PRIVACY POLICY

Voice Soul, is an AI-enabled voice, image and language assistance platform that enables its users to record, upload, translate, process and receive audio, image-based, contextual and language-related outputs through artificial intelligence and third-party processing systems (collectively referred to as the ‘Services’), and is owned and operated Sohofi Global Technologies, a partnership firm based in India, with its registered office at Flat No. 203, 23/1, J R Makwoods Apartments, Old Mangammanapalya Road, Popular Colony, Mangammanapalya, Bengaluru, Bengaluru Urban, Karnataka, 560068 (hereinafter referred to as the “SOHOFI”, “Company”, “we”, “us”, “our”, or “ourselves”). This Privacy Policy (“Policy”) informs about our policies and procedures regarding the collection, receipt, use, processing, disclosure, retention and protection of Information/Data that we collect from or about you when you use or visit the Voice Soul mobile application, website, web application, APIs, interfaces, software, tools, content and related services (hereafter referred to as the “Platform”).

This Policy is an electronic record in the form of an electronic contract formed under the Applicable Law. This Policy does not require any physical, electronic or digital signature. This Privacy Policy is a legally binding document between you and us.

In this Privacy Policy, “you” or “your” or “yourself” means the person using the Platform and/or the person on whose behalf you are acting, if any. We collect and process your Personal Information/Data, Sensitive Personal Data or Information, third-party information and other Information/Data carefully, only for the purposes described in this Policy, associated consent notices, feature-specific notices and the Terms and Conditions, and only to the extent necessary as defined herein and within the scope of applicable Indian laws and regulations. This Policy seeks to ensure that any Personal Information/Data, Sensitive Personal Data or Information, or third-party information handled by us is managed in a way that is lawful, ethical, compliant and consistent with reasonable security practices.

Please read this Privacy Policy carefully, before accessing or using our Platform, to understand our policies and practices regarding your Information/Data and how we will treat it. By accessing, browsing, registering on, subscribing to, earning or using Coins, completing Offer Wall activities, using advertisements or otherwise using the Platform or Services, you agree and accept the terms of this Policy, and you understand and agree to the collection, use, sharing and processing of Information/Data in the manner described herein, subject to your rights under Applicable Laws. If you accept this Policy on behalf of another person, company or other legal entity, you represent and warrant that you have full authority to bind such person, company, or legal entity to this Policy.

Our Policy describes the types of Information/Data we collect, why and how we use the Information/Data, with whom we share it, and the rights and choices you have about our use of the Information/Data. We also describe the measures we take to protect the security of the Information/Data and how you can contact us about our privacy practices.

This Policy describes our current data protection policies and practices and may be amended/updated from time to time. Any changes to this Policy will become effective upon posting of the revised Policy on the Platform or upon such other date as may be notified by us. We suggest that you regularly check this Policy to apprise yourself of any updates.

1. CONSENT

This Policy is a privacy notice provided to you in accordance with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025. It describes our data practices so that you can make an informed decision before providing consent. This Policy, by itself, does not constitute your consent to the processing of your Personal Information/Data. Where consent is the applicable legal basis under the DPDP Act, we will present you with a separate, itemised consent notice at the relevant point of use before collecting or processing your Personal Information/Data. That consent notice will specify the personal data to be collected, the specific purpose for which it is collected, and the manner in which you may exercise your rights and withdraw consent, in the manner prescribed under the DPDP Rules. If you do not agree with the terms of this Policy or the applicable consent notice, please do not use the relevant feature or Service. This Policy shall be deemed to be incorporated into the Terms and Conditions of the Platform and shall be read in addition to the Terms and Conditions.

Consent” under this Policy means a free, specific, informed, unconditional and unambiguous indication of your wishes by a clear affirmative action, signifying agreement to the processing of Personal Information/Data for a specified purpose, as defined under Section 2(c) read with Section 6 of the Digital Personal Data Protection Act, 2023. Where consent is the lawful basis for processing, we will present you with a consent notice that: (a) itemises each category of personal data proposed to be processed; (b) specifies each purpose for which it is processed; (c) explains the manner in which you may withdraw consent and exercise your rights under the DPDP Act; and (d) where processing is to be carried out by a Data Processor or third-party service provider on our behalf, identifies the categories of such processors. Consent will not be bundled with acceptance of terms and conditions, and you will not be required to consent to processing that is beyond what is necessary for the Service you are using. Consent obtained through this Policy, app permissions or terms acceptance alone does not satisfy the itemised-notice requirement where the DPDP Act requires a specific consent notice.

Where the Platform transmits your personal data to a third-party AI service as part of providing the core AI Processing functions described in this Policy, such transmission forms an integral part of the Service you have requested. By creating an account and using the AI Processing features of the Platform, you consent to your Input Data being sent to third-party AI service providers in the categories described in the AI Processing, Model Operations and Outputs section of this Policy, solely to provide those features to you. Before you use a feature that involves transmission of your personal data to a third-party AI service for the first time, the Platform will, to the extent technically practicable: (a) inform you of the nature of the data to be sent; (b) identify the category of third-party service provider that will receive it; and (c) obtain your affirmative action or confirmation where required by Applicable Laws or where the processing involves Sensitive Personal Data or Information. You may withdraw your consent or decline to use AI Processing features at any time by using the controls described in the User Rights and Choices section of this Policy.

Withdrawal of consent will not affect processing already undertaken before withdrawal and may limit or prevent your use of the relevant Service, feature, Coin-related functionality, Offer Wall activity or Third-Party Service. We may continue processing where required or permitted under Applicable Laws, including for legal compliance, fraud prevention, security, record-keeping, dispute resolution and legal claims.

2. APPLICABILITY

This Privacy Policy applies to Information/Data we collect through the Platform and Services, including account creation, app usage, voice-to-voice translation, image-to-voice functionality, contextual image assistance, language mapping, location-based language configuration, customer support, Coins, Premium Membership Plans, advertisements, Offer Wall activities, Third-Party Services and related functionality. Our Privacy Policy applies to all Users, Visitors and others who access our Platform.

This Privacy Policy does not apply to the privacy practices of independent third-party applications, app stores, payment gateways, AI vendors, cloud providers, analytics providers, advertising partners, Offer Wall providers, survey providers, game providers, external websites, linked content or other Third-Party Services that collect or process Information/Data for their own purposes. If you have any questions about the specific settings and privacy practices of such third parties, please review their privacy notices, policies and terms.

If you submit, upload, record or process Content, including any person’s voice, image, likeness, biometric information, personal information, confidential information, sensitive information, prompts, files, messages, image links or other materials through the Platform, you are responsible for ensuring that you have all rights, consents, notices, permissions and lawful grounds required under Applicable Laws and the Terms and Conditions.

