PRIVACY POLICY

Voice Soul is an AI-enabled voice, image and language assistance platform that enables users to record, upload, translate, process and receive audio, image-based, contextual and language-related outputs through artificial intelligence and third-party processing systems (the “Services”). The Services are owned and operated by Sohofi Global Technologies, a partnership firm based in India, with its registered office at Flat No. 203, 23/1, J R Makwoods Apartments, Old Mangammanapalya Road, Popular Colony, Mangammanapalya, Bengaluru, Bengaluru Urban, Karnataka, 560068 (“SOHOFI”, “Company”, “we”, “us” or “our”). This Privacy Policy (“Policy”) explains how we collect, use, disclose, retain and protect Information/Data when you use the Voice Soul mobile application, website, web application, APIs, interfaces, software, tools, content and related services (the “Platform”). For AI Processing features, Input Data is intended to be processed on a one-time, transient basis to generate the requested AI Output and is then deleted, de-identified or retained only in limited form as described in this Policy.

This Policy is provided electronically and should be read with the Terms and Conditions, consent notices, cookie notices, feature-specific notices and in-app disclosures. Nothing in this Policy limits any mandatory rights available to you under Applicable Laws.

In this Policy, “you” / “your” / “yourself” means the person using the Platform and/or the person on whose behalf you are acting. We process Personal Information/Data, Sensitive Data, third-party information and other Information/Data only for the relevant features and purposes described in this Policy and in accordance with Applicable Laws.

Please read this Policy carefully before using the Platform. By accessing or using the Platform or Services, you acknowledge that you have read this Policy. Where consent or a specific permission is required, we will request it through an appropriate mechanism. If you accept this Policy on behalf of another person or legal entity, you represent that you have authority to do so.

This Policy describes the categories of Information/Data we collect, the purposes for which we use it, the broad grounds on which processing may occur, the persons with whom it may be shared, the retention approach for transient AI Processing, your rights and choices, our security measures and our contact details.

We may update this Policy from time to time. Changes become effective when posted on the Platform or on another notified date. Where a change materially affects processing of Personal Information/Data, we will provide notice or take other steps required by Applicable Laws.

1. CONSENT

By using the Platform, you acknowledge that you have read and understood this Policy. We do not treat use of the Platform as blanket consent to all processing. Depending on the context, we may rely on consent, performance of the Terms and Conditions, compliance with legal obligations, legitimate interests, protection of rights and safety, or any other lawful basis recognized under Applicable Laws. If you do not agree, please do not use the Platform.

For AI features that transmit your Personal Information/Data to AI Sub-processors, we will present a clear disclosure at or before the point of first use of each such feature, identifying the categories of data to be sent and the categories of recipients. Where Applicable Laws require your consent for such transmission (including, for Sensitive Data, explicit consent), we will obtain that consent before transmitting your data and will not activate the relevant feature until consent is given. You may withdraw consent at any time through the relevant feature settings or by contacting us, though withdrawal may limit or disable the relevant feature.

Consent” means a freely given, specific, informed and unambiguous indication of your wishes by clear affirmative action. Where Applicable Laws require a higher standard of consent for particular data, features or technologies, we will seek consent in the manner required for that processing.

You may withdraw consent through the controls made available for the relevant feature or by contacting us. Withdrawal does not affect processing undertaken before withdrawal and may limit the relevant Service, feature, Coin-related functionality, Offer Wall activity or Third-Party Service. We may continue processing where required or permitted by Applicable Laws.

2. APPLICABILITY

This Policy applies to Information/Data collected through the Platform and Services, including account creation, app usage, voice-to-voice translation, image-to-voice functionality, contextual image assistance, language mapping, location-based language configuration, customer support, Coins, Premium Membership Plans, advertisements, Offer Wall activities and Third-Party Services. It is intended to apply on a Europe-wide basis, subject to mandatory local requirements.

Cookies and similar technologies: Where the Platform uses cookies, device fingerprinting, advertising identifiers, SDKs or other tracking technologies on your device, we will seek your prior informed consent before placing non-essential trackers, in accordance with Art 5(3) of the ePrivacy Directive as implemented in the applicable member state. Essential cookies required for the Platform to function do not require consent but are disclosed in our Cookie Notice. Please review the Cookie Notice, available at [insert link], for full details of cookies used, their purpose, and how to manage your preferences.

This Policy does not apply to independent third-party applications, app stores, payment gateways, AI vendors, cloud providers, analytics providers, advertising partners, Offer Wall providers, survey providers, game providers, external websites or other Third-Party Services that process Information/Data for their own purposes. Where a third party processes Information/Data on our behalf, we seek to apply appropriate contractual, technical and organizational safeguards.

If you submit or process Content relating to another person, including voice, image, likeness, biometric information, personal information, confidential information or sensitive information, you are responsible for ensuring that you have all required rights, notices, consents, permissions and lawful grounds under Applicable Laws and the Terms and Conditions.

