Privacy Policy
Introduction
Stivisto Inc. (“Stivisto,” “we,” “us” or “our”) is a Canadian company that owns and operates the SoChat application (the “Service”). We are committed to protecting your privacy and complying with all applicable privacy laws, including the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). This Privacy Policy explains what information we collect, how we use and share it, the rights you have regarding your data, and our efforts to safeguard your information. By using SoChat, you agree to the practices described in this Privacy Policy and to our Terms of Use. If you do not agree, please do not use the Service.
Information We Collect
We collect several types of information to provide and improve the Service. This includes:
Account Information: When you log in via Google or Apple or Huawei, we receive a unique user ID and basic profile information. We do not collect or store your password; authentication is handled by your chosen provider. You may create a profile within SoChat, including a profile name and profile picture. This profile name and picture may be visible to other users in the app (they will not see your real name or email). We also record which login provider you use (Google or Apple or Huawei) for account management purposes.
User Content: We process and store the content you create on the Service, such as chat messages, photos, voice notes, and other media that you send or receive. This content is stored on our servers to enable features like cross-device synchronization (so you can access your chats from multiple devices or restore them after reinstalling the app).
Device and Technical Information: We automatically collect certain technical information when you use SoChat. This includes your device identifier and device type, operating system version, app version, and settings. We also log your Internet Protocol (IP) address to help us prevent spam, fraud, or abuse. In the event of errors or crashes, we collect log data and diagnostics (e.g. crash reports, timestamped error messages) to troubleshoot and improve the app. This log data may include device information and the state of the app when the error occurred (for example, your IP address, device name, OS version, and app activity at the time of the error). This information helps us maintain the stability and security of the Service.
Usage Data: We may collect data about how you interact with the Service – for example, features you use and timestamps of your sessions. This information is generally aggregated or anonymized for analytics purposes. It helps us understand user engagement and improve our features, but it does not identify you personally in our analytics reports.
Cookies and Similar Technologies: SoChat is available as both a mobile app and a web application. While the mobile app itself does not use cookies, the web version of SoChat does use cookies and similar tracking technologies (such as local storage and browser-based identifiers) to provide core functionality, remember your login status, and analyze how users interact with the Service.
These cookies may be set by us or by third-party analytics providers (such as Google Analytics and Firebase) to help us improve the web experience. Where required by law, we will present you with a cookie banner or consent mechanism that allows you to accept or reject non-essential cookies.
You may manage your cookie preferences through your browser settings or by using built-in opt-out features where available. Disabling some cookies may affect your experience using the web app, particularly features that rely on login or persistent session tracking.
How We Use Your Information
We use the collected information for the following purposes:
Providing and Improving the Service: We use your information to operate SoChat and deliver its core functionality. For example, we use account and profile data to log you in and personalize your experience, and we use your chat content (messages, media) to transmit and store your conversations so you can access them across devices. We may also analyze usage trends and feedback to improve existing features and develop new ones.
Sync and Storage: Your messages and uploaded media are stored on our secure servers to facilitate synchronization between devices and to enable data restoration if you reinstall the app. This means if you log in on a new device, your chat history and media can be retrieved. Deletion Note: (Detailed below under Data Retention and Deletion) If you choose to delete messages or your account, we will remove those items from our servers permanently within the specified time frame.
Safety and Abuse Prevention: IP addresses and device information are used to help us detect and prevent malicious activities, spam, or violations of our Terms of Use. For instance, we may use IP addresses to apply rate-limiting or bans in cases of abuse (such as users sending harassing messages or attempting to spam the Service). This is solely to protect the community and maintain a safe environment.
Diagnostics and Analytics: We use log data and third-party analytics tools (like Google Analytics and Firebase) to understand app performance, troubleshoot crashes, and see how users engage with SoChat. These insights help us fix bugs and optimize the user experience. All such use of data is limited to internal purposes. We do not use analytics data to profile individual users for marketing.
Legal Compliance and Enforcement: We may process and retain certain data as needed to comply with legal obligations, resolve disputes, enforce our Terms of Use, or respond to lawful requests (more details in Legal Compliance section below). For example, if we are required by law to retain certain data or to provide information to law enforcement with proper authority, we will do so in accordance with applicable laws.