Applicable Laws” shall mean and include all applicable laws, statutes, ordinances, rules, regulations, notifications, orders, judgments, governmental directions, guidelines and requirements having the force of law in India, including the Digital Personal Data Protection Act, 2023 and the rules, notifications and directions issued thereunder; the Information Technology Act, 2000 and rules framed thereunder, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, to the extent applicable; the Indian Contract Act, 1872; the Consumer Protection Act, 2019; applicable payment and consumer-protection laws; and any applicable directions of Indian governmental, regulatory, cyber-security, law-enforcement or judicial authorities.

Where a provision of Applicable Laws is not yet in force or becomes enforceable in phases, we will comply with that provision from the date on which it applies to the Company or to the relevant processing activity.

3. DEFINITIONS

a) Personal Information/Data” means any data about an individual who is identifiable by or in relation to such data, including digital personal data processed through the Platform. References to “Personal Data” shall be construed accordingly.

b) Sensitive Personal Data or Information” or “SPDI” shall have the meaning assigned to it under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, to the extent those Rules remain applicable and have not been superseded, amended or repealed by or pursuant to the Digital Personal Data Protection Act, 2023. As of the date of this Policy, the Central Government has not formally repealed or replaced the IT (SPDI) Rules 2011 in their entirety, and they may continue to apply to the extent consistent with the DPDP Act. The categories of SPDI include, where applicable, passwords, financial information, physical, physiological and mental health condition, sexual orientation, medical records and history, and biometric information. Under the DPDP Act, all digital personal data about an identifiable individual is "Personal Data" and the Act does not separately designate a category of sensitive personal data, though the Central Government may notify additional obligations for certain categories of personal data or Data Fiduciaries under Section 10 of the DPDP Act. Voice recordings, facial images, photographs or other Content may constitute Personal Data and may constitute SPDI where they include biometric information or other protected categories under Applicable Laws.

c) Data Principal” means the individual to whom Personal Information/Data relates and includes, where applicable, a parent or lawful guardian acting on behalf of a child or a person with disability under Applicable Laws.

d) Data Fiduciary” means the person who determines the purpose and means of processing Personal Information/Data. SOHOFI acts as the Data Fiduciary for Personal Information/Data processed for the purposes described in this Policy, except where a Third-Party Service independently determines its own purposes and means.

e) Data Processor” means any person who processes Personal Information/Data on behalf of a Data Fiduciary, including service providers, vendors, contractors and other processors engaged by us.

f) Processing” means any wholly or partly automated operation performed on Personal Information/Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, transmission, alignment, combination, indexing, sharing, restriction, erasure or destruction.

g) Content” means audio, voice recordings, speech, images, image links, prompts, text, metadata, feedback, files, messages, names, likenesses, usage instructions and other material submitted, uploaded, recorded, transmitted or made available by or on behalf of a User.

h) AI Outputs” means translations, audio responses, transcriptions, descriptions, contextual responses, language-related outputs, image-related outputs, prompts, text, voice outputs or other outputs generated, translated, enhanced, summarized, classified or assisted by artificial intelligence, machine-learning models, translation engines, speech engines, computer-vision systems or related third-party APIs.

i) AI Processing” means the processing of Content, Personal Information/Data, device information, technical data, prompts, voice recordings, images, metadata and other inputs by or through artificial intelligence systems, machine-learning models, translation engines, speech-processing systems, text-to-speech systems, speech-to-text systems, computer-vision systems, safety classifiers, content-moderation tools, model orchestration tools and related Third-Party Services.

j) Input Data” means prompts, audio, voice recordings, images, image links, text, instructions, metadata, files, feedback and other information submitted, uploaded, recorded, transmitted or otherwise provided to the Platform for processing by a Service or AI system.

k) Model Improvement Data” means data used to monitor, test, evaluate, debug, improve or enhance the quality, reliability, safety, latency, usability or performance of the Platform, Services, AI Outputs, speech-processing systems, translation engines, computer-vision systems or related safety systems. Model Improvement Data may include aggregated, anonymized or de-identified data, and may include Personal Information/Data only where permitted under this Policy, a consent notice, feature-specific notice or Applicable Laws.

l) Human Review” means review by authorized personnel, contractors or service providers for limited purposes such as troubleshooting, support, quality review, safety review, abuse investigation, legal compliance, grievance handling, security incident response, fraud prevention or improvement of the Platform, subject to confidentiality and access controls.

m) Coins”, “Offer Wall”, “Premium Membership Plan”, “Third-Party Services”, “User” and “Visitor” shall have the meanings assigned to them in the Terms and Conditions.

Information that is lawfully made or caused to be made publicly available by the Data Principal or by a person under a legal obligation to make such information publicly available may be treated in accordance with Applicable Laws. Aggregated, anonymized or de-identified information that cannot reasonably identify an individual is not treated as Personal Information/Data for purposes of this Policy.

4. INFORMATION WE COLLECT

We collect only such personal data as is necessary for the purposes for which consent is sought or for the legitimate use for which it is to be processed, consistent with our obligations under Section 6(5) of the Digital Personal Data Protection Act, 2023. We will not collect personal data beyond what is specified in the applicable consent notice, and we will not use personal data for any purpose other than the purpose specified in the consent notice or for a legitimate use under Section 7 of the DPDP Act. Depending on your use of the Platform, we may collect the following categories of Information/Data:

a) Information You Provide to Us

i) Account Information: Information about you that you provide to us when creating, maintaining or using an account, including name, username, account ID, profile information, email address, mobile number, language preferences, location/country selection, authentication-related information and any other information provided by you.

ii) Content and AI Processing Information: Voice recordings, audio clips, speech, language inputs, translations, transcriptions, pronunciation data, prompts, typed text, uploaded images, image links, camera inputs, contextual questions, metadata, feedback, files, messages, names, likenesses, usage instructions, AI Outputs and other Content that you submit, upload, record, transmit, generate or make available through the Services.

iii) Communication Information: If you communicate with us, such as by email, in-app support, phone, grievance channels or other means, we may collect your contact information, communication content and related records.

iv) Payment, Subscription, Coins and Offer Wall Information: Premium Membership Plan selection, subscription status, invoice identifiers, transaction references, app-store or payment-provider confirmations, refund status, Coin balance, Coin allocations, usage deductions, reward history, Offer Wall completion status, anti-fraud checks, eligibility criteria, attribution identifiers, third-party verification status and related records.

v) Any Other Information: Any other additional Information/Data you voluntarily provide in connection with the Platform or Services.

b) Information We Collect Through Automated Means

When you use the Platform or Services, we may collect device identifiers, advertising identifiers where permitted, app instance identifiers, IP address, operating system, browser type, app version, device model, network information, crash logs, diagnostics, access times, pages or screens viewed, features used, session length, usage patterns, cookies, SDK data, analytics data, attribution information, app permission status and similar technical logs.

