Soxify

Privacy Policy

This policy explains what data Soxify collects, why it is processed, and the choices available to users.

TermsPrivacySecurity

Last updated: February 8, 2026

1. Scope

This Privacy Policy applies to Soxify websites, applications, APIs, and services used for compliance evidence collection, request tracking, and export workflows.

2. Data We Collect

We collect information needed to provide and secure the service:

  • Account and identity data such as name, email, and role.
  • Workspace content including controls, workflows, instances, evidence requests, files, comments, and signoffs.
  • Technical and security logs including IP address, timestamps, device and browser metadata, and API request events.
  • Billing and subscription metadata managed through payment processors.

3. How We Use Data

  • Provide core product functionality and customer support.
  • Authenticate users, enforce permissions, and protect workspaces.
  • Generate audit trails, exports, and evidence request notifications.
  • Monitor service reliability, prevent abuse, and improve performance.
  • Comply with legal obligations and respond to lawful requests.

4. Legal Bases (Where Applicable)

Depending on your location, processing may rely on one or more legal bases:

  • Performance of a contract with your organization.
  • Legitimate interests in security, reliability, and service improvement.
  • Compliance with legal obligations.
  • Consent, where specifically required.

5. Sharing and Processors

We do not sell personal data. We may share data with service providers that help operate the platform, including cloud infrastructure, authentication, email delivery, and payment processing.

Data may also be disclosed when required by law, regulation, or valid legal process.

6. International Transfers

Where data is transferred across borders, we use reasonable safeguards appropriate to the transfer, such as contractual commitments with processors.

7. Retention

We retain data for as long as needed to provide services, maintain audit records, meet legal requirements, and resolve disputes. Retention periods may vary by data type and contractual requirements.

8. Your Rights

Subject to local law, you may have rights to access, correct, delete, restrict, or export your personal data, and to object to certain processing.

Requests can be sent to hello@soxify.com.

9. Cookies and Similar Technologies

We use cookies and similar technologies for authentication, session continuity, security, and analytics. You can control cookies through browser settings, but some features may stop functioning correctly.

10. Security

We implement technical and organizational controls designed to protect data against unauthorized access, loss, or misuse. Details are available on our Security page.

11. Children's Privacy

Soxify is intended for business use and is not directed to children.

12. Policy Updates and Contact

We may update this policy from time to time. Material changes will be posted in-product or on the website. Questions can be sent to hello@soxify.com.