Applicable Laws” means laws, rules, regulations, regulatory guidance, governmental directions, orders and legal requirements that apply to the Company, Platform, Services or relevant processing activity, including European privacy and data protection laws such as the GDPR and related ePrivacy, consumer-protection, payment, cyber-security, platform and AI-related requirements, to the extent applicable, and Indian laws mandatorily applicable to the Company.

Where more than one law applies, we will apply the mandatory requirement applicable to the relevant user, jurisdiction or processing activity.

3. DEFINITIONS

a) Personal Information/Data” means information relating to an identified or identifiable natural person, including information treated as personal data under the GDPR or other Applicable Laws, such as identifiers, contact details, device or online identifiers, usage information, location-related information, voice, image, likeness, account information, payment-related metadata, prompts, Content, AI Outputs and similar information.

b) Sensitive Personal Data or Information” or “Sensitive Data” means Personal Information/Data receiving heightened protection under Applicable Laws, including special categories of personal data under European data protection laws and other protected categories recognized by applicable privacy laws.

c) Data Subject” means the identified or identifiable individual to whom Personal Information/Data relates and includes, where applicable, a parent, lawful guardian or authorized representative.

d) Controller” means the person that determines the purposes and means of processing Personal Information/Data.

e) Processor” means a person processing Personal Information/Data on behalf of a Controller, including service providers, vendors, contractors and other processors engaged by us.

f) Processing” means any operation performed on Personal Information/Data, including collection, recording, storage, use, disclosure, transmission, restriction, erasure or destruction.

g) Content” means audio, voice recordings, speech, images, image links, prompts, text, metadata, feedback, files, messages, names, likenesses, instructions and other material submitted, uploaded, recorded or transmitted through the Platform.

h) AI Outputs” means translations, audio responses, transcriptions, descriptions, contextual responses, language-related outputs, image-related outputs, text, voice outputs or other outputs generated or assisted by artificial intelligence, translation, speech, computer-vision or related systems.

i) AI Processing” means processing of Content, Personal Information/Data, device information, technical data, prompts, voice recordings, images, metadata and other inputs by or through AI systems, machine-learning models, translation engines, speech systems, computer-vision systems, safety tools and related Third-Party Services. Unless stated otherwise, raw Input Data is intended to be processed temporarily for the requested Service.

j) Input Data” means prompts, audio, voice recordings, images, image links, text, instructions, metadata, files, feedback and other information provided to the Platform for processing by a Service or AI system. Input Data used to generate an AI Output is not retained as permanent history by default.

k) Model Improvement Data” means data used to monitor, test, evaluate, debug or improve the quality, reliability, safety, latency, usability or performance of the Platform, Services, AI Outputs and related systems. We seek to use aggregated, anonymized, de-identified or minimized data wherever reasonably practicable.

l) Human Review” means review by authorized personnel, contractors or service providers for limited operational, support, quality, safety, abuse-prevention, legal, security or rights-protection purposes, subject to safeguards. Human Review may not be available where raw Input Data has been processed transiently and deleted.

m) Coins”, “Offer Wall”, “Premium Membership Plan”, “Third-Party Services”, “User” and “Visitor” shall have the meanings assigned to them in the Terms and Conditions.

Aggregated or anonymized information that cannot reasonably identify an individual is not treated as Personal Information/Data for purposes of this Policy. De-identified or pseudonymized information may remain subject to Applicable Laws where it can reasonably be linked back to an individual.

4. INFORMATION WE COLLECT

We collect only Information/Data reasonably necessary for the purposes described in this Policy, the Terms and Conditions, consent notices or feature-specific notices. Depending on your use of the Platform, we may collect the following categories:

a) Information You Provide to Us

i) Account Information: Name, username, account ID, profile information, email address, mobile number, language preferences, country or region selection, authentication information and other account details provided by you.

ii) Content and AI Processing Information: Voice recordings, audio clips, speech, language inputs, translations, transcriptions, prompts, typed text, uploaded images, image links, camera inputs, contextual questions, metadata, feedback, files, messages, AI Outputs and other Content submitted through the Services. Raw Content submitted for AI Processing is intended to be processed transiently and then deleted, de-identified or retained only in limited form under this Policy.

iii) Communication Information: Contact details, communication content and related records when you contact us through email, in-app support, phone, grievance channels or other means.

iv) Payment, Subscription, Coins and Offer Wall Information: Subscription status, invoice or transaction identifiers, payment-provider confirmations, refunds, Coin balances, usage deductions, reward history, Offer Wall status, attribution identifiers, anti-fraud checks and related records.

v) Any Other Information: Additional Information/Data voluntarily provided in connection with the Platform or Services.

b) Information We Collect Through Automated Means

When you use the Platform or Services, we may collect device identifiers, advertising identifiers where permitted, app instance identifiers, IP address, operating system, browser type, app version, device model, network information, crash logs, diagnostics, usage patterns, cookies, SDK data, analytics data, attribution information, app permission status and similar technical logs.

