Back to home

Privacy Policy

Last updated: March 2026

At Sotally, we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding your personal information. We are committed to transparency and compliance with applicable data protection regulations including the GDPR.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and optional avatar. This information is retained until you delete your account.

Execution Data

When you run a tool, we store your inputs and the resulting outputs. This data is retained for 90 days to support your execution history, troubleshooting, and quality assurance.

Transaction Data

We maintain records of all credit purchases and usage, including timestamps, amounts, and associated tools. Financial records are retained indefinitely as required for accounting and legal compliance.

Usage Analytics

We collect aggregated, anonymized data about how tools are used on the Platform. This helps us improve the Platform and helps creators understand tool performance. Individual user details are never included in creator analytics.

2. How We Use Your Information

  • Provide the service: Execute tools, manage your account, process credit transactions.
  • Improve the Platform: Analyze usage patterns to enhance features and reliability.
  • Communicate with you: Send transactional emails, security alerts, and (with your consent) marketing communications.
  • Prevent fraud: Detect and prevent abuse, chargebacks, and policy violations.
  • Support creators: Provide anonymized analytics to help creators improve their tools.

3. Data Storage & Security

All sensitive data is encrypted at rest using AES-256 and in transit using TLS 1.3. Tool executions are sandboxed — one tool cannot access another tool's data. We do not sell user data to third parties.

4. API Keys (Bring Your Own Model)

If you use the BYOM feature, your external API keys are encrypted with AES-256-GCM. Keys are decrypted only at the moment of tool execution and are never logged, displayed, or accessible to tool creators. You can view (masked) and delete your stored keys at any time from your account settings.

5. Execution Data

Your tool execution inputs are accessible to you and to our support team. Inputs may be shared with tool creators in anonymized form to help improve tool quality. Execution outputs are accessible only to you and support. All execution data is automatically deleted after 90 days.

6. Cookies

We use essential cookies to maintain your session and authentication state. We may use analytics cookies to understand how the Platform is used. You can manage cookie preferences through your browser settings. The Platform functions with only essential cookies enabled.

7. Third-Party Services

We work with the following third-party services:

  • Stripe: Payment processing. Stripe processes your payment information directly — we never store your full credit card number. See Stripe's Privacy Policy.
  • OpenAI and other AI providers: When tools are executed, your inputs may be sent to AI provider APIs for processing. When using BYOM, requests go through your own API key. Providers have their own data handling policies.
  • Analytics providers: We may use analytics services to understand Platform usage. Data shared with these services is anonymized.

8. Your Rights

Under the GDPR and other applicable regulations, you have the following rights:

  • Right of access: Request a copy of all personal data we hold about you.
  • Right to rectification: Correct inaccurate personal data.
  • Right to erasure: Request deletion of your account and all associated data. We process deletion requests within 30 days.
  • Right to data portability: Export your data, including tool configurations.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to object: Object to processing of your data for specific purposes.
  • Right to withdraw consent: Withdraw consent for marketing communications at any time via account settings or email unsubscribe links.

To exercise any of these rights, contact us at privacy@sotally.com.

9. Data Retention

Data TypeRetention Period
Account informationUntil account deletion
Execution inputs & outputs90 days
Credit transactionsIndefinite (financial records)
Creator promptsUntil tool deletion
BYOM API keysUntil you delete them
Usage analyticsIndefinite (anonymized)

10. Data Breach Response

In the event of a data breach, we will notify affected users within 72 hours, provide details about the breach and our response, report to relevant authorities as required by law, and offer credit monitoring if personal data was exposed.

11. Contact

For privacy-related inquiries, contact our data protection team at privacy@sotally.com.

© 2026 Sotally. Your Software Ally.