Logo
Why SoaSo AIProgramsWhat’s sophrology
Join the Waitlist
Icône de globe terrestre symbolisant le monde ou l'internet.
Icon
Logo avec les lettres 'soa' en caractères gras et stylisés sur un fond formé de formes colorées transparentes qui se chevauchent.
Icon
Why SoaSo AIProgramsWhat’s sophrologyJoin the Waitlist
French
English Language Icon
English

Privacy & Cookies Policy

Effective Date: 10 December 2025

This Privacy & Cookies Policy explains how IAORANA LTD ("Soa", "we", "us" or "our") collects, uses, shares, and protects your personal data when you use:

  • Our mobile application Soa (the "App"); and
  • Our website joinsoa.app (the "Site").

It also describes our use of cookies and similar technologies. Your use of the App and the Site is also governed by our General Terms of Use and Sale (the "Terms"). In the event of any inconsistency, mandatory legal provisions applicable to data protection prevail.

1. Who we are

  • Company name: IAORANA LTD
  • Legal form: Private Company Limited by Shares, registered under no. HE 474716
  • Address: 2 Kimonos Street, Limassol 3095, Cyprus
  • Contact email (privacy): support@joinsoa.app

We act as the data controller of your personal data within the meaning of the GDPR, the UK GDPR, and applicable national laws.

2. Data we collect

We collect different categories of data depending on how you use Soa.

2.1 Account data

  • First name or name (if you choose to provide it)
  • Email address
  • Login credentials (token, third-party IDs such as Apple / Google)
  • Preferred language and profile settings

2.2 Subscription and billing data

  • Type of subscription (monthly, yearly, trial offer, etc.)
  • Subscription status (active, cancelled, trial period)
  • Billing information (amount, currency, payment date, payment history)
  • Transaction identifiers provided by our payment processors (Stripe, Apple App Store, Google Play Store)

We do not store full credit card numbers: this information is processed directly by our payment service providers.

2.3 App usage data

  • History of your sessions (programs viewed, sessions started, time spent)
  • Answers to certain questions before or after sessions (for example, how you feel, perceived stress level)
  • Audio preferences (volume, choice of background sound, voice language)
  • Interactions with the App (clicks, navigation, features used)

2.4 Wellbeing data (sensitive data)

In certain protocols or during onboarding, you may share information related to your emotional state or wellbeing, such as:

  • mood of the day, stress level, emotional state;
  • reported difficulties (anxiety, mental load, difficulty relaxing, etc.);
  • wellbeing goals (feeling more centered, managing emotions better, etc.).

In some cases, this information may be considered health or wellbeing data under the GDPR. When this is the case, processing is based on your explicit consent (see section 5).

2.5 Technical data

  • Device type (smartphone, tablet), model, operating system
  • Installed App version
  • Technical identifiers (device ID, advertising ID depending on your settings)
  • IP address, language settings, time zone
  • Technical logs (error logs, performance data)

2.6 Cookies and browsing data

On the Site (and, where applicable, in the App), we use cookies and similar technologies to measure audience, improve the user experience, personalize certain content, and, where applicable, run marketing campaigns (see section 8).

3. Purposes for which we use your data

We use your personal data for the following purposes:

  1. Provide and manage the Soa service
    • Create and manage your account
    • Provide access to programs and sessions
    • Manage user preferences and settings
  2. Personalize your experience
    • Guided onboarding and AI-based recommendations
    • Suggest programs tailored to your state and goals
    • Adapt content (duration, theme, type of practice)
  3. Manage subscriptions and payments
    • Activate, renew, and cancel subscriptions
    • Billing, issuing receipts, handling potential refunds
  4. Communicate with you
    • In-app and push notifications (session reminders, new features, etc.)
    • Service-related emails (sign-up confirmations, subscription information)
    • Marketing emails and newsletters (only if you have consented or if permitted by law)
  5. Improve Soa and develop new features
    • Statistical analysis of usage (in particular in aggregated and anonymized form)
    • Testing new features, improving the interface and user experience
    • Analyzing user feedback
  6. Security, fraud prevention, and legal compliance
    • Detect suspicious or fraudulent activity
    • Secure accounts and data
    • Comply with our legal, tax, and accounting obligations
    • Manage potential disputes

4. Legal bases for processing (GDPR / UK GDPR)

Depending on the processing activity, we rely on different legal bases:

  • Performance of a contract: to provide the App, manage subscriptions and billing, and provide access to sessions and programs.
  • Consent: for processing certain wellbeing data, for some cookies (analytics, marketing), and for marketing communications where required by law.
  • Legitimate interests: to improve our services, keep them secure, understand how the App is used, and prevent fraud, while respecting your rights and freedoms.
  • Legal obligations: to comply with tax, accounting, anti-money laundering, or other regulatory requirements, or to respond to requests from competent authorities.