The Platform may request device permissions such as microphone, camera, photo library, file access, storage, location and notifications. You may manage permissions through device or Platform settings, subject to feature limitations.

c) Information We Collect from Other Sources

We may receive Information/Data from app stores, payment providers, Advertising Partners, Offer Wall providers, survey providers, game providers, AI vendors, cloud providers, analytics providers, fraud-prevention providers, support tools and other Third-Party Services, where permitted under Applicable Laws.

5. HOW WE USE YOUR INFORMATION

We may use Information/Data for the following purposes. The principal lawful basis we rely on for each purpose is indicated in brackets. Where we rely on legitimate interests (Art 6(1)(f) GDPR), those interests are: operating and securing a safe, functional and commercially sustainable AI-enabled platform and protecting the rights of the Company, its users and third parties. Where consent is the stated basis, you may withdraw it at any time without affecting processing already carried out on that basis.

a) To create, authenticate, maintain, secure and administer your account and provide account-related support. [Lawful basis: performance of contract — Art 6(1)(b) GDPR]

b)

c) To provide and maintain the Services, including voice-to-voice translation, image-to-voice functionality, contextual image assistance, language mapping, location-based language configuration and customer support. [Lawful basis: performance of contract — Art 6(1)(b) GDPR]

d)

e) To process Content, prompts, voice recordings, images, metadata and other inputs through AI, translation, speech, computer-vision and related third-party systems to generate AI Outputs on a one-time and transient basis. [Lawful basis: performance of contract — Art 6(1)(b) GDPR; consent — Art 6(1)(a) and, where Sensitive Data is involved, Art 9(2)(a) GDPR]

f)

g) To allocate, deduct, verify and administer Coins, Usage Charges, Premium Membership Plans, subscriptions, Offer Wall rewards, refunds, disputes and account balances. [Lawful basis: performance of contract — Art 6(1)(b) GDPR]

h)

i) To display, measure, attribute and manage advertisements, rewarded advertisements, Offer Wall tasks, surveys, games, promotions and other monetization features, subject to your choices and Applicable Laws. [Lawful basis: consent — Art 6(1)(a) GDPR; or legitimate interests — Art 6(1)(f) GDPR, where contextual advertising not requiring consent is used]

j)

k) To detect, prevent, investigate and respond to fraud, abuse, spam, unauthorized recordings, unlawful surveillance, impersonation, biometric misuse, payment fraud, Offer Wall manipulation, security incidents and other prohibited conduct. [Lawful basis: legitimate interests — Art 6(1)(f) GDPR; compliance with legal obligations — Art 6(1)(c) GDPR]

l)

m) To improve, maintain, test, monitor, debug and develop the Platform, Services, safety systems, language quality, translation accuracy, performance and user experience, using minimized or de-identified data where reasonably practicable. [Lawful basis: legitimate interests — Art 6(1)(f) GDPR]

n)

o) To communicate with you about account activity, service updates, security alerts, support, policy changes, subscriptions, rewards, offers, marketing communications and administrative matters, subject to your choices. [Lawful basis: performance of contract — Art 6(1)(b) GDPR for transactional communications; consent — Art 6(1)(a) GDPR for marketing]

p)

q) To comply with Applicable Laws, court orders, governmental directions, regulatory requirements, cyber-security obligations, audit, taxation, accounting, record-keeping and law-enforcement requests. [Lawful basis: compliance with legal obligations — Art 6(1)(c) GDPR]

r)

s) To enforce the Terms and Conditions, this Policy and other applicable terms, and to establish, exercise or defend legal claims. [Lawful basis: legitimate interests — Art 6(1)(f) GDPR; legal claims — Art 9(2)(f) GDPR where Sensitive Data is involved]

t)

u) To create aggregated, anonymized or de-identified analytics, statistics and service-improvement insights that do not reasonably identify an individual. [Lawful basis: legitimate interests — Art 6(1)(f) GDPR; note that truly anonymized data falls outside the scope of GDPR]

Unless expressly disclosed in a consent notice, feature-specific notice or applicable setting, we do not use your voice recordings, images, prompts or Content containing Personal Information/Data to train third-party public foundation models, and we do not retain raw Input Data for model training by default.

6. DISCLAIMER

WHERE THE PLATFORM PROVIDES VOICE, IMAGE OR LANGUAGE ASSISTANCE, SUCH ASSISTANCE IS AN AUTOMATED AID AND NOT A GUARANTEED DESCRIPTION, TRANSLATION OR ASSESSMENT. USERS REMAIN RESPONSIBLE FOR INDEPENDENT JUDGMENT AND HUMAN ASSISTANCE WHERE ACCURACY OR SAFETY MATTERS.