No Advertising or Marketing Use: We do not use your personal information for targeted advertising or marketing purposes. Your data is never sold to third parties or shared for marketing; it is used only to provide and improve the SoChat service[4]. You will not receive any commercial advertisements from us based on your data, and we do not profile you for advertising.
Third-Party Service Providers
SoChat uses a few trusted third-party services to support our app’s functionality and infrastructure. These providers may collect or process certain data about you on our behalf (for example, crash logs or usage analytics). We ensure that all such providers are bound by privacy obligations and only use your data as needed to provide their services. The third-party services we use include:
Google Play Services: (For Android users) Services provided by Google that allow integration with Android features and Google-provided functionalities. Google’s Privacy Policy applies to any data Google Play Services may collect (such as device identifiers or Google account information used for login).
Apple App Store Services: (For iOS users) Services provided by Apple for account login (Sign in with Apple) and app distribution. Please refer to Apple’s policies for how they handle user data. See Apple’s Privacy Policy for more information.
Google Analytics: We use Google Analytics to gather anonymous statistics about app usage (e.g., number of users, session length, screens accessed). This helps us understand how SoChat is used. Google Analytics may collect device identifiers and other info as described in Google’s Privacy Policy. (See Google Privacy Policy.)
Firebase: Firebase (by Google) is used for various backend services such as real-time database, cloud messaging (push notifications), and crash reporting (Firebase Crashlytics). Firebase may collect app installation IDs, crash traces, and certain device data to help us diagnose issues. All Firebase services we use are configured in compliance with Google’s data privacy and security guidelines, and data is handled according to Google’s Privacy Policy.
Sentry: We use Sentry to monitor, log, and analyze app errors and performance issues in real-time. This helps us identify bugs, crashes, and slowdowns across both mobile and web platforms. Sentry may collect anonymized technical information such as device type, browser version, stack traces, and app state at the time of error. All data is used solely for debugging and quality improvement purposes and is processed in accordance with Sentry’s Privacy Policy.
Huawei Mobile Services: For Android users with Huawei devices, we integrate with Huawei Mobile Services (HMS) to support login and device integrity verification. HMS allows us to validate whether the device is authorized and secure for accessing SoChat. We use it to ensure secure authentication on Huawei devices. Please refer to Huawei’s Privacy Policy for details on how they handle personal data.
Grafana: We use Grafana (a monitoring and observability platform) to monitor our servers and application performance. This helps ensure reliability and quickly resolve technical issues. Grafana may collect system logs or performance metrics that include IP addresses or device IDs in logs. Grafana Labs is committed to privacy; see their Privacy Policy for details on how they protect data. Any data in our monitoring system is used strictly for maintaining the Service and not for marketing.
Each of these third-party services has its own privacy policy which we encourage you to review for more information on their data practices. We do not share personal data with any third parties other than these service providers, and we do not allow them to use your data for any purposes other than providing their services to us. Aside from the parties listed above (and any affiliates or successors as described in this Policy), we do not disclose, share, or sell your personal information to any other third parties.
Data Sharing and Disclosure
We treat your personal information with care and confidentiality. We will not share or disclose your data to third parties except in the following circumstances:
Service Providers: As noted, we share data with the third-party providers listed above purely to help us run the Service (e.g., storing data, sending push notifications, analyzing crashes). They act under our instructions and are contractually prohibited from using your data for any other purpose.
Legal Compliance: We may disclose certain information if we are required to do so by law or valid legal process. For example, if we receive a subpoena, court order, or official request from law enforcement, we may provide the minimum necessary data to comply, but only after verifying the request’s legality and scope. We will push back against improper or overly broad requests, and will only comply when we are satisfied that the request meets all applicable legal requirements.
Business Transfers: If Stivisto Inc. is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to a successor or affiliate as part of that transaction. If that happens, we will ensure the new owner honors the commitments we have made in this Privacy Policy regarding your personal data, or we will notify you and give you an opportunity to delete your data before transfer if required by applicable law.
