Privacy Policy

1. Data we process

Account data (name, email, organisation), the documents you submit for analysis, the resulting compliance reports, and operational logs. We do not log document contents; system logs identify records by id only.

2. Where data is stored

All storage and processing take place in the European Union (Google Cloud, europe-west1). AI inference runs on EU-region infrastructure. Fonts are self-hosted; the application loads no third-party content-delivery networks.

3. AI processing and human oversight

Documents are analysed by an AI system, but a qualified lawyer reviews and approves every report before you see it (human-in-the-loop oversight). You are told, on every report and export, that the analysis is AI-assisted and who approved it.

4. Access and isolation

Your organisation's data is isolated from every other organisation at the query level. Access is role-based and audited. SorticAI staff (lawyers, administrators) access cases only as required to review or operate the service, and such access is recorded in an append-only audit trail.

5. Retention and your rights

Data is retained until your organisation requests deletion. Administrators can export an organisation's data and request purge of a case or the whole organisation; purges delete the stored documents and case records while retaining a non-personal audit record of the purge itself.

6. Sub-processors

Google Cloud Platform (hosting, storage, AI inference) and Sentry (error monitoring, when enabled). A current list is available on request.

7. Contact

Data-protection enquiries: privacy@sorticai.com.