THE PLATFORM IS NOT A SUBSTITUTE FOR PROFESSIONAL TRANSLATORS, INTERPRETERS, LAWYERS, DOCTORS, FINANCIAL ADVISERS, EMERGENCY SERVICES, GOVERNMENT AUTHORITIES OR OTHER QUALIFIED PROFESSIONALS, AND MUST NOT BE RELIED UPON FOR REGULATED, SAFETY-CRITICAL, LIFE-CRITICAL OR HIGH-RISK DECISIONS.

AI OUTPUTS MAY CONTAIN ERRORS, MISTRANSLATIONS, OMISSIONS, HALLUCINATIONS, INCORRECT IMAGE OR TEXT INTERPRETATIONS, MISSED NUANCE, BIAS, OFFENSIVE CONTENT OR OTHER LIMITATIONS. YOU SHOULD VERIFY AI OUTPUTS BEFORE RELYING ON THEM.

AI OUTPUTS ARE GENERATED ALGORITHMICALLY AND MAY VARY BASED ON MODELS, THIRD-PARTY SYSTEMS, LANGUAGE SETTINGS, PROMPTS, SAFETY FILTERS, NETWORK CONDITIONS, REGIONAL AVAILABILITY, DEVICE SETTINGS OR PRODUCT CONFIGURATION.

7. AI PROCESSING, MODEL OPERATIONS AND OUTPUTS

The Platform is an AI-enabled service. When you use AI features, your Input Data, which may include voice recordings, audio clips, speech, images, image links, typed text, prompts, metadata and related session information, and where you provide it, certain account identifiers and device information necessary to route and process your request, is transmitted to and processed by Company systems and Third-Party Services, including speech-recognition engines, machine-translation services, large-language-model providers, computer-vision systems, safety and abuse-prevention tools analytics providers and cloud infrastructure provider required to deliver the Service (together, “AI Sub-processors”).These third-party providers are located in India, the European Economic Area and other jurisdictions, as further described in the HOW WE SHARE AND DISCLOSE YOUR INFORMATION and THIRD-PARTY LINKS AND FEATURES sections. A current list of AI Sub-processors is available at [insert link] and will be updated when material changes are made. Unless stated otherwise, this processing is intended to be one-time, session-based and limited to generating the AI Output requested by you.

Transparency under the EU AI Act: From the dates on which the relevant provisions of Regulation (EU) 2024/1689 (the EU AI Act) apply, where the Platform deploys an AI system that generates synthetic speech, synthetic audio, AI-generated images, deepfake-detection outputs or other content for which Art 50 AI Act disclosure obligations apply, we will ensure that: (a) content generated or manipulated by AI is labelled or marked as such in a machine-readable format where technically feasible; and (b) where the Platform uses an emotion-recognition or biometric categorisation system, you will be informed of its operation before it processes you. Where SOHOFI constitutes a "deployer" or "provider" of a General-Purpose AI model system under the AI Act, it will comply with applicable transparency, incident-reporting and technical-documentation obligations. This obligation applies progressively as the AI Act provisions enter into force.

We may maintain test prompts, benchmark outputs, safety cases, abuse signatures, fraud indicators and quality metrics. We do not maintain raw Input Data as evaluation datasets by default, and any Personal Information/Data used for these purposes is subject to this Policy and Applicable Laws.

Feedback, corrections, ratings, suggested translations, quality comments, support tickets and similar inputs may be used to evaluate, debug, improve and develop the Platform, Services and AI Outputs. Please avoid including unnecessary Personal Information/Data, Sensitive Data or confidential information in feedback.

Where Personal Information/Data is used for model improvement, evaluation or quality review, we will do so only where permitted under this Policy, a relevant notice, user settings or Applicable Laws, and with heightened care for Sensitive Data, children’s data and similarly protected information.

We may use aggregated, anonymized, de-identified or non-personal information to improve, test and monitor the Platform, Services, AI Outputs, safety systems, performance, language quality, routing logic, abuse-prevention systems and user experience.

Unless expressly disclosed, we do not use your Content containing Personal Information/Data to train third-party public foundation models. We seek to use configurations, contractual restrictions or technical controls that limit third-party AI vendors’ use of Input Data to providing and supporting the relevant Services. Where a third-party AI vendor processes your Personal Information/Data on our behalf, we require, through data processing agreements or equivalent contractual arrangements, that such vendor maintains technical and organisational measures, confidentiality obligations, purpose-limitation restrictions and data-subject rights-assistance commitments that are at least equivalent to the protections described in this Policy and required by Applicable Laws. We do not authorise AI Sub-processors to use your Personal Information/Data for their own purposes beyond delivering the agreed service.

8. MODEL IMPROVEMENT, TRAINING AND EVALUATION

We distinguish service-delivery processing from model improvement, evaluation or training. Service delivery includes receiving Input Data, routing it, generating AI Outputs, maintaining temporary session state, applying safety filters, performing abuse checks, calculating Coin deductions, resolving technical errors and limiting retention after processing.

Location-related processing may include approximate location derived from IP address, settings, selected region, app-store region or network information, and precise location only where enabled and required by a feature. Location may support language configuration, regional experiences, fraud prevention, compliance settings, attribution, Offer Wall eligibility and security.