Aside from the situations above, no personal information will be given to any individual, company, or government body without your consent. In particular, we do not share data with advertisers or data brokers, and we do not participate in any “selling” of personal information as defined under laws like the CCPA.
Data Retention and Deletion
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. In practice, this means we will keep your account information and chat data while your account remains active. Chat messages and media you send are stored on our servers so that you and your chat partners can access them, and to enable synchronization between your devices. If you simply stop using SoChat, your data will remain in case you return to the Service, unless you request deletion.
User-Requested Deletion: You have the right to delete your account and data at any time. Within the SoChat app settings, you can choose to delete your account. When you initiate deletion, we place your account in a pending deletion state. There is a 14-day delay before final deletion is carried out[5]. This brief period is a safety measure to prevent abuse (for example, to stop malicious actors from mass-deleting and recreating accounts to avoid bans). After 14 days, your account and all associated personal data are permanently erased from our systems.
What happens when data is deleted: Once the deletion is finalized, all of your personal data is irreversibly removed from our servers, including any chat messages, profile information, and stored media. We also purge this data from our backups and logs. In other words, when you delete a message, photo, or your entire account, all related data – including backups, logs, and IP address records – are permanently removed from our servers. We do not keep residual copies of your personally identifiable data after the deletion process is complete. After deletion, neither you nor anyone else (including us) can recover that information.
If you prefer to delete specific content (for example, a particular message or photo) without deleting your whole account, the app provides options to do so. Deleted content will be removed from our servers and will no longer be accessible to you or the other user. (Note: If the other user in a chat has already downloaded or screenshotted content, we cannot prevent that external retention, but on our side the data is gone.)
Retention for Legal Obligations: In certain cases, we may need to retain some information for a longer period if required by law or for legitimate business purposes. For example, we might retain records of payments or communications if necessary for financial reporting or to comply with law enforcement requests. However, any data retained for such purposes will be securely stored and isolated from regular user access. We will not keep your personal data for longer than is necessary for compliance or the specific legitimate purpose.
International Data Transfers
SoChat is operated by Stivisto Inc. in Canada, but the Service may be accessed by users around the world. When you use SoChat, your information may be transferred to or stored on servers located in Canada, the United States, or other jurisdictions where our service providers are located or where we maintain operations. We understand that different countries have different data protection laws, so we take steps to ensure that an adequate level of protection is applied to your information wherever it is processed.
Data transfers from EU/UK: We comply with the GDPR requirements for transferring personal data outside of the European Economic Area (EEA) or UK. Canada is recognized by the European Commission as providing an adequate level of data protection for personal information under PIPEDA. This means that data transfers from the EU/UK to Stivisto in Canada can occur freely, as PIPEDA’s protections have been deemed sufficient by EU standards. If we transfer data from the EU/UK to any third party in a country that is not covered by an adequacy decision (for example, to some of our U.S.-based service providers like Google), we will ensure appropriate safeguards are in place. These safeguards may include Standard Contractual Clauses(SCCs) approved by the European Commission, which legally oblige the recipient to protect your data to GDPR standards, or reliance on another valid transfer mechanism under GDPR.
We also implement technical measures such as encryption to protect data during international transit. By using SoChat, you understand that your information may be transferred to our facilities and those of third parties as described. However, rest assured that no matter where your data is processed, we will protect it in line with this Privacy Policy and applicable law.
Your Privacy Rights
Depending on your jurisdiction, you have specific legal rights regarding your personal information. We are committed to honoring these rights for all users as applicable. These rights include:
For European Union/United Kingdom (GDPR): If you are located in the EU or UK, you have robust data subject rights under the GDPR. These include the right to access the personal data we hold about you (and to obtain a copy of it), the right to request correction of inaccurate data, the right to erasure (“right to be forgotten”) of your data in certain circumstances, the right to restrict or object to our processing of your data, and the right to data portability (to receive your personal data in a commonly used format). You also have the right to withdraw consent at any time when we process your data based on consent (withdrawing consent will not affect the lawfulness of processing before withdrawal). Additionally, you have the right to lodge a complaint with your country’s Data Protection Authority or the UK Information Commissioner’s Office (ICO) if you believe your GDPR rights have been violated. You may contact us at any time to exercise these rights or ask questions (see Contact Us below), and we will respond in accordance with GDPR requirements.