The Platform may request access to device permissions such as microphone, camera, photo library, file access, storage, location and notifications. You may enable, disable or modify such permissions through your device settings or Platform settings. If you disable a permission, the relevant feature may not function or may function only in a limited manner.

c) Information We Collect from Other Sources

We may receive Information/Data from app stores, payment providers, Advertising Partners, Offer Wall providers, survey providers, game providers, AI vendors, cloud providers, analytics providers, fraud-prevention providers, support tools and other Third-Party Services integrated with or accessible through the Platform, in each case for the purposes described in this Policy and the Terms and Conditions.

5. HOW WE USE YOUR INFORMATION

We may use Information/Data for the following purposes. Under the Digital Personal Data Protection Act, 2023, we must process Personal Data only on a lawful basis. The primary lawful bases on which we rely are: (i) your consent, obtained through a separate itemised consent notice presented before the relevant processing commences; (ii) legitimate uses recognised under Section 7 of the DPDP Act, including processing necessary for compliance with any law or order of a court or tribunal, for the State or its instrumentalities for performance of a function authorised by law, for purposes related to employment or safeguarding of Data Principals, and for purposes of preventing or responding to a medical or public health emergency; and (iii) any other lawful basis notified or recognised under the DPDP Act or DPDP Rules from time to time. The specific lawful basis applicable to each purpose is indicated (in brackets) below, and where consent is required we will present you with the required itemised notice before processing commences:

a) To create, authenticate, maintain, secure and administer your account and to provide account-related support. [Lawful basis: consent / legitimate use — contractual and service delivery necessity]

b) To provide and maintain the Services, including voice-to-voice translation, image-to-voice functionality, contextual image assistance, language mapping, location-based language configuration, customer support and related functionality. [Lawful basis: consent]

c) To process Content, prompts, voice recordings, images, metadata and other inputs through artificial intelligence, machine-learning models, translation engines, speech engines, computer-vision systems and related third-party APIs to generate AI Outputs. [Lawful basis: consent — obtained via itemised consent notice before first use of the relevant AI feature]

d) To allocate, deduct, verify and administer Coins, Usage Charges, Premium Membership Plans, subscriptions, Offer Wall rewards, refunds, disputes and account balances. [Lawful basis: consent / legitimate use — performance of the commercial agreement and compliance with payment laws]

e) To display, measure, attribute and manage advertisements, rewarded advertisements, Offer Wall tasks, surveys, games, promotions and other monetization features, subject to your choices and Applicable Laws. [Lawful basis: consent — separate consent will be sought for use of personal data for targeted advertising or profiling, where required]

f) To detect, prevent, investigate and respond to fraud, abuse, spam, scraping, unauthorized recordings, unlawful surveillance, impersonation, biometric misuse, data misuse, payment fraud, chargebacks, Offer Wall manipulation, security incidents and other prohibited conduct. [Lawful basis: legitimate use under Section 7 of the DPDP Act — prevention of fraud and security incident response]

g) To improve, maintain, test, monitor, debug, analyze and develop the Platform, Services, safety systems, language quality, translation accuracy, performance, functionality and user experience. [Lawful basis: consent or legitimate operational necessity, depending on whether personal data is used directly or in anonymised/aggregated form; where personal data is used directly, a separate consent notice will be presented]

h) To communicate with you about account activity, service updates, security alerts, support responses, policy changes, subscription information, rewards and administrative matters. [Lawful basis: consent / legitimate use — essential service and security communications; marketing communications are subject to your opt-in consent where required by Applicable Laws]

i) To comply with Applicable Laws, court orders, governmental directions, regulatory requirements, cyber-security obligations, audit requirements, taxation, accounting, record-keeping and law-enforcement requests. [Lawful basis: legitimate use under Section 7(a) and Section 7(b) of the DPDP Act — compliance with law and orders of courts or tribunals]

j) To enforce the Terms and Conditions, this Policy and other applicable terms, and to establish, exercise or defend legal claims.

k) To create aggregated, anonymized or de-identified analytics, statistics, benchmarks and service-improvement insights that do not reasonably identify an individual.

Unless expressly disclosed in a consent notice, feature-specific notice or applicable setting, we do not use your voice recordings, images, prompts or Content containing Personal Information/Data to train third-party public foundation models. We may use aggregated, anonymized, de-identified or non-personal information to improve, test and monitor the Platform, Services and safety systems, provided that such information does not reasonably identify an individual.

6. DISCLAIMER

WHERE THE PLATFORM PROVIDES VOICE, IMAGE OR LANGUAGE ASSISTANCE FOR ACCESSIBILITY, CONVENIENCE, TRANSLATION OR CONTEXTUAL UNDERSTANDING, SUCH ASSISTANCE IS PROVIDED AS AN AUTOMATED AID AND NOT AS A GUARANTEED DESCRIPTION OF THE ENVIRONMENT, DOCUMENT, SIGN, OBJECT, PERSON, PLACE, RISK OR CONTEXT. USERS REMAIN RESPONSIBLE FOR EXERCISING INDEPENDENT JUDGMENT AND OBTAINING HUMAN ASSISTANCE WHERE CIRCUMSTANCES REQUIRE ACCURACY OR SAFETY.

THE PLATFORM IS NOT A SUBSTITUTE FOR PROFESSIONAL TRANSLATORS, INTERPRETERS, LAWYERS, DOCTORS, FINANCIAL ADVISERS, EMERGENCY SERVICES, GOVERNMENT AUTHORITIES, ACCESSIBILITY PROFESSIONALS OR OTHER QUALIFIED PROFESSIONALS. YOU MUST NOT RELY ON THE PLATFORM OR AI OUTPUTS FOR MEDICAL, LEGAL, FINANCIAL, TAX, INVESTMENT, EMERGENCY, GOVERNMENTAL, IMMIGRATION, LAW-ENFORCEMENT, SAFETY-CRITICAL, LIFE-CRITICAL, REGULATED PROFESSIONAL, HIGH-RISK OR OTHER DECISIONS WHERE INACCURATE TRANSLATION, DESCRIPTION, CONTEXTUAL ANSWER OR AUDIO OUTPUT COULD CAUSE HARM, LOSS, LIABILITY OR LEGAL CONSEQUENCE.