You should avoid submitting unnecessary personal details, identity documents, payment information, passwords, health information, children’s information, precise location information, confidential business information, legal documents, medical documents or other sensitive content unless required and lawful. The Platform is not intended to be a secure vault or permanent repository for sensitive records.

You must not record, upload, process or submit another person’s voice, image, likeness, biometric information, confidential information, personal information or sensitive information unless you have all required notices, consents, permissions and lawful grounds.

We do not seek biometric information unless a feature expressly requires voice, image or other identifier processing for the Service you choose. Such processing does not mean that the Company seeks to uniquely identify a person unless that functionality is expressly disclosed and handled under Applicable Laws.

9. VOICE, IMAGE, BIOMETRIC AND LOCATION-RELATED PROCESSING

The Services may process voice recordings, speech, accents, dialect, language patterns, background audio, images, faces, objects, text within images, places, signs, documents, metadata and location-related settings. Depending on context, such information may identify a person or require heightened safeguards.

We may use safety filters, moderation rules, rate limits, routing controls, child-safety controls, sensitive-content filters and other safeguards. These controls may limit processing or AI Outputs where necessary for compliance, safety, rights protection, misuse reduction or Platform integrity.

Where an automated process materially affects your account, access, Coins, rewards, subscription status or rights under Applicable Laws, you may contact us through the grievance mechanism. We will review such concerns in accordance with Applicable Laws and available safeguards.

The Platform may use automated systems to detect abuse, fraud, malware, unlawful content, manipulation of Coins, payment issues, suspicious device behavior, account compromise, unsafe prompts, harmful outputs or circumvention attempts. We do not intend to make solely automated decisions producing legal or similarly significant effects unless permitted by Applicable Laws and subject to safeguards.

Human Review will be limited to personnel or service providers with a need to access relevant information for a permitted purpose, subject to safeguards. Where raw Input Data has been deleted after transient processing, review may rely on retained logs, metadata, support records or information separately provided by you.

10. HOW WE SHARE AND DISCLOSE YOUR INFORMATION

We may share Information/Data in the following ways, where permitted for the relevant purpose and subject to appropriate confidentiality, security, processor, transfer and purpose-limitation safeguards where required:

a) Affiliates and group companies: to operate, administer, support, secure and improve the Platform and Services.

b) Service providers and Processors: with hosting, cloud, AI, translation, speech, computer-vision, analytics, security, customer-support, communication, payment support, fraud-prevention, audit, professional advisory and other service providers acting for us.

c) App stores, payment providers and subscription partners: to process subscriptions, verify payments, issue refunds, resolve disputes and administer Premium Membership Plans.

d) Advertising Partners and Offer Wall providers: to display, measure, attribute and verify advertisements, rewarded advertisements, offers, eligibility, anti-fraud checks and Coin credits, subject to your choices and Applicable Laws.

e) Third-Party Services selected or used by you: where you choose to access, connect, interact with or complete activities through a linked or integrated Third-Party Service.

f) Protection of rights and interests: to prevent fraud or abuse, protect security and integrity, enforce terms, protect rights and safety or respond to misuse.

g) Business transfers: in connection with a merger, acquisition, investment, financing, restructuring, sale of assets, insolvency, reorganization or transfer of all or part of our business, subject to appropriate safeguards.

h) Legal purposes: where required or permitted by Applicable Laws, court order, governmental direction, legal process, investigation, cyber-security reporting obligation or rights-protection need.

i) With your consent or instruction: where you authorize disclosure to a specified recipient.

We do not sell Personal Information/Data or disclose it for unrelated monetary consideration. Third-Party Services processing information for advertising, attribution, rewards or monetization are subject to this Policy, their own policies, your choices and Applicable Laws.

We may change vendors, models, cloud providers, speech engines, translation engines, computer-vision tools, analytics providers, safety systems or other processing tools from time to time. Where a material change requires notice or other action under Applicable Laws, we will take the required steps.

Where a provider acts as our Processor or service provider, we seek to impose obligations relating to confidentiality, purpose limitation, security, access controls, retention, incident notification, rights assistance, deletion or return of data, transfer safeguards and restrictions on unauthorized use of Input Data. We require that providers processing your Personal Information/Data on our behalf maintain data protection standards that are at least equivalent to those described in this Policy and required by Applicable Laws, and do not use your data for their own independent purposes beyond delivering the agreed service.

Providers may process Input Data, Content, metadata, device data, logs, AI Outputs or other Information/Data on our behalf or independently, depending on their role and terms. Transfers outside your country or region will be handled using safeguards or lawful transfer arrangements where required.

11. HOW DO WE RETAIN YOUR INFORMATION

We retain Information/Data only for as long as reasonably necessary for the purposes for which it was collected or processed, unless longer retention is required or permitted by Applicable Laws, contractual or operational requirements, accounting, fraud prevention, security, dispute resolution, enforcement or legal claims. The table below sets out indicative retention periods by category (actual periods may be shorter where data is deleted, de-identified or anonymised earlier, or longer where legal or operational necessity applies):

Account and profile information: retained while your account is active.