For California Residents (CCPA/CPRA): If you are a California resident, you are entitled to certain rights under the California Consumer Privacy Act (as amended by the CPRA). These rights include: (1) the right to know what personal information we collect, use, disclose, and share about you (including the categories of information, the sources, and the purposes); (2) the right to request deletion of the personal information we have collected from you (subject to some exceptions allowed by law); (3) the right to opt out of the sale or sharing of your personal information to third parties (however, as noted, we do not sell or share your data for monetary or advertising purposes, so this is generally not applicable except for any data sharing already described which is for business purposes); and (4) the right not to be discriminated against for exercising any of these rights. In practical terms, we treat all users equally, and using your privacy rights will not affect the quality or availability of the Service to you. To exercise your California privacy rights, you (or an authorized agent) can send us a request via the contact methods below. We will verify your identity (for example, by confirming your login email or asking for information about your account) before fulfilling the request. We aim to respond to access or deletion requests within 45 days as required by CCPA. Since we do not sell data, we do not offer a “Do Not Sell My Info” link; we simply confirm that we do not sell personal information.
For Canadian Users (PIPEDA): Users in Canada have rights under PIPEDA and related provincial laws. You have the right to access personal information that we hold about you and to request corrections to any inaccuracies. We will assist you in accessing your data or correcting it upon request. Generally, upon written request and verification of identity, we will provide you with a copy of the personal information we have about you, and an explanation of how it’s been used or disclosed (if it has). You also have the right to challenge our compliance with PIPEDA by contacting us or the Office of the Privacy Commissioner of Canada. If you withdraw consent for us to use your information (where we rely on consent), or request deletion of your data, we will honor that (subject to any legal requirements we have to retain data). We strive to adhere to PIPEDA’s principles of openness, accountability, and individual access. This Privacy Policy outlines what personal data we collect and why, and you can contact our Privacy Officer (or general support) with any questions.
For Other Jurisdictions: We aim to extend similar rights and choices to all our users, even if your local laws are not as comprehensive. You can contact us to inquire about or exercise the following, wherever applicable: accessing the data we have on you, correcting or updating your information, deleting your data, or objecting to certain processing. We will evaluate and accommodate requests to the best of our ability in line with our legal obligations and the principles of this Privacy Policy.
How to Exercise Your Rights: To exercise any of your rights described above or to make any privacy-related request, please reach out to us (see Contact Us below). Specify the nature of your request (for example, "I'd like a copy of my data" or "Please delete X information"). For your security, we may need to verify your identity before fulfilling certain requests (so that we don’t disclose your data to someone else). Verification might involve confirming control of your account (such as requiring you to email us from your registered email or sign a request with your account). We will respond to your request as soon as possible and in any case within the timeframe required by applicable law. There is no fee for making a request, though excessively repetitive or manifestly unfounded requests may be declined or charged a minimal fee as permitted by law.
We want you to feel in control of your personal information. If you have any questions about your rights or how to use them, you can always contact our support team and we will guide you through the process.
Children’s Privacy
No Users Under 18. SoChat is not intended for anyone under the age of 18, and we do not knowingly allow minors (under 18 years old) to use the Service. Our Terms of Use explicitly prohibit use by individuals under 18. We do not knowingly collect personal information from children or teenagers below 18. If you are under 18, please do not use SoChat or provide any information about yourself in the app.
If we become aware that we have unintentionally collected personal information from someone under 18, we will take immediate steps to delete such information from our servers. For example, if a parent or guardian notifies us that their under-18 child has created an account, we will verify the claim and then promptly delete the account and all associated data. If you are a parent or guardian and you believe your child (under 18) is using SoChat or has provided personal information, please contact us right away so we can investigate and delete any such data. We take youth privacy seriously and appreciate any assistance in keeping minors off the platform.