AI OUTPUTS MAY CONTAIN ERRORS, MISTRANSLATIONS, OMISSIONS, HALLUCINATIONS, INCORRECT IMAGE INTERPRETATIONS, MISSED NUANCE, DIALECT MISMATCH, TONE MISMATCH, CONTEXTUAL ERRORS, OFFENSIVE OR UNSAFE STATEMENTS, INAPPROPRIATE DESCRIPTIONS, INCORRECT OBJECT RECOGNITION, INCORRECT TEXT RECOGNITION, OR FAILURE TO IDENTIFY RISKS, SENSITIVE CONTENT OR MEANING. YOU SHOULD INDEPENDENTLY VERIFY ANY AI OUTPUT BEFORE RELYING ON IT, PARTICULARLY WHERE THE MATTER IS IMPORTANT, URGENT, REGULATED, SAFETY-SENSITIVE, FINANCIAL, LEGAL, MEDICAL, GOVERNMENTAL, IMMIGRATION-RELATED, EMPLOYMENT-RELATED, EDUCATIONAL, EMERGENCY-RELATED, LIFE-CRITICAL OR OTHERWISE CONSEQUENTIAL.

THE NATURE OF AI PROCESSING MEANS THAT AI OUTPUTS ARE GENERATED ALGORITHMICALLY AND MAY NOT BE DETERMINISTIC. THE SAME OR SIMILAR INPUT DATA MAY PRODUCE DIFFERENT OUTPUTS AT DIFFERENT TIMES DUE TO CHANGES IN MODELS, THIRD-PARTY SYSTEMS, LANGUAGE SETTINGS, PROMPTS, SYSTEM INSTRUCTIONS, SAFETY FILTERS, LATENCY, NETWORK CONDITIONS, REGIONAL AVAILABILITY, DEVICE SETTINGS OR PRODUCT CONFIGURATION. WE DO NOT REPRESENT THAT AI OUTPUTS WILL BE UNIQUE, EXCLUSIVE, COMPLETE, ACCURATE, LAWFUL, NON-INFRINGING, UNBIASED, NON-OFFENSIVE, SUITABLE FOR A PARTICULAR PURPOSE OR FREE FROM ERROR.

AI PROCESSING MAY OCCUR IN MULTIPLE STEPS. FOR EXAMPLE, A VOICE INPUT MAY BE RECORDED OR UPLOADED, CONVERTED INTO A MACHINE-PROCESSABLE FORMAT, TRANSCRIBED, TRANSLATED, EVALUATED FOR SAFETY OR ABUSE SIGNALS, CONVERTED INTO A TRANSLATED OR DESCRIPTIVE AUDIO RESPONSE, ASSOCIATED WITH METADATA SUCH AS LANGUAGE PAIR, DURATION, DEVICE STATE AND SESSION IDENTIFIER, AND LOGGED TO MAINTAIN SERVICE INTEGRITY. SIMILARLY, AN IMAGE INPUT MAY BE CAPTURED OR UPLOADED, ANALYZED FOR TEXT, OBJECTS, CONTEXTUAL FEATURES OR USER QUESTIONS, PROCESSED THROUGH COMPUTER-VISION OR LANGUAGE SYSTEMS, AND CONVERTED INTO A DESCRIPTIVE, TRANSLATED OR VOICE-BASED RESPONSE.

7. AI PROCESSING, MODEL OPERATIONS AND OUTPUTS

The Platform is an AI-enabled service and necessarily involves AI Processing. When you use voice-to-voice translation, image-to-voice functionality, contextual image assistance, language mapping, location-based language configuration or related functionality, your Input Data may be processed by a combination of Company systems and Third-Party Services. These may include speech-to-text systems, text-to-speech systems, translation engines, language models, computer-vision models, object-recognition tools, optical character recognition tools, content-moderation tools, safety classifiers, abuse-prevention systems, analytics tools, cloud infrastructure and other processing systems required to provide the Service.

When your Input Data is transmitted to a third-party AI service for processing, the data sent may include: (a) voice recordings, audio clips or speech submitted by you; (b) images or image links submitted by you; (c) text prompts, instructions or queries submitted by you; (d) transcripts or converted representations of the above; (e) session metadata such as language selected, feature used, region identifier and timestamp; and (f) such other technical or contextual data as is reasonably necessary for the relevant AI function to operate. We do not transmit account credentials, payment information or unnecessary personal identifiers to third-party AI services for AI Processing purposes.

We may maintain evaluation datasets, test prompts, benchmark outputs, safety cases, abuse signatures, fraud indicators and quality metrics derived from use of the Platform. Where such materials contain Personal Information/Data, access will be limited to authorized personnel or service providers with a need to know and will be subject to retention, confidentiality and security controls described in this Policy.

Feedback, corrections, ratings, suggested translations, quality comments, support tickets and similar inputs provided by you may be used to evaluate, debug, improve and develop the Platform, Services and AI Outputs. You should not include unnecessary Personal Information/Data, SPDI, confidential information or third-party information in feedback unless required to resolve the issue.

Where we use Personal Information/Data for model improvement, evaluation or quality review, we will do so only where permitted by Applicable Laws, this Policy, a consent notice, a feature-specific notice, user settings, contractual necessity, legitimate operational necessity recognized under Applicable Laws, or another lawful basis. We may also restrict model improvement processing for certain categories of Content, such as children’s data, SPDI, payment-related data, account credentials, support grievances or content subject to legal restrictions.

We may use aggregated, anonymized, de-identified or non-personal information to improve, test and monitor the Platform, Services, AI Outputs, safety systems, performance, language quality, feature availability, routing logic, abuse-prevention systems and user experience. We will use reasonable measures designed to prevent such information from reasonably identifying an individual.

Unless expressly disclosed in a consent notice, feature-specific notice or applicable setting, we do not use your voice recordings, images, prompts or other Content containing Personal Information/Data to train third-party public foundation models. Where third-party AI vendors, translation providers, speech providers or computer-vision providers process Input Data, we seek to use configurations, contractual restrictions or technical controls that limit their use of such Input Data to providing and supporting the relevant services, subject to the terms available from those providers and Applicable Laws.

The categories of third-party service providers that may receive your Input Data for AI Processing purposes include: (i) large language model (LLM) / foundation model providers that generate text, language or contextual responses; (ii) speech-to-text and text-to-speech engine providers that convert voice recordings to text and text to audio output; (iii) machine translation providers that translate content between languages; (iv) computer-vision and image-analysis providers that interpret images and generate image-related outputs; and (v) cloud infrastructure providers whose compute or storage resources host or route Input Data during processing. We do not share your Input Data with these providers for their own marketing, profiling or model-training purposes beyond what is described in this Policy. Where we are permitted to identify a specific provider by name, details will be published on the Platform or notified to you in a feature-specific notice.