Voice recordings, images and prompts (AI Processing): deleted or de-identified within 24 hour of session completion by default, unless retained for a specific purpose described below.

Safety, abuse-prevention and quality logs: retained for [insert period, e.g. 12 months] from creation.

Payment, subscription and Coin records: retained for 5 years for tax, accounting and legal purposes.

Marketing consent records: retained for 3 years after consent is withdrawn or the relationship ends.

Support and communication records: retained for 3 years after closure of the relevant request.

Please contact us if you require information about the specific retention period applicable to any category of your Personal Information/Data.

Account, profile and contact information is generally retained while your account remains active and for a reasonable period thereafter. Coin, subscription, payment, Offer Wall and transaction records may be retained for accounting, tax, audit, anti-fraud, chargeback, refund, verification and legal purposes.

Voice recordings, images, prompts, transcripts, AI Outputs and session Content submitted for AI Processing are processed transiently and, by default, deleted, de-identified or subject to limited retention after completion of the requested processing or shortly thereafter. They are not retained as permanent history unless you save them, a feature provides for retention, you submit them for support or feedback, or retention is required for safety, debugging, fraud prevention, legal compliance or another purpose described in this Policy.

For AI Processing, raw audio, raw images and prompts are intended to be deleted or de-identified after transient processing by default. Limited metadata, safety logs, abuse-prevention logs, Coin records, model-routing records, quality metrics, error logs and support records may be retained longer where necessary and minimized where reasonably practicable.

Where feasible, we may separate Content from account identifiers, apply access restrictions, pseudonymize or de-identify records, aggregate metrics, minimize raw Content retention or use sampling techniques for quality review.

Deletion may not immediately remove all backup copies, caches, logs, legal records, security records, payment records, Offer Wall verification records or data retained by independent Third-Party Services, but we will apply deletion, de-identification, anonymization or retention controls in accordance with Applicable Laws and our practices.

Deleted, expired, transient or non-retained conversations, translations, recordings, images, prompts, AI Outputs, Coins, sessions or logs may not be recoverable.

When retention is no longer necessary, we will delete, de-identify, anonymize or aggregate Information/Data in accordance with Applicable Laws and our internal retention practices.

12. HOW WE PROTECT YOUR INFORMATION

We implement reasonable security practices and appropriate technical and organizational measures designed to protect Information/Data from unauthorized access, disclosure, alteration, destruction, loss, misuse and accidental damage. Measures may include access controls, authentication, encryption or similar safeguards, logging, vulnerability management, vendor controls, incident response, confidentiality obligations, data minimization, retention controls and periodic review.

No method of transmission, storage or processing is completely secure. You are responsible for maintaining account credentials, securing your device and notifying us of suspected unauthorized access or misuse.

Where a security incident or personal data breach triggers a reporting obligation, we will take steps required by Applicable Laws, which may include notifying affected individuals, supervisory authorities, cyber-security authorities, law-enforcement authorities or other competent authorities.

AI-related security measures may include prompt-abuse monitoring, rate limiting, anomaly detection, access logging, vendor-access controls, restrictions on employee access to raw Content and review of incidents involving unintended disclosure, prompt injection, model misuse, excessive data exposure or unauthorized access.

You must not attempt prompt injection, model extraction, scraping, automated abuse, circumvention of safety filters, unauthorized access to AI systems or any activity intended to expose non-public Platform, model, security or user information.

13. THIRD-PARTY LINKS AND FEATURES

The Platform may include Third-Party Services, advertisements, rewarded advertisements, Offer Wall tasks, surveys, games, links, SDKs or integrations provided by third parties that may act as our processors or as independent providers depending on the feature and processing activity.

When you interact with a Third-Party Service, the third party may collect information directly from you or your device, including device identifiers, IP address, advertising identifier, interaction data, reward eligibility and offer completion status. Their privacy policy and terms govern independent processing.

We may receive confirmation, attribution, verification, anti-fraud and reward-status information from Third-Party Services to credit Coins, verify eligibility, prevent manipulation and resolve disputes.

The Platform may use cloud infrastructure, AI vendors, analytics providers, support tools, payment partners, Advertising Partners and other Third-Party Services located in India, Europe or other jurisdictions. Where Personal Information/Data is transferred outside the European Economic Area, we rely on one or more of the following transfer mechanisms under GDPR Chapter V: (a) Standard Contractual Clauses adopted by the European Commission (currently Commission Implementing Decision (EU) 2021/914); (b) transfers to recipients in countries for which the European Commission has issued an adequacy decision; or (c) other appropriate safeguards permitted under Art 46 GDPR. A copy of the applicable transfer mechanism may be obtained by contacting us through the CONTACT section. Note that India does not currently hold an EU adequacy decision; transfers to SOHOFI’s Indian infrastructure therefore rely on Standard Contractual Clauses or equivalent Art 46 safeguards.

