Privacy Policy — Sophia

Plain-English summary

Sophia is a privacy-first Chrome extension. We only read the product title and price on supported luxury retailer pages. We never read page HTML, your email, your browsing history, or any personal data. We never sell or share your data with third parties.

What we collect

Product data: title, current price, currency, and retailer domain — extracted only on the 42 supported luxury domains listed in our manifest.
Anonymous usage: rotating session UUID, aggregated event counts (e.g., "comparison completed"). No identifiers tied to you.
Consent record: a yes/no flag and timestamp stored locally in chrome.storage.local. Never sent to our server.

What we never touch

Page HTML, DOM structure, or inline scripts.
Your email, banking, social media, or any non-luxury website.
Your browsing history, form contents, cookies, or authenticated session data.
Name, phone number, address, or any personally identifiable information.

Where data goes

The normalized product data is sent to api.mysophia.tech — our private server hosted in the UAE region — to run the AI comparison and resale estimation. Responses are cached for 30 minutes. Data is never sold, shared, or used for ad targeting.

Photo storage (Authenticator)

When you submit photos to our Authenticator, you choose whether we keep them. There are two separate consent options, both shown to you on the consent step before each scan:

Tier 1 — Keep for 90 days (default ON): We store your photos for 90 days only to re-examine them with you if you contest the verdict, or to share with a partner expert if you escalate. After 90 days they are automatically deleted by an automated retention sweep.
Tier 2 — Help us improve the AI (default OFF, opt-in): You can additionally opt in to letting us use your photos as training data to improve authentication accuracy. This is fully optional. You can withdraw consent any time at /me/data.

Both options are unchecked-by-default for the training tier and checked-by-default for the dispute tier — defensible under PDPL Article 5(b) as part of the service contract (re-examine on contest). Photos are stored encrypted at rest in our own infrastructure. They are never shared with any third party other than the partner expert assigned to your specific scan if you escalate.

Third-party processors

We use the following third parties strictly for the operations listed. Each is bound by their own privacy policy linked below.

Processor	What we send	Their policy
OpenRouter	Authenticator vision prompts — product photo + brand context. Photos are sent over TLS for the duration of the model call only.	openrouter.ai/privacy
Serper	Product comparison queries — only brand + model name (never your photos or any user data).	serper.dev/privacy
Resend	Transactional email only (waitlist confirm, DSR confirm, partner-verdict notifications). Subject + body only — no scan data.	resend.com/privacy
Sentry	Error reports from our API. Configured with PII scrubbing — never includes photos, emails, or scan content.	sentry.io/privacy
Hostinger (hosting)	VPS infrastructure. Data lives in their UAE-region datacenter; encrypted at rest.	hostinger.com/privacy

Your rights (PDPL & GDPR)

Consent: you explicitly opt in on first run for the extension; you choose photo-storage tiers per-scan in the Authenticator. Reject = the corresponding feature is disabled.
Withdrawal: uninstall the extension at any time to stop all processing. For Authenticator photos, withdraw at /me/data.
Access (PDPL Art. 15): request a copy of all data linked to your email at /me/data — we send you a magic-link confirmation; on click, an export package is prepared within minutes.
Erasure (PDPL Art. 18): request deletion of all data linked to your email at the same page. Confirmation is required via magic link; once confirmed, deletion is immediate and irreversible.
Retention: a daily sweep enforces our retention promises (90-day dispute photos, 90-day audit logs) automatically.

Contact

Questions? privacy@mysophia.tech