Privacy Policy

1. Introduction

Sori ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights when you use the Sori Chrome extension and website (sori-translator.com).

2. Information We Collect

2.1 Account Information (registered users only)

When you create an account, we collect:

• Your email address

You can sign up with email/password or via Google OAuth. If you sign in with Google, we receive your email address and basic profile information (name and profile picture) from Google. Your password (if applicable) is handled entirely by Supabase Auth, it is hashed before storage and we never have access to it. You can revoke Sori's access to your Google account at any time by visiting your Google Account permissions.

2.2 Usage Data

To enforce daily translation quotas, we track:

• A randomly generated anonymous identifier (for users without an account)
• The number of words translated per day
• The number of dictionary lookups per day
• The timestamp of your last translation or lookup request

We also collect aggregated translation statistics (e.g., language pairs used, request counts) to improve the service. These statistics are not linked to individual users or translation content.

We do not store the text you translate. Translation requests are sent to OpenAI in real-time and are not saved on our servers.

2.3 Error Logs

To diagnose and fix issues, we may log errors that occur during your use of the extension. Error logs may include the error type, error message, and contextual information about where the error occurred. They do not include the text you translate.

2.4 Bug Reports & Feedback

If you submit a bug report or feedback (e.g., on uninstall), we collect:

• The description or feedback text you write
• The reason(s) you selected (for feedback forms)
• The timestamp of submission

These submissions are voluntary and contain only what you choose to write.

2.5 Payment Information

Payments are processed by Stripe. We do not store your card number or billing details on our servers. We only receive your subscription tier from Stripe.

2.6 Data Stored Locally on Your Device

The extension stores the following in Chrome's local storage, this data stays on your device and is not sent to us:

• Your authentication session token
• Your language and translation mode preferences

3. How We Use Your Information

• To provide the translation and dictionary service
• To enforce daily usage quotas based on your subscription tier
• To process payments and manage your subscription
• To respond to bug reports and improve the service
• To send account-related emails (e.g., password reset, welcome email)

We do not use your data for advertising or sell it to third parties.

4. Third-Party Services

We use the following third-party services, each with their own privacy policies:

• Supabase: authentication and database (stores your email, hashed password, and usage data)
• Google: OAuth sign-in provider (shares your email and basic profile information with us when you sign in with Google)
• OpenAI: processes your translation requests in real-time (text is not stored by us)
• Stripe: payment processing (handles your card details securely)
• Vercel: hosts the Sori website (sori-translator.com)
• Render: hosts the Sori backend API (may log IP addresses and request metadata for operational purposes)
• Resend: sends transactional emails (e.g., welcome, password reset, security notifications)

5. Data Retention

• Account data: Retained until you delete your account. When you delete your account, your authentication data is removed, but anonymized usage statistics (word count, lookup count) may be retained
• Anonymous usage data: Retained indefinitely for quota enforcement purposes
• Bug reports & feedback: Retained indefinitely to help improve the service, but contain no personally identifiable information unless you choose to include it
• Error logs: Retained for diagnostic purposes and periodically cleaned up
• Translation text: Never stored, processed in real-time only
• Payment records: Retained by Stripe as required by law

6. Data Security

We take reasonable measures to protect your data, including encrypted connections (HTTPS), secure authentication, input sanitization, rate limiting, and access controls. However, no system is 100% secure and we cannot guarantee absolute security.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Delete your account and associated data (via Account Settings → Delete Account)
• Correct inaccurate information
• Request a copy of your data

To exercise any of these rights, contact us at our contact page.

8. Children's Privacy

Sori is not intended for users under 13 years of age (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page when we do. Continued use of the extension after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy, please reach out via our contact page.