Where a feature permits you to save, download, export, share or reuse AI Outputs, you are responsible for reviewing those AI Outputs and handling any Personal Information/Data, confidential information, third-party content or sensitive information lawfully.

Deletion or erasure requests will be assessed under Applicable Laws and may not affect AI Outputs already delivered or shared, information retained for legal, operational or security purposes, anonymized information, backups or caches awaiting deletion, or information retained by independent Third-Party Services.

Subject to technical availability and Applicable Laws, you may limit certain AI Processing through Platform, device, browser or account controls, including microphone, camera, photo, location, notification, advertising, cookie and marketing preferences.

14. USER RIGHTS AND CHOICES

Subject to Applicable Laws, verification of identity and applicable limitations, you may have the following rights in relation to your Information/Data where European privacy or data protection laws apply:

a) Right to lodge a complaint: You have the right at any time to lodge a complaint with the supervisory authority of the EU member state in which you are habitually resident, work, or where you believe an infringement has occurred. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. This right is without prejudice to any other administrative or judicial remedy.

b) Right of access: To request confirmation of whether we process your Personal Information/Data and access to information about such processing.

c) Right to rectification: To request correction, completion or updating of inaccurate, misleading or incomplete Personal Information/Data.

d) Right to erasure: To request erasure of Personal Information/Data in circumstances recognized by Applicable Laws, subject to permitted retention and lawful limitations.

e) Right to restriction and objection: To request restriction of processing or object to certain processing, including direct marketing, where such rights apply.

f) Right to data portability: To request certain Personal Information/Data you provided to us in a structured, commonly used and machine-readable format, where Applicable Laws provide such right.

g) Right in relation to automated decisions (Art 22 GDPR): where the Platform makes solely automated decisions (including profiling) that produce legal or similarly significant effects concerning you, such as account suspension, denial of access to features or Coin-related determinations, you have the right to: (i) obtain human review of the decision; (ii) express your point of view; and (iii) contest the decision. We will identify the logic involved, the significance, and the envisaged consequences of such processing when you exercise this right. We do not currently make solely automated decisions of this nature by default, and we will inform you if this changes.

h) Right to withdraw consent and manage choices: to withdraw consent where processing is based on consent and to manage non-essential marketing, notifications, cookies, advertising identifiers and app permissions.

You may submit a request through the CONTACT section. We may verify your identity and may decline or limit a request where permitted by Applicable Laws, including where compliance would affect others’ rights, security, fraud prevention, legal obligations, legal claims, confidential information, anonymized data or data processed transiently and not retained.

Where Platform, device, browser, consent-management or cookie-preference tools are available, you may use them to manage, review or withdraw consent, subject to technical availability and Applicable Laws.

15. SENSITIVE PERSONAL INFORMATION AND CHILDREN'S PRIVACY

Sensitive Data may include health information, biometric data, genetic data, information revealing protected characteristics or beliefs and other categories recognized under Applicable Laws. Voice recordings, images, photographs, facial images, prompts or other Content may contain Personal Information/Data or Sensitive Data depending on context. We process such information only for the purposes described in this Policy and where a specific condition in Art 9(2) GDPR (or equivalent provision of Applicable Laws) applies. Where we rely on explicit consent under Art 9(2)(a) GDPR, we will seek that consent separately and distinctly from general consent to this Policy. Where we rely on substantial public interest under Art 9(2)(g) or vital interests under Art 9(2)(c), we will apply the additional safeguards required by Applicable Laws.

The Platform is intended for individuals who are at least 18 years of age or the age of majority in their jurisdiction, whichever is higher, unless a specific Service lawfully permits otherwise. Where users aged 16 or 17 seek to use the Platform, we note that several EU member states have set the age of digital consent below 16 (e.g. Germany and Austria at 14, France at 15) under Art 8(1) GDPR. In all cases, where a user is below the applicable age of digital consent in their member state, we require verifiable parental or guardian consent before providing services involving the processing of Personal Information/Data. We use age-verification measures appropriate to the risk of the processing activity.

We do not knowingly permit children to create accounts or use the Services unless permitted by Applicable Laws and supported by required parental or guardian consent or authorization. If we learn that a child’s Personal Information/Data was collected without required consent, we will take appropriate steps to delete or restrict it, subject to legal and safety requirements.

Where Applicable Laws require enhanced safeguards for children, we will comply with those requirements, including restrictions on detrimental processing, profiling, tracking, behavioral monitoring or targeted advertising directed at children, to the extent applicable.

16. EXERCISING RIGHTS:

You can exercise privacy rights by submitting a request through sohofi@sohofi-global.com or contacting the Grievance Officer / Data Protection Contact listed in the CONTACT section. We may request information to verify your identity and may be unable to honor a request if verification is not possible.