8. MODEL IMPROVEMENT, TRAINING AND EVALUATION

We distinguish between processing needed to provide the Service and processing for model improvement, evaluation or training. Service delivery processing includes receiving Input Data, routing it to appropriate Company systems or Third-Party Services, generating AI Outputs, maintaining session state, applying safety filters, performing abuse checks, calculating Coin deductions and resolving technical errors. Model improvement processing may include quality measurement, debugging, latency evaluation, safety testing, translation-quality review, speech-recognition assessment, image-processing assessment, prompt and response evaluation, and development of improved workflows or safety controls.

Location-related processing may include approximate location derived from IP address, device settings, selected region, language settings, app-store region or network information, and precise location only where enabled by you and required by a feature. Location information may be used to configure language sets, regional experiences, feature availability, fraud-prevention controls, compliance settings, advertising attribution, Offer Wall eligibility and security measures.

You should avoid submitting unnecessary personal details, identity documents, payment information, passwords, health information, children’s information, precise location information, confidential business information, legal documents, medical documents or other sensitive content unless required for the specific Service and unless you have the right and lawful basis to do so. The Platform is not designed as a secure vault for highly sensitive records unless a feature expressly states otherwise.

You must not record, upload, process or submit another person’s voice, image, likeness, biometric information, confidential information, personal information or sensitive information unless you have all notices, consents, permissions and lawful grounds required under Applicable Laws and the Terms and Conditions. This restriction applies to recordings of conversations, images of individuals, images of documents, images containing personal details, workplace recordings, classroom recordings, medical, legal or financial information, and any Content where another person has a privacy or confidentiality interest.

We do not request that you submit biometric information unless a feature expressly requires processing of voice, image or other identifiers for the Service you choose to use. The Platform may process voice or image features to generate translations, transcriptions, descriptions, contextual answers, language outputs, safety filters, fraud-prevention checks, abuse-prevention signals or service-quality metrics. Such processing does not mean that the Company seeks to identify a person uniquely unless that functionality is expressly disclosed.

9. VOICE, IMAGE, BIOMETRIC AND LOCATION-RELATED PROCESSING

The Services may process voice recordings, speech, accents, dialect, language patterns, background audio, images, faces, objects, text within images, places, signs, documents, metadata and location-related settings. Such information may identify you or another person and may reveal sensitive context. Depending on the nature of the Content and the purpose of processing, certain information may constitute SPDI, including biometric information, or may otherwise require heightened care under Applicable Laws.

We may implement safety filters, content moderation rules, rate limits, usage limits, routing controls, feature restrictions, geo-configuration, child-safety controls, sensitive-content filters and other safeguards. These controls may prevent, modify, delay, refuse or limit processing of certain Content or generation of certain AI Outputs, including where necessary to comply with Applicable Laws, protect users, protect third-party rights, reduce misuse or maintain integrity of the Platform.

Where an automated process materially affects your account, access, Coins, rewards, subscription status or rights under Applicable Laws, you may contact us through the grievance mechanism described in this Policy. We may review relevant logs, device information, offer-completion records, support communications, payment metadata, Content metadata and other records necessary to resolve the issue, subject to Applicable Laws and the Terms and Conditions.

The Platform may use automated systems to detect abuse, fraud, malware, unlawful content, prohibited conduct, spam, manipulation of Coins, Offer Wall abuse, repeated failed payments, suspicious device behavior, account compromise, policy violations, unsafe prompts, harmful outputs or attempts to circumvent technical measures. Such automated systems may affect availability of features, routing of requests, generation or suppression of outputs, suspension of rewards, investigation of accounts, security challenges or enforcement actions.

Human Review will be limited to personnel or service providers who have a need to access the relevant information for the permitted purpose, subject to access controls, confidentiality obligations, logging where appropriate, internal policies and other safeguards. We may redact, mask, minimize, aggregate, anonymize or de-identify information where reasonably practicable and consistent with the purpose of review.

Most AI Outputs are generated through automated processing. However, authorized personnel, contractors, vendors or service providers may conduct Human Review for limited purposes such as customer support, troubleshooting, quality assurance, abuse investigation, safety review, model evaluation, fraud prevention, security incident response, legal compliance, grievance handling, enforcement of the Terms and Conditions or responding to lawful requests.

10. HOW WE SHARE AND DISCLOSE YOUR INFORMATION

We may share Information/Data in the following ways:

a) Affiliates and group companies: We may share Information/Data with our affiliates and group companies to operate, administer, support, secure and improve the Platform and Services.

b) Service providers and Data Processors: We may provide access to or share Information/Data with hosting providers, cloud providers, AI vendors, translation providers, speech-engine providers, computer-vision providers, analytics providers, security vendors, customer-support tools, email/SMS providers, payment support vendors, fraud-prevention vendors, auditors, professional advisers and other processors engaged to provide services on our behalf.

c) App stores, payment providers and subscription partners: We may share Information/Data to process subscriptions, verify payments, issue refunds, resolve disputes, administer Premium Membership Plans and comply with payment-related requirements.

d) Advertising Partners and Offer Wall providers: We may share Information/Data to display, measure, attribute and verify advertisements, rewarded advertisements, surveys, games, installs, offers, eligibility, anti-fraud checks and Coin credits. Such partners may also process certain information as independent data fiduciaries/controllers under their own policies.

e) Third-Party Services selected or used by you: We may share Information/Data where you choose to access, connect, interact with or complete activities through a Third-Party Service linked to or integrated with the Platform.

f) Protection of our rights and interests: We may disclose Information/Data to prevent fraud or abuse, protect the security and integrity of the Platform, enforce the Terms and Conditions, protect rights and safety, or respond to misuse of the Services.

g) Business transfers: We may disclose or transfer Information/Data in connection with a merger, acquisition, investment, financing, restructuring, sale of assets, insolvency, reorganization or transfer of all or part of our business, subject to appropriate confidentiality and legal safeguards.

h) Legal purposes: We may disclose Information/Data where required or permitted by Applicable Laws, court order, governmental direction, legal process, investigation, cyber-security reporting obligation or to protect rights, property, safety, security or the public interest.

i) Any other person with your consent: We may share Information/Data where you instruct or authorize us to disclose it to a specified recipient.

We do not disclose Personal Information/Data for unrelated monetary consideration. Where a Third-Party Service processes information for advertising, attribution, rewards or monetization, such processing will be governed by this Policy, the relevant third-party policy, your choices and Applicable Laws.

We will seek to ensure that vendor changes do not materially reduce the protection of Personal Information/Data under this Policy. Where a change materially affects processing of Personal Information/Data or requires notice or consent under Applicable Laws, we will provide notice or obtain consent as required.

