S
SokoSense
Back to Home

Privacy Policy

Last updated: February 2026

1. Introduction

SokoSense ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal data when you use our website (sokosense.com) and application (app.sokosense.com). We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller for your personal data is SokoSense. For any questions regarding data processing, contact us at privacy@sokosense.com.

3. Data We Collect

We collect the following categories of data:

  • Account data: email address, name, password (hashed), language preference
  • Store data: product catalog, prices, sales history, stock levels (synced from your e-commerce platform)
  • Competitor data: public competitor product URLs and prices you choose to track
  • Usage data: pages visited, features used, session duration (only with your consent)
  • Technical data: browser type, device type, IP address (anonymized), timezone

4. How We Use Your Data

We use your data for the following purposes:

  • Provide, maintain, and improve our pricing intelligence services
  • Generate AI-powered sales forecasts and price recommendations
  • Send you price alerts, stock warnings, and weekly summaries
  • Process payments and manage your subscription
  • Analyze usage patterns to improve the product (only with consent)

5. Legal Basis for Processing (GDPR Art. 6)

We process your personal data on the following legal bases:

  • Contract: Processing necessary to provide our services (account management, product features, alerts)
  • Consent: Analytics cookies, session recording, and marketing communications. You can withdraw consent at any time.
  • Legitimate interest: Security measures, fraud prevention, and service improvement

6. Cookies & Analytics

We use cookies and analytics to understand how visitors use our site. No analytics data is collected until you explicitly consent via our cookie banner.

Essential Cookies

These are strictly necessary for the website to function (e.g., session authentication, language preference). They do not require consent.

Analytics Cookies (PostHog)

We use PostHog for web analytics and session recording. PostHog is self-hosted in the EU (Frankfurt, Germany). Data collected includes: pages visited, clicks, scroll depth, session recordings (with inputs masked), device and browser information. No data is shared with third parties or used for advertising. These cookies are only set after you give consent.

Managing Your Preferences

You can accept or reject analytics cookies via the banner shown on your first visit. To change your preference later, clear your browser cookies for sokosense.com and the banner will reappear. You can also contact us at privacy@sokosense.com.

7. Data Processors

We share your data only with the following processors, all bound by Data Processing Agreements:

  • PostHog (EU) — Web analytics and session recording
  • Supabase (EU, Paris) — Database hosting
  • Stripe (EU/US) — Payment processing
  • Resend (US) — Transactional email delivery
  • Anthropic (US) — AI-powered summaries and forecasts (no personal data sent, only anonymized product/sales data)

8. International Transfers

Your data is primarily stored in the EU (Supabase Paris, PostHog Frankfurt). Some processors (Stripe, Resend, Anthropic) may process data in the US under Standard Contractual Clauses (SCCs) or adequacy decisions. We never send personal data (emails, names) to AI providers — only anonymized product and sales metrics.

9. Data Retention

We retain your data according to the following schedule:

  • Account data: retained while your account is active, deleted within 37 days of account deletion request (30-day grace period + 7-day purge)
  • Analytics data: retained for 12 months, then automatically deleted
  • Sales and pricing history: retained for 12 months in detail, then aggregated (no personal data in aggregates)

10. Data Security

We implement industry-standard security measures: AES-256-GCM encryption for sensitive data at rest, TLS 1.3 for data in transit, input validation and SQL injection prevention (Prisma ORM), regular security audits (OWASP Top 10 + PortSwigger methodology), read-only Docker containers with dropped capabilities, and CrowdSec WAF protection.

11. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interest
  • Right to withdraw consent: Withdraw consent for analytics at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@sokosense.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

12. Children's Privacy

SokoSense is a B2B service designed for e-commerce merchants. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us immediately.

13. Contact Us

For any questions about this Privacy Policy or to exercise your data rights, contact us at privacy@sokosense.com.

We value your privacy

We use cookies to analyze site usage, improve your experience, and understand how visitors interact with our site. No data is collected until you consent.

Analytics powered by PostHog (EU servers). Data is never sold or shared with advertisers. You can change your preferences at any time. Read our Privacy Policy · Cookie Policy