We will endeavor to acknowledge and resolve requests and grievances within the timelines prescribed under Applicable Laws, subject to any permitted extension, fee, refusal or limitation.

If dissatisfied, you may have the right to lodge a complaint with a competent supervisory authority or approach another competent regulator, court or forum available under Applicable Laws.

17. USER RESPONSIBILITIES

You are responsible for ensuring that Information/Data you provide is accurate and lawful. You must not impersonate another person, submit false information, raise false grievances, or use the Platform for unlawful surveillance, unauthorized recordings, biometric misuse, illegal data collection, harassment, stalking, doxxing, identity theft, infringement of privacy or publicity rights, violation of privacy laws or other prohibited activity.

If you process another person’s Personal Information/Data, including voice, image, likeness, biometric information, confidential information or sensitive information, you represent that you have provided all notices and obtained all consents, authorizations and legal grounds required under Applicable Laws and the Terms and Conditions.

Your use of the Platform, Content, AI Outputs, Coins, Offer Wall, advertisements and Third-Party Services remains subject to the Terms and Conditions, including user undertakings, prohibited conduct, disclaimers, limitation of liability and indemnification provisions, to the maximum extent permitted by Applicable Laws.

18. PROHIBITED AI AND DATA USES

If Content, AI Outputs, account behavior, Offer Wall activity, payment activity or Platform use creates legal, security, safety, privacy, reputational, operational or commercial risk, we may restrict processing, refuse outputs, suspend features, withhold rewards, preserve records where lawful, report unlawful activity, cooperate with authorities or take other action permitted under the Terms and Conditions and Applicable Laws.

You must not submit Content that includes malware, unlawful instructions, exploit code, phishing content, hate speech, child sexual abuse material, unlawful sexual, terrorist or violent content, threats, blackmail, extortion, unlawfully obtained personal data, unauthorized Sensitive Data, unlawful biometric data, unauthorized confidential information or other unlawful content.

You must not use the Platform to create or distribute deepfakes, misleading synthetic media, unlawful impersonations, deceptive audio, fraudulent translations, forged transcripts, fabricated evidence, unlawful surveillance materials, biometric identification tools or outputs that violate rights or Applicable Laws.

You must not use the Platform or AI Outputs to identify, profile, track, monitor, surveil, target, harass, deceive, defame, impersonate, manipulate or discriminate against any person, or infer sensitive characteristics of another person, except where expressly lawful and authorized.

19. UPDATE TO THE PRIVACY POLICY

The most current version of this Policy will govern our use of your Information/Data and can be found on the Platform. We may update this Policy at any time and will provide notice or take other steps required by Applicable Laws where a material change requires it. We advise you to review the Policy at regular intervals.

20. CONTACT

For questions, requests or inquiries regarding protection of your Information/Data or this Policy, including requests under European privacy or data protection laws, you can contact SOHOFI’s Grievance Officer / Data Protection Contact / Representative, where required:

Addressed To:

Name / Designation: SM/ Support Contact

Company: Sohofi Global Technologies

Address: Flat No. 203, 23/1, J R Makwoods Apartments, Old Mangammanapalya Road,

Popular Colony, Mangammanapalya, Bengaluru, Bengaluru Urban, Karnataka, 560068

E-mail: sohofi@sohofi-global.com

Platform: Voice Soul

Please keep in mind that email communication is not always secure. Include sufficient information to identify your account, country, request type and feature involved, but do not include unnecessary raw voice recordings, images, prompts or other sensitive Content unless required for the request.

We will address your request in accordance with Applicable Laws and ordinarily free of charge, except where a fee or limitation is permitted by law. We may verify your identity before acting. If unsatisfied, you may lodge a complaint with a competent supervisory authority or approach another competent regulator, court or forum available under Applicable Laws.

21. GOVERNING LAW AND JURISDICTION

This Policy and disputes relating to the Platform, Services, Coins, subscriptions, AI Outputs, advertisements, Third-Party Services or the relationship between you and the Company shall be governed by the laws of India for contractual and general legal matters, without regard to conflict-of-law principles. Notwithstanding the foregoing, nothing in this clause limits or excludes: (a) the application of the GDPR and applicable EU member-state data protection laws to processing of Personal Information/Data of individuals in the European Economic Area, which apply as a matter of public law and cannot be disapplied by choice of law; (b) the right of data subjects to exercise their GDPR rights before the competent supervisory authority or court in their member state of habitual residence; or (c) any other mandatory right available to you under Applicable Laws that cannot lawfully be waived. For the avoidance of doubt, the application of Indian law to this Policy does not reduce the level of protection afforded to European data subjects below the GDPR standard.

Subject to any non-waivable statutory, consumer, data-protection or regulatory remedy available under Applicable Laws, disputes relating to this Policy shall be subject to the jurisdiction provisions in the Terms and Conditions. Nothing prevents you from exercising non-waivable rights before competent courts, authorities or supervisory bodies where Applicable Laws grant such rights.