Where processing is based on your consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

5. Well-being data and explicit consent

Some of the data you share in Soa may be considered sensitive data (for example, your emotional states, stress level, or certain information about your mental wellbeing).

5.1 Explicit consent

For this data, we request your explicit consent through:

  • Specific questions during onboarding and/or
  • Checkboxes or dedicated screens in the App.

Your consent is used to:

  • Personalize your programs and sessions;
  • Track your emotional progress over time;
  • Improve our protocols, in aggregated and anonymized form where possible.

5.2 Withdrawal of consent

You may withdraw this consent at any time:

  • Via the App settings (where this feature is available); or
  • By contacting us at support@joinsoa.app.

Withdrawing your consent:

  • Does not affect the lawfulness of processing carried out before the withdrawal; and
  • May limit or make certain personalization features in the App unavailable.

6. Sharing your data

We do not sell your personal data. We may share your data only with:

  1. Technical and hosting providers
    • Hosting providers (for example Webflow, Google Cloud, or equivalent services)
    • Backend / database / CMS tools
    • Firebase or similar services for notifications
  2. Payment service providers
    • Stripe for card payments and billing
    • Apple App Store and Google Play Store for in-store purchases
  3. AI and voice providers
    • AI model providers (for example, Google or equivalent services) for onboarding, recommendations, or certain generated responses
    • Voice / text-to-speech providers (for example ElevenLabs or equivalent services)
  4. Analytics and performance tools
    • Analytics tools (for example Google Analytics, Amplitude, or similar) to measure App usage and improve the user experience
  5. Authorities and external advisors
    • Administrative, tax, or judicial authorities where required by law
    • Law firms, auditors, or other external advisors where needed (disputes, audits, etc.).

Where these third parties act as processors, they are contractually required to:

  • Process data only on our behalf and in accordance with our instructions;
  • Implement appropriate security measures; and
  • Refrain from using the data for their own commercial purposes.

7. International data transfers

Some of our service providers may be located outside the European Union (EU), the European Economic Area (EEA), or the United Kingdom (for example, in the United States). Where we transfer data to a country that does not benefit from an adequacy decision, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses approved by the European Commission or the relevant authority; and/or
  • Other mechanisms recognized under applicable law.

You can obtain more information about these safeguards by contacting us at support@joinsoa.app.

8. Cookies & similar technologies

8.1 What is a cookie?

A cookie is a small text file stored on your device (computer, smartphone, tablet) when you visit a website. It allows us to:

  • Recognize your device;
  • Remember certain information (preferences, language, session);
  • Measure audience and improve the Site.

We also use similar technologies (for example, pixels and SDKs in the App).

8.2 Types of cookies we use

  1. Strictly necessary cookies
    Essential for the operation of the Site/App (authentication, security, language choice). Without them, some services cannot function properly.
  2. Performance and analytics cookies
    Help measure audience, understand how the Site/App is used, and improve our services (for example, via Google Analytics, Amplitude, or similar tools).
  3. Functional cookies
    Remember your preferences (for example, language, certain display settings) to enhance your user experience.
  4. Marketing / advertising cookies (where applicable)
    Help us track the effectiveness of our marketing campaigns and, where appropriate, show you more relevant ads.

8.3 Third-party cookies

Some cookies are set by trusted third parties, including:

  • Analytics providers (Google Analytics, Amplitude, or similar);
  • Payment providers (Stripe, App Stores);
  • Hosting providers, A/B testing tools, performance services;
  • Potential marketing partners.

8.4 Cookie banner and consent

On your first visit to the Site (and periodically thereafter), a cookie banner allows you to:

  • Accept or refuse non-essential cookies (analytics, marketing);
  • Change your choices at any time via a link or cookie management module, where available.