We may change, add, remove, replace or reconfigure AI vendors, models, cloud providers, speech engines, translation engines, computer-vision tools, analytics providers, safety systems or other processing tools from time to time to improve functionality, safety, latency, availability, cost, language coverage, quality, reliability or legal compliance. Such changes may affect output quality, available features, regional availability, latency, retention, data flows and the categories of processors involved.

Where a provider acts as our Data Processor or service provider, we seek to impose appropriate obligations relating to confidentiality, purpose limitation, security, access controls, retention, incident notification, assistance with rights requests, deletion or return of data, and restrictions on unauthorized use of Input Data. Where a provider acts independently, its own terms and privacy policy may apply, and you should review such terms where the provider is identified or where you interact directly with that Third-Party Service.

With respect to third-party AI service providers that receive your personal data for AI Processing purposes, we seek to ensure, through contractual measures, that such providers afford a standard of protection to your personal data that is at least equivalent to the protections set out in this Policy and required under Applicable Laws. This includes restrictions on the provider using your Input Data for purposes other than providing the relevant service to us, obligations of confidentiality, appropriate security measures, and data-deletion or return obligations upon termination of the engagement. Where a provider operates under its own privacy framework that is independently recognized as equivalent or higher (for example, as a result of applicable adequacy standards or sector-specific regulation), we may rely on that framework to satisfy the equivalency standard. We cannot guarantee identical protection in all circumstances, but we will take reasonable steps to assess and address material shortfalls where they come to our attention.

The Company may use AI vendors, translation providers, speech-processing providers, computer-vision providers, cloud infrastructure providers, analytics providers, safety-tool providers, moderation vendors, monitoring tools and other service providers to operate the Platform. These providers may process Input Data, Content, metadata, device data, logs, AI Outputs or other Information/Data on our behalf or as independent providers, depending on their role and contractual terms.

11. HOW DO WE RETAIN YOUR INFORMATION

We retain Information/Data only for as long as reasonably necessary for the purposes for which it was collected or processed, unless a longer retention period is required or permitted by Applicable Laws, contractual obligations, tax/accounting requirements, regulatory requirements, fraud prevention, security, dispute resolution, enforcement of the Terms and Conditions or establishment, exercise or defense of legal claims.

Account, profile and contact information is generally retained while your account remains active and for a reasonable period thereafter as required for legal, security, fraud-prevention, accounting or dispute-resolution purposes. Coin, subscription, payment metadata, Offer Wall and transaction records may be retained as required for accounting, tax, audit, anti-fraud, chargeback, refund, verification and legal purposes.

Voice recordings, images, prompts, transcripts, AI Outputs and session Content may be processed transiently for providing the relevant Service and may not be retained permanently unless you choose to save them, a feature expressly provides for retention, retention is required for safety, debugging, fraud prevention, legal compliance or we otherwise disclose the retention in a feature-specific notice.

For AI Processing, we may retain different elements for different periods. Raw audio, raw images and prompts may be retained for shorter periods or processed transiently, while metadata, safety logs, abuse-prevention logs, Coin consumption records, model-routing records, quality metrics, error logs and support records may be retained for longer periods where necessary for security, fraud prevention, service integrity, accounting, legal compliance, dispute resolution or improvement of the Platform.

Where feasible, we may separate Content from account identifiers, apply access restrictions, de-identify records, aggregate metrics, minimize raw Content retention or use sampling techniques for quality review. De-identification or anonymization may not be reversible, and once information has been anonymized or aggregated it may not be possible to associate it with your account or respond to access, correction or erasure requests in relation to that anonymized or aggregated information.

Deletion of account information or Content may not immediately delete all backup copies, logs, legal records, security records, payment records, Offer Wall verification records or data retained by Third-Party Services, but we will apply deletion, de-identification, anonymization or retention controls in accordance with Applicable Laws and our retention practices.

The Platform may not retain permanent chat history, transcript history, image history, voice history or session history for all features. Deleted, expired, transient or non-retained conversations, translations, recordings, images, prompts, AI Outputs, Coins, sessions or logs may not be recoverable.

When the purpose for which personal data was collected is no longer being served and retention is no longer necessary for any legal, safety, fraud-prevention, security, accounting or dispute-resolution purpose, we will erase the personal data in accordance with our obligations under Section 8(7) of the Digital Personal Data Protection Act, 2023. Section 8(7) requires a Data Fiduciary to erase personal data upon the Data Principal withdrawing consent (to the extent the data is not required for a legitimate use under Section 7) or upon the Data Principal no longer being reasonably expected to use the service for which the data was collected. We will conduct periodic reviews of retained personal data to identify data that should be erased in the ordinary course. De-identification or anonymisation, where applied, will be carried out using techniques designed to prevent identification of the Data Principal, and once anonymised, the resulting information will not be treated as personal data for the purposes of the DPDP Act.

12. HOW WE PROTECT YOUR INFORMATION

We implement reasonable security practices and procedures and appropriate technical and organizational measures designed to protect Information/Data from unauthorized access, disclosure, alteration, destruction, loss, misuse and accidental damage. These measures may include access controls, authentication, encryption or similar safeguards where appropriate, logging, vulnerability management, vendor controls, incident-response processes, employee or contractor confidentiality obligations and periodic review of security practices.

No method of transmission, storage or processing is completely secure. You are responsible for maintaining the confidentiality of your account credentials, securing your device and promptly notifying us of any unauthorized access, suspected compromise or misuse of your account.

Where a personal data breach triggers a reporting obligation under the Digital Personal Data Protection Act, 2023, we will notify the Data Protection Board of India as required under Section 8(6) of the DPDP Act, and will notify affected Data Principals in the form and manner prescribed by the DPDP Rules. Separately, where a cybersecurity incident triggers reporting obligations under the CERT-In Directions (Directions under Section 70B of the Information Technology Act, 2000), we will report to the Indian Computer Emergency Response Team (CERT-In) within six hours of becoming aware of such incident, in the format and manner prescribed by CERT-In. We may also notify law-enforcement authorities or other competent authorities as required by Applicable Laws. Any breach notification to you will include, to the extent practicable and permitted by law, a description of the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address it.

AI-related security measures may include prompt-abuse monitoring, rate limiting, anomaly detection, access logging, segregation of production and testing environments, vendor-access controls, evaluation of model and API endpoints, restrictions on employee access to raw Content, controls on export of logs, and review of incidents involving unintended disclosure, prompt injection, model misuse, excessive data exposure or unauthorized access to Content or AI Outputs.

You should not attempt prompt injection, model extraction, data extraction, scraping, automated abuse, circumvention of safety filters, unauthorized access to AI systems or any other activity intended to expose system prompts, hidden instructions, non-public model configurations, other users’ data, vendor credentials, security controls or confidential platform information.

13. THIRD-PARTY LINKS AND FEATURES

The Platform may include Third-Party Services, advertisements, rewarded advertisements, Offer Wall tasks, surveys, games, links, SDKs or integrations. These may be provided by Advertising Partners, Offer Wall providers, app stores, payment providers, AI vendors, analytics providers or other third parties.

When you interact with a Third-Party Service, the third party may collect information directly from you or your device, including device identifiers, IP address, advertising identifier, interaction data, reward eligibility, offer completion status and other information needed to provide the third-party functionality. Their privacy policy and terms will govern their independent processing.

We may receive confirmation, attribution, verification, anti-fraud and reward-status information from Third-Party Services so that we can credit Coins, verify eligibility, prevent manipulation and resolve disputes. Completion of Offer Wall activities does not guarantee Coin credit unless all applicable completion conditions, third-party verification requirements and anti-fraud checks are satisfied.

The Platform may use cloud infrastructure, AI vendors, analytics providers, support tools, payment partners, Advertising Partners and other Third-Party Services located in India or outside India. Accordingly, personal data may be transferred to, stored in or processed in jurisdictions outside India for the purposes described in this Policy.

Under Section 16 of the Digital Personal Data Protection Act, 2023, the Central Government may restrict the transfer of personal data to certain countries or territories by notification. We will only transfer personal data outside India to countries or territories that have not been restricted under any such notification issued from time to time. As of the date of this Policy, the Central Government has not yet issued a positive whitelist or negative blocklist of countries under Section 16; we will update this Policy and implement necessary controls promptly upon any such notification being issued.

Where personal data is transferred outside India to a Data Processor or third-party service provider, we will ensure that the transfer is subject to contractual measures designed to maintain a standard of protection for your personal data that is consistent with the protections applicable under this Policy and the DPDP Act.

Where a feature permits you to save, download, export, share or reuse AI Outputs, you are responsible for reviewing those AI Outputs and ensuring that any Personal Information/Data, confidential information, third-party content or sensitive information contained in them is handled lawfully and appropriately.

If you request deletion or erasure of Personal Information/Data used for AI Processing, we will assess the request under Applicable Laws. Deletion may not affect AI Outputs already delivered to you or shared by you, information retained for legal or security purposes, aggregated or anonymized information, backups awaiting deletion in the ordinary course, or information retained by independent Third-Party Services under their own policies.

If you believe an AI Output contains Personal Information/Data about you that is inaccurate, inappropriate or should not have been generated or retained, you may contact us through the grievance mechanism. We may require information sufficient to identify the relevant account, session, output, date, feature or Content, and may be unable to locate or act on a request where the relevant Content was transient, not retained, anonymized, de-identified, deleted or processed by an independent Third-Party Service.

Subject to technical availability and Applicable Laws, you may use Platform or device controls to limit certain AI Processing, including by disabling microphone, camera, photo, location, notification or advertising permissions; deleting or not saving certain Content; avoiding submission of sensitive prompts; opting out of non-essential marketing communications; or using account settings made available by us.

14. USER RIGHTS AND CHOICES

Subject to Applicable Laws, verification of identity and applicable limitations, you have the following rights as a Data Principal under the Digital Personal Data Protection Act, 2023:

Right to obtain a summary of personal data being processed and the processing activities undertaken by us, and to obtain identities of all Data Fiduciaries and Data Processors with whom your personal data has been shared, together with a description of the personal data shared: Section 11(1)(a), DPDP Act.

Right to correct inaccurate or misleading personal data, complete incomplete personal data and update personal data, where necessary to ensure accuracy: Section 12(a), DPDP Act.

Right to erasure of personal data that is no longer necessary for the purpose for which it was processed, subject to our legal retention obligations: Section 12(b), DPDP Act.

Right to withdraw consent at any time, where processing is based on consent. Withdrawal will not affect the lawfulness of processing already undertaken before withdrawal and may limit or prevent use of the relevant Service: Section 6(4), DPDP Act.

Right to grievance redressal: you may register a complaint with us regarding any act or omission by us or our Data Processors that is in contravention of the provisions of the DPDP Act, and we must respond within the timelines prescribed under the DPDP Rules: Section 13, DPDP Act.

Right to nominate: you may nominate another individual to exercise your rights under the DPDP Act in the event of your death or incapacity, in the manner prescribed under the DPDP Rules: Section 14, DPDP Act.

Right to approach the Data Protection Board of India: if you are not satisfied with our response to your grievance, you may approach the Data Protection Board of India as established under Section 18 of the DPDP Act.

a)

b) Right to manage non-essential marketing communications, notification preferences, cookies, advertising identifiers and app permissions, subject to essential service, security, transactional and legal communications.

You may submit a request by contacting the Grievance Officer / Data Protection Contact listed in Section 20. We may require information reasonably necessary to verify your identity, account ownership and authority to act. We may decline or limit a request where permitted under Applicable Laws, including where compliance would adversely affect the rights of others, compromise security or fraud-prevention measures, conflict with legal obligations, affect legal claims, require disclosure of confidential information or concern data that has been anonymized or cannot reasonably be linked to you.

Where Consent Managers registered or recognized under Applicable Laws are available for the relevant processing activity, you may use such mechanisms to manage, review or withdraw consent, subject to technical availability and Applicable Laws.

15. SENSITIVE PERSONAL INFORMATION AND CHILDREN'S PRIVACY

Sensitive Personal Data or Information may include passwords, financial information, health information, medical records, biometric information and other categories recognized under Applicable Laws. Voice recordings, images, photographs, facial images, prompts or other Content may contain Personal Information/Data or SPDI depending on context. We process such information only for the purposes described in this Policy, the Terms and Conditions, consent notices or feature-specific notices, and subject to reasonable security practices.

The Platform is intended for individuals who are legally competent to contract under Applicable Laws, including the Indian Contract Act, 1872, and who are at least 18 years of age or the age of majority in their jurisdiction, whichever is higher, unless a specific Service expressly permits otherwise in compliance with Applicable Laws.

Under Section 9 of the Digital Personal Data Protection Act, 2023, a "child" means a person who has not completed eighteen years of age (or such other age as the Central Government may notify). Before processing the personal data of a child, we are required to obtain verifiable consent from the parent or lawful guardian of the child, in the manner specified under the DPDP Rules. We will implement age-verification measures that are technically and commercially practicable to identify users who may be children before collecting their personal data, in accordance with the DPDP Rules.

We will not process the personal data of a child in a manner that is likely to cause any detrimental effect on the well-being of the child. We will not undertake tracking or behavioural monitoring of children or targeted advertising directed at children, as prohibited under Section 9(3) of the DPDP Act.

