account data: When you sign in with Google, we receive your name, email, and profile picture from Google OAuth.

Session data: The messages you exchange with Sorca during sessions, including timestamps and depth levels.

Payment data: Subscription payments are processed by Stripe. We do not store your card details. We store your Stripe customer ID and subscription status.

Usage data: Session counts, feature usage, and basic analytics.

2. How We Use Your Data

Session continuity: Your session history powers the Thread feature, allowing Sorca to reference past conversations.

Service improvement: Aggregated, anonymised usage patterns help us improve Sorca.

Billing: To manage your subscription and enforce usage limits.

We do not sell your data. We do not use your conversations to train AI models.

3. Data Storage

Your data is stored in Google Cloud Firestore (Firebase). Data is encrypted at rest and in transit. Servers are located in the United States and Europe.

Session data is also cached in your browser's localStorage as a fallback.

4. Third-Party Services

Google Gemini: Your messages are sent to Google's Gemini API to generate Sorca's questions. See Google's AI privacy policy for details.

Stripe: Payment processing. See Stripe's privacy policy.

Firebase Authentication: For secure sign-in. See Google's privacy policy.

5. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

6. Your Rights

Under GDPR and similar regulations, you have the right to:

  • Access all data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to processing of your data

To exercise these rights, contact us at the project repository.

7. Data Retention

Session data is retained for as long as your account exists. If you delete your account, all associated data will be permanently deleted within 30 days.

8. Children

Sorca is not intended for users under 16 years of age. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via the application.