Privacy & Policy

Soren Legal center

Introduction Information We Collect How We Use Information Data Processing Data Sharing Data Retention Security Measures International Data Transfer Your rights Contact Us

1. Introduction

‍

Soren (“we”, “our”, “us”) is committed to protecting your privacy and handling data in a transparent and secure manner.

This Privacy Policy explains how we collect, use, store, and protect information when you use the Soren platform, website, and related services (collectively, the “Services”).

By using our Services, you agree to the practices described in this Policy.

2. Information We Collect

‍

We collect information in the following categories:

2.1 Account Information

Name
Work email address
Company name
Role or team selection
Contact details provided during onboarding or sales interactions

2.2 Usage and Platform Data

Workflow execution metadata
Feature usage patterns
System performance and reliability metrics
Logs related to automation execution and orchestration

2.3 Security & Operational Data

Depending on configuration, Soren may process:

Security alerts and signals
Asset, identity, and environment metadata
Configuration states and policy outcomes
Evidence artifacts generated by workflows

Soren does not require or collect end-user credentials such as passwords for third-party systems.

2.4 Website Data

IP address
Browser and device information
Cookies and similar technologies for analytics and performance

3. How We Use Information

‍

We use collected information to:

Provide, operate, and maintain the Services
Execute and orchestrate security workflows
Enrich signals with context for decision-making
Improve product functionality and reliability
Communicate with users regarding updates, support, and security notices
Comply with legal and regulatory obligations

We do not sell personal data or use customer data for advertising purposes.

4. Data Processing & Customer Control

‍

Customers retain ownership of their data at all times.Soren processes data solely to deliver the contracted Services.Workflow logic and automation actions are executed based on customer-defined configurations and policies.Customers can request data access, export, or deletion subject to contractual and legal requirements.

5. Data Sharing

‍

We may share limited data only with:

Trusted subprocessors required to operate the platform (e.g., cloud infrastructure providers)
Legal authorities when required by law or valid legal process

All subprocessors are bound by confidentiality and security obligations.

6. Data Retention

‍

Operational data is retained only as long as necessary to provide the Services.

Logs and evidence artifacts are retained according to customer configuration and compliance requirements.

Upon termination, customer data is deleted or returned according to contractual agreements.

7. Security Measures

‍

We implement industry-standard security practices, including:

Encryption in transit and at rest
Role-based access controls
Audit logging and monitoring
Segregation of customer environments

Security is embedded into both our platform architecture and operational processes.

8. International Data Transfer

‍

Soren may process data in regions where its infrastructure or service providers operate.

We take appropriate safeguards to ensure data protection consistent with applicable laws.

9. Your rights

‍

Depending on your jurisdiction, you may have the right to:

Access your personal data
Request correction or deletion
Restrict or object to processing

Requests can be submitted via the contact information below.

10. Contact Us

‍

Requests can be submitted via the contact information below.For privacy or data protection inquiries, contact us at:

Support@sorenhq.com