If we become aware that Personal Information/Data of a child has been collected without the required verifiable parental or guardian consent, we will promptly delete or restrict such Personal Information/Data, subject to any overriding legal obligation to retain it for safety, fraud-prevention or compliance purposes, and will notify the parent or guardian where practicable.

16. EXERCISING RIGHTS:

You can exercise privacy rights described in this Policy by submitting a request through sohofi@sohofi-global.com. You may also contact the Grievance Officer / Data Protection Contact listed in Section 16. For security purposes, we may request additional information from you to verify your identity when you request to exercise rights related to your Personal Information/Data. If we cannot verify your identity, we may not be able to honor your request.

We will acknowledge grievances within forty-eight (48) hours of receipt and resolve them within such period as is prescribed under the Digital Personal Data Protection Rules, 2025. Where the DPDP Rules prescribe a specific timeline for responding to requests to exercise rights (such as access, correction, erasure and nomination), we will comply with that timeline. To the extent the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 continue to apply and have not been superseded, we will also comply with the timelines prescribed thereunder. Our Grievance Officer is appointed in accordance with the requirements of Applicable Laws and is authorised to address grievances relating to processing of your personal data.

If you are not satisfied with the resolution of your grievance by the Grievance Officer, you have the right under Section 18 of the Digital Personal Data Protection Act, 2023 to make a complaint to the Data Protection Board of India. You may also approach any other competent court, tribunal or forum available under Applicable Laws, subject to the procedures and timelines prescribed by law. The Data Protection Board of India may be contacted in the manner published on the official website of the Ministry of Electronics and Information Technology (MeitY) from time to time.

17. USER RESPONSIBILITIES

You are responsible for ensuring that Personal Information/Data you provide is accurate, complete and up to date. You must not impersonate another person, submit false or misleading information, suppress material information, raise false or frivolous grievances or complaints, or use the Platform for unlawful surveillance, unauthorized recordings, biometric misuse, illegal data collection, harassment, stalking, doxxing, identity theft, infringement of privacy or publicity rights, or any other prohibited activity under the Terms and Conditions or Applicable Laws.

If you submit, upload, record or process Personal Information/Data relating to another individual, including voice, image, likeness, biometric information, confidential information or sensitive information, you represent that you have provided all notices and obtained all consents, authorizations and legal grounds required under Applicable Laws and the Terms and Conditions.

You agree that your use of the Platform, Content, AI Outputs, Coins, Offer Wall, advertisements and Third-Party Services shall remain subject to the Terms and Conditions, including provisions relating to user undertakings, prohibited conduct, disclaimers, limitation of liability and indemnification, to the maximum extent permitted under Applicable Laws.

18. PROHIBITED AI AND DATA USES

If we believe that Content, AI Outputs, account behavior Offer Wall activity, payment activity or use of the Platform creates legal, security, safety, privacy, reputational, operational or commercial risk, we may restrict processing, refuse to generate outputs, suspend features, withhold rewards, preserve records, report unlawful activity, cooperate with lawful authorities or take other action permitted under the Terms and Conditions and Applicable Laws.

You must not submit Content that includes malware, unlawful instructions, exploit code, phishing content, hate speech, child sexual abuse material, sexually explicit unlawful content, terrorist content, content inciting violence, threats, blackmail, extortion, personal data obtained unlawfully, confidential information without authority, or information that you are prohibited from processing under contract, fiduciary duty, employment obligation, law or court order.

You must not use the Platform to create or distribute deepfakes, misleading synthetic media, unlawful impersonations, deceptive audio, fraudulent translations, forged transcripts, misleading descriptions, fabricated evidence, unlawful surveillance material, non-consensual intimate content, exploitative content, infringing content or content intended to mislead courts, regulators, law-enforcement authorities, employers, educational institutions, financial institutions, medical professionals or other persons.

You must not use the Platform or AI Outputs to identify, profile, track, monitor, surveil, target, harass, deceive, defame, impersonate, manipulate or discriminate against any person in violation of Applicable Laws or third-party rights. You must not use the Platform to infer or attempt to infer sensitive attributes, biometric identity, health condition, caste, religion, sexual orientation, financial status, political views, employment status, location, vulnerability or other sensitive characteristics of another person except where expressly lawful and authorized.

19. UPDATE TO THE PRIVACY POLICY

The most current version of this Privacy Policy can be found on our Platform. We reserve the right to update this Privacy Policy at any time. Where an update materially changes the purposes for which personal data is processed, the categories of personal data collected, the categories of third parties with whom personal data is shared, the data retention periods, or your rights and choices, we will notify you in the manner prescribed under the DPDP Rules before the change takes effect. Where the change affects processing for which your consent was the lawful basis, we will present a fresh consent notice and obtain your renewed consent before processing your personal data in that new or changed manner. Changes that do not materially affect your rights or the processing of your personal data may be communicated by posting the updated Policy on the Platform. We advise you to review the Privacy Policy at regular intervals. If you do not accept a material change, you may withdraw consent and discontinue use of the affected feature or Service, as described in the Consent section of this Policy.

20. CONTACT

For any questions, requests or reasonable inquiry related to the protection of your Information/Data at SOHOFI or regarding this Policy in general, you can contact SOHOFI’s Grievance Officer / Data Protection Contact:

Addressed To: Sohofi Global Technologies

Name / Designation: SM/ Support Contact

Company: Sohofi Global Technologies

Address: Flat No. 203, 23/1, J R Makwoods Apartments, Old Mangammanapalya Road,

Popular Colony, Mangammanapalya, Bengaluru, Bengaluru Urban, Karnataka, 560068

E-mail: sohofi@sohofi-global.com

Platform: Voice Soul

Please keep in mind that email communication is not always secure. Therefore, please do not include unnecessary Sensitive Personal Data or Information in your emails to us.

We will do our best to address your request in time and free of charge, except where it would require a disproportionate effort or where a fee or limitation is permitted under Applicable Laws. In certain cases, we may ask you to verify your identity before we can act on your request. If you are unsatisfied with the reply received, you may then refer your complaint to the Data Protection Board of India or any other competent regulator, court or forum available under Applicable Laws.

21. GOVERNING LAW AND JURISDICTION

This Policy, and any dispute, claim, controversy or proceeding arising out of or relating to this Policy, the Platform, Services, Coins, subscriptions, AI Outputs, advertisements, Third-Party Services or any relationship between you and the Company, shall be governed by and construed in accordance with the laws of India, without regard to conflict-of-law principles.

Subject to any non-waivable statutory remedy, consumer forum remedy or regulatory remedy available under Applicable Laws, disputes relating to this Policy shall be subject to the jurisdiction provisions set out in the Terms and Conditions, including the exclusive jurisdiction of the courts and tribunals at Bangalore, Karnataka, India.