Privacy Policy

Soraa is a content publishing and monetization platform that enables creators to publish written, visual, and serialized content for readers worldwide. To operate this Platform, we collect certain personal and non-personal information as described below.

We are committed to being transparent about our data practices. If you have any questions about this policy, please contact us at legal@soraa.io.

2.1 Information you provide directly:

• Account information: When you register, we collect your email address, username, and password (stored as a secure hash). Optionally, you may provide your full name, phone number, profile photo, bio, website, and location.
• Content: Posts, stories, manga chapters, comments, and all other content you publish on Soraa.
• Payment information: When you subscribe to a creator or receive earnings, payment data is processed by our payment partners (Cashfree for India, Stripe for international). We do not store your full card number on our servers.
• Communications: Emails, support requests, and messages you send to us.

2.2 Information collected automatically:

• Usage data: Pages visited, content viewed, features used, time spent on the Platform, and actions taken (likes, bookmarks, follows, shares).
• Device information: IP address, browser type and version, operating system, screen resolution, language settings, and device identifiers.
• Log data: Server logs including access times, referring URLs, and error reports.
• Cookies and tracking technologies: We use cookies, web beacons, and similar technologies. See Section 3 for full details.

2.3 Information from third parties:

• Social login: If you sign in using Google, we receive your name, email address, and profile photo from Google as permitted by their terms.
• Payment processors: We may receive transaction confirmation, payout status, and fraud signals from Cashfree or Stripe.
• Referrals: If you sign up via a referral link, we record the referrer's username to attribute the referral.

We use the following types of cookies and tracking technologies on Soraa:

Cookie preferences: On your first visit, we will ask for your cookie consent. You can change your preferences at any time via your browser settings. Most browsers allow you to refuse or delete cookies — please refer to your browser's help documentation.

Note that disabling certain cookies may affect your experience on the Platform.

Soraa uses Google AdSense to display advertisements on the Platform to non-paying users. This allows us to keep Soraa free for readers.

What Google AdSense does:

• Google uses cookies and similar tracking technologies to serve ads based on your prior visits to Soraa and other websites.
• Google's use of advertising cookies enables it and its partners to serve ads based on your visit to Soraa and/or other sites on the internet.
• Google may use the DoubleClick cookie to serve more relevant ads across the web.

Your choices regarding Google advertising:

• You may opt out of personalised advertising by visiting Google Ads Settings.
• You may also opt out via the Digital Advertising Alliance opt-out page.
• Subscribers (paid members) of Soraa will see fewer or no third-party advertisements.

For more information on how Google uses data when you use our Platform, please visit How Google uses data when you use our partners' sites or apps.

GDPR & CCPA compliance: If you are a resident of the European Economic Area or California, you have additional rights regarding your data. Google is committed to GDPR compliance. See Google's GDPR compliance page. For California residents, see Section 9 of this policy.

We use the information we collect to:

• Provide the Platform: Create and maintain your account, display your content, process subscriptions and payments, and enable creator earnings.
• Personalise your experience: Show you content relevant to your interests, followed creators, and reading history.
• Communicate with you: Send transactional emails (account verification, password resets, payment receipts), creator digests, and product updates. You may opt out of non-transactional emails at any time.
• Ensure safety and security: Detect and prevent fraud, abuse, spam, and violations of our Terms of Service.
• Improve the Platform: Analyse usage patterns, run A/B tests, and develop new features.
• Comply with legal obligations: Respond to lawful requests from authorities, enforce our terms, and protect our legal rights.
• Serve advertising: Display relevant advertisements via Google AdSense to non-subscriber users (see Section 4).

Legal basis for processing (GDPR): We process your data on the basis of contractual necessity (to provide the Platform you signed up for), legitimate interests (safety, fraud prevention, product improvement), consent (marketing communications, advertising cookies), and legal obligation (compliance with applicable law).

We do not sell your personal information. We share data only as described below:

• Public profile information: Your username, display name, bio, profile photo, and published public content are visible to all users and indexed by search engines. This is inherent to the nature of a publishing platform.
• Payment processors: Cashfree and Stripe receive the payment data necessary to process transactions. They are bound by their own privacy policies and security standards.
• Advertising partners: Google AdSense may receive your IP address, cookie identifiers, and browsing data to serve ads (see Section 4). We do not share your email address or identity with Google AdSense directly.
• Service providers: We use third-party services for hosting (Supabase, Vercel), email delivery (Resend), and analytics. These providers process data on our behalf and are contractually bound to protect it.
• Legal requirements: We may disclose information when required by law, court order, or government authority, or to protect the rights, property, or safety of Soraa, our users, or the public.
• Business transfers: If Soraa is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

We retain your personal information for as long as your account is active or as needed to provide the Platform. Specifically:

• Account data: Retained while your account is active and for 90 days after deletion, to allow account recovery.
• Published content: Content you make public remains accessible after account deletion unless you explicitly request removal before deleting your account.
• Payment records: Transaction records are retained for 7 years as required by Indian tax law.
• Log data: Server logs are retained for 90 days for security purposes.

You can request deletion of your account and associated data at any time by emailing legal@soraa.io.

We take reasonable technical and organisational measures to protect your information:

• All data transmitted between your browser and our servers is encrypted via TLS/HTTPS.
• Passwords are hashed using industry-standard algorithms and are never stored in plaintext.
• Database access is restricted to authorised personnel and protected by row-level security policies.
• We conduct regular security reviews and promptly patch known vulnerabilities.

However, no method of transmission over the internet or electronic storage is 100% secure. If you believe your account has been compromised, please contact us immediately at legal@soraa.io.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing of your data for direct marketing or legitimate interest purposes.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Withdrawal of consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

California residents (CCPA): You have the right to know what personal information we collect, the right to delete it, and the right to opt out of its "sale" (we do not sell personal information). To exercise your rights, email legal@soraa.io.

To exercise any of the above rights, please contact us at legal@soraa.io. We will respond within 30 days. We may ask you to verify your identity before acting on certain requests.

Soraa is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child without parental consent, we will promptly delete it.

If you believe we have collected information from a child, please contact us at legal@soraa.io.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy.
• Display a notice on the Platform or send you an email notification at least 14 days before the changes take effect.

Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised policy. If you do not agree to the changes, please stop using the Platform and request account deletion.

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our Privacy Officer:

We aim to respond to all privacy-related enquiries within 30 days.

If you are located in the EU and feel we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority.