Privacy Policy

1. Introduction

Sioree Inc. ("Sioree," "we," "us") respects your privacy. This policy explains what personal information we collect, how we use it, and your rights regarding that information. This policy applies to all users of the Sioree platform, including Hosts, Guests, and Vendors.

2. Information We Collect

Account Information

• Name, email address, phone number, date of birth
• Profile information (city, Instagram handle, avatar)
• Business information for Vendors (business name, tax address, W-9 attestation)

Event Information

• Event details (title, date, location, guest count, budget)
• RSVP and ticket purchase data
• Compliance documents you upload (permits, insurance certificates)

AI Interaction Data

• Chat messages with our AI assistant
• AI-generated memory notes about your preferences (with your consent)
• Voice call recordings and transcriptions (for AI voice calls)

Payment Information

• Payment processing is handled by Stripe. We do not store credit card numbers. We store Stripe customer IDs and transaction metadata.

Usage & Technical Data

• IP address, device type, browser type
• Pages visited, features used, timestamps
• AI agent usage metrics (outreach emails sent, calls made)

3. How We Use Your Information

• Provide services: Create events, process bookings, manage compliance, execute AI outreach
• Personalize experience: AI memory stores preferences to improve future recommendations
• Process payments: Deposits, vendor payouts, usage billing
• Communicate: Notifications, compliance alerts, booking updates
• Improve the platform: Analytics, AI model training (anonymized), bug fixes
• Legal compliance: Tax reporting, fraud prevention, regulatory obligations

4. Third-Party Services

We share information with these providers as necessary to operate the Platform:

• Supabase: Database hosting, authentication, file storage
• Stripe: Payment processing, tax calculation
• OpenAI: AI model inference for chat and agent features
• Vapi: AI voice call infrastructure
• Resend: Transactional email delivery
• Google Maps: Venue location and geocoding services
• Vercel: Application hosting and serverless functions

Each provider processes data according to their own privacy policies. We do not sell your personal information to third parties.

5. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• AI memory: Retained for 90 days after your last event completes, then automatically purged. You can opt out at any time.
• Chat messages: Retained for 1 year after event completion, then deleted.
• Voice call recordings: Retained for 90 days after the call, then deleted. Transcriptions retained for 3 years for legal compliance.
• Call logs: Retained for 3 years for TCPA compliance documentation.
• Compliance documents: Retained for 3 years after event completion for legal compliance.
• Payment records: Retained for 7 years per tax and financial regulations.

6. Your Rights

All Users

• Access: Request a copy of all personal data we hold about you
• Correction: Update inaccurate information via your profile or by contacting us
• Deletion: Request deletion of your account and personal data
• AI Memory Opt-Out: Disable AI preference storage at any time in your privacy settings

California Residents (CCPA)

• Right to Know: Request details about personal information collected, used, and disclosed
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out of Sale: We do not sell personal information. If this changes, you will have the right to opt out.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

EU/EEA Residents (GDPR)

• Legal basis: We process data based on contractual necessity (providing services), legitimate interest (improving the platform), and consent (AI memory, marketing emails)
• Data portability: Request your data in a machine-readable format
• Withdraw consent: At any time, without affecting prior processing
• Lodge complaint: With your local data protection authority

To exercise any right, email privacy@sioree.net or visit your privacy settings. We respond within 30 days (GDPR) or 45 days (CCPA).

7. Do Not Sell My Personal Information

Sioree does not sell your personal information as defined under the California Consumer Privacy Act (CCPA). We do not share personal information with third parties for their direct marketing purposes.

8. Security

We use industry-standard security measures including encrypted data transmission (TLS), encrypted storage, row-level security policies, and access controls. No system is 100% secure — please use strong passwords and report any suspected breaches to security@sioree.net.

9. Children's Privacy

Sioree is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, contact us immediately and we will delete it.

10. Updates

We may update this policy from time to time. Material changes will be communicated via email or Platform notification. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Privacy questions or data requests: privacy@sioree.net