8.5 Browser settings

You can also configure your browser to:

  • Block certain cookies; and/or
  • Delete cookies that have already been placed.

Blocking or deleting some cookies may negatively affect the functioning of the Site/App.

8.6 Cookie retention periods

  • Session cookies: deleted when you close your browser.
  • Persistent cookies: stored for a limited period (for example, from a few months up to 13 months), then deleted or anonymized.

9. Data retention periods

We retain your personal data only for as long as necessary for the purposes described in this Policy, or to comply with our legal obligations.

By way of example:

  • Account data: for the life of your account, then for an additional limited period (for example, 3 years) for evidence, claims handling, and support.
  • Subscription and billing data: for the duration of the contractual relationship, then for the statutory retention period (for example, 6 to 10 years depending on accounting/tax rules).
  • Wellbeing data: for the duration of your active use of the App, then for a limited period or until you withdraw your consent, before anonymization or deletion.
  • Technical data and logs: for a limited period necessary for security and service improvement (generally a few months).
  • Data used for marketing purposes: until you withdraw your consent or, failing that, for a maximum period in line with guidance from the relevant supervisory authority.

When data is no longer needed or when you request its deletion, we delete or anonymize it, unless we are legally required to retain it.

10. Automated decisions & profiling

We may use some of your data (in particular your onboarding responses, reported mood, and preferences) to build a wellbeing profile and offer you:

  • A recommended protocol or program;
  • Sessions tailored to your state and goals;
  • suggestions for additional content.

These processing activities are based on:

  • Performance of the contract (to adapt the service); and/or
  • Your consent (especially for certain sensitive data).

These profiles and recommendations do not produce legal effects and do not significantly affect you within the meaning of the GDPR: they are solely used to personalize your experience in the App.

11. Your rights

In accordance with the GDPR, the UK GDPR, and applicable national laws, and subject to the conditions set out in those texts, you have the following rights in particular:

  • Right of access: obtain confirmation as to whether we process your data and receive a copy of it.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): in certain cases, obtain the deletion of your data.
  • Right to restriction of processing: request that certain processing operations be temporarily limited.
  • Right to object: object, on grounds relating to your particular situation, to certain processing operations based on our legitimate interests, as well as to processing for direct marketing purposes.
  • Right to data portability: receive certain data in a structured, commonly used, machine-readable format, or request that it be transmitted to another controller.
  • Right to withdraw consent: where processing is based on your consent (for example, wellbeing data, non-essential cookies, marketing communications), you may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: with the supervisory authority of your country of residence (for example, the CNIL in France or the ICO in the United Kingdom).

To exercise your rights, you can contact us at support@joinsoa.app. We may need to verify your identity before responding to your request.

12. Security

We implement appropriate technical and organizational measures to protect your personal data against:

  • Accidental or unlawful destruction;
  • Loss, alteration, or disclosure;
  • Unauthorized access.

These measures may include, for example:

  • Encryption of certain data;
  • Access control and authentication;
  • Logging of access;
  • Hosting with reputable providers;
  • Internal procedures for managing security incidents.

However, no system is completely secure. In the event of a security incident likely to affect your rights and freedoms, we will take appropriate steps and, where required, notify the competent supervisory authority and/or the individuals concerned.

13. Protection of minors

Soa is intended for users aged 18 and over. We do not knowingly collect personal data from persons under the age of 18. If you believe that a minor has provided us with personal data, please contact us at support@joinsoa.app. We will take appropriate steps to delete such data and, where applicable, close the associated account.

14. Changes to this Policy

We may update this Privacy & Cookies Policy from time to time, in particular to reflect:

  • Changes to our services;
  • Changes in legislation or regulations;
  • Changes in our data practices.

In the event of a material change, we will inform you by an appropriate means (notification in the App, message on the Site, email, etc.). The updated version will show a new effective date. We encourage you to review this page regularly to stay informed about our practices.

15. Contact

For any question or request regarding this Policy or the processing of your personal data, you can contact us:

IAORANA LTD
2 Kimonos Street, Limassol 3095, Cyprus
Email: support@joinsoa.app

We will do our best to respond to your requests as quickly as reasonably possible, in accordance with applicable data protection law.