Data Security
We employ reasonable and appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, misuse, or alteration. These measures include encryption of data in transit (e.g., using HTTPS for all communications between the app and our servers) and encryption of sensitive data at rest. We also restrict access to personal data within our organization – only authorized personnel with a valid need (such as engineering or support staff addressing specific issues) will have access to user data, and even then, access is limited and controlled.
Our security practices are periodically reviewed and updated to follow industry best practices. We also encourage users to keep their login credentials secure (even though login is via Google/Apple, basic security hygiene like protecting your Google or Apple account with a strong password and 2FA is important).
While we strive to protect your information, it’s important to acknowledge that no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. However, we do our best to use commercially acceptable means to protect your personal information. In the event of a data breach or security incident, we will promptly inform affected users and the appropriate authorities as required by law, and we will take all necessary steps to mitigate the impact and prevent future occurrences.
By using SoChat, you understand that we maintain these safeguards, but you also acknowledge that no system is infallible. Please notify us immediately if you suspect any unauthorized access to or use of your account or any security vulnerabilities in our Service.
No Advertising or Marketing Use
To reiterate and make absolutely clear: we do not use your personal data for advertising, marketing, or profiling purposes. SoChat is not an ad-supported platform, and we do not sell or rent user information to third parties. You will not receive marketing emails, targeted ads, or other promotions as a result of providing your data to us, because we simply don’t use data in that way. Our revenue (if any) comes from optional in-app subscriptions or purchases, not from exploiting user data.
Any analytics we perform (via Google Analytics or Firebase) are solely to improve the app’s functionality and user experience. They might tell us, for example, how often a feature is used or if a new update caused crashes – but they do not feed into any advertising ecosystem. In summary, your data is used only to run and better the Service for you, not to advertise to you.
Limitation of Liability for User Content and Behavior
SoChat is a platform that enables users to communicate with each other. While we strive to enforce community guidelines and keep the environment respectful, we generally do not control or pre-screen what users say or do in chats. Users are solely responsible for their own behavior and the content they share on SoChat. Stivisto Inc. is not liable for any harm or damages arising from the actions of users or the content that users generate. This includes any offensive, obscene, or unlawful material that a user might send, as well as any misconduct by users during conversations.
By using SoChat, you understand that you may be exposed to content from other users. We strongly urge all users to follow our Terms of Use and community rules, and to treat each other with respect. If you encounter another user who is harassing you or violating the rules, you can block or report that user within the app. We will review reports and may ban users who engage in prohibited conduct. However, Stivisto is not responsible for what users say to each other or any consequences that result from user interactions. We do not guarantee the truthfulness or appropriateness of user-submitted content.
In no event will Stivisto Inc. be responsible for any indirect, incidental, consequential, or punitive damages arising out of your use of SoChat or from any user-generated content. Our liability to you is limited as provided in our Terms of Use and by applicable law. We provide the Service “as is” and you use it at your own risk. We encourage you to use common sense and caution when chatting with strangers, and to never share sensitive personal details with others on the platform.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes, we will notify you by appropriate means – for example, by posting the updated Privacy Policy on our website and within the app, and/or by sending you a notification. We will indicate the date of the latest update at the bottom of this Policy. We encourage you to review the Privacy Policy periodically[17] to stay informed about how we are protecting your information.
Your continued use of SoChat after any changes to this Privacy Policy have been posted will signify your acceptance of those changes, as long as they are not materially less protective of your rights than the prior policy without your consent. If you do not agree with any updated policy, you should stop using the Service and may delete your account at any time.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help and are committed to addressing any privacy-related issues.
You can reach Stivisto’s support and privacy team by email at support@stivisto.com. For formal privacy inquiries or to exercise your rights, you may also write to our Privacy Officer at the mailing address below:
Stivisto Inc.701 W Georgia St, Suite 1500
Vancouver, BC V7Y 1C6
Canada
We will do our best to respond promptly to your inquiry, typically within a few business days. If you contact us to exercise a privacy right, we may ask for additional information to verify your identity for security purposes, as mentioned above.
Your trust is extremely important to us. Thank you for entrusting SoChat with your conversations. We welcome feedback on this Privacy Policy or our privacy practices in general.