Privacy Policy

1. Introduction

Woohyeok Choi (“I,” “me,” “my”) operates Sophia, a conversation-first business operating system for startup founders. This Privacy Policy describes how I collect, use, and handle your personal information when you use the Sophia platform and related services.

By accessing or using Sophia, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use the service.

2. Information We Collect

Account Information

When you create an account, I collect your name, email address, and profile image through Google OAuth, managed by Better Auth. This information is necessary to identify you and provide access to the platform.

Onboarding Data

During the Slack DM onboarding process, you provide business context including your company website URL, business model description, and tech stack preferences. This information is used to build your company brief and configure your operating model within Sophia.

Integration Data

Sophia supports connections to third-party services through the Nango OAuth platform. Supported integrations include PostHog, Stripe, Linear, GitHub, Notion, Amplitude, Mixpanel, BigQuery, GA4, Discord, Devin, and Slack. API keys and OAuth tokens required for these integrations are stored in encrypted form. I access data from connected services only as necessary to provide the features you have configured.

Conversation Data

Messages exchanged during Slack DM onboarding sessions are collected and processed by Anthropic Claude to facilitate the conversational onboarding flow. These conversations are used to understand your business context and generate structured outputs such as company briefs.

Usage Data

I collect information about how you interact with Sophia, including feature usage, interaction patterns, and session duration. This data helps me understand how the service is being used and identify areas for improvement.

3. How We Use Information

The information collected is used to:

• Provide, maintain, and improve the Sophia platform and its features
• Generate company briefs and operating models based on your business context
• Process onboarding conversations and deliver structured outputs
• Manage and maintain your connected tool integrations
• Communicate with you about the service, including updates and changes
• Monitor and analyze usage patterns to improve the user experience

4. Third-Party Services

Sophia relies on the following third-party services to operate. Each service has its own privacy policy governing how it handles data:

• Google — OAuth authentication for account creation and sign-in
• Slack — Messaging platform used for DM-based onboarding and ongoing interaction
• Anthropic Claude — Large language model used to process onboarding conversations and generate structured business outputs
• Nango — OAuth integration platform managing secure connections to your third-party tools
• Vercel — Cloud hosting platform for the web application
• PostgreSQL — Database system for storing application data

I encourage you to review the privacy policies of these services to understand how they handle your data.

5. Data Sharing

I do not sell, rent, or trade your personal information to third parties. Your data is shared only with the third-party service providers listed above, and only as necessary to operate and deliver the Sophia platform. I may also disclose information if required by law or if I believe in good faith that such disclosure is necessary to comply with legal obligations, protect my rights, or ensure the safety of users.

6. Data Security

I take reasonable measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Sensitive credentials such as API keys and OAuth tokens are stored in encrypted form. All data transmission between your browser and the Sophia platform is protected by HTTPS encryption.

However, no method of electronic transmission or storage is completely secure. While I strive to use commercially acceptable means to protect your data, I cannot guarantee absolute security.

7. Data Retention

Your personal information is retained for as long as your account remains active or as needed to provide the service. If you request deletion of your account, I will remove your personal data within a reasonable timeframe, except where retention is required by law or for legitimate business purposes such as resolving disputes.

8. Your Rights

You have the right to access, correct, or delete your personal data held by Sophia. To exercise any of these rights, please contact me through the Sophia platform or via email. I will respond to your request within a reasonable timeframe.

Depending on your jurisdiction, you may have additional rights under applicable data protection laws, including the right to restrict processing, the right to data portability, and the right to object to certain processing activities.

9. Children’s Privacy

Sophia is not intended for use by individuals under the age of 13. I do not knowingly collect personal information from children under 13. If I become aware that I have collected personal data from a child under 13, I will take steps to delete that information promptly. If you believe a child under 13 has provided personal information to Sophia, please contact me immediately.

10. Changes to This Policy

I may update this Privacy Policy from time to time to reflect changes in my practices or for other operational, legal, or regulatory reasons. The updated policy will be posted on this page with a revised “Last Updated” date. I encourage you to review this page periodically to stay informed about how I handle your data.

11. Contact

If you have questions or concerns about this Privacy Policy or how your data is handled, please reach out: