1. Overview
Soracin ("we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use soracin.com and any related products or services.
This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Information We Collect
We collect the following categories of personal data:
- Account data: Email address and authentication details — collected when you create an account (managed via Amazon Cognito) or submit the contact/waitlist form.
- Cloud connection data: The IAM role ARN, External ID, and AWS region you provide to connect your AWS account. We store these (encrypted at rest) to assume your deployer role. We assume the role for temporary credentials only — we do not collect or store your long-lived AWS access keys, your AWS root credentials, or your card details.
- Provisioning data: The configuration you enter in the wizard (such as project name, domain, alert email, sizing and blueprint selections) and metadata about the stacks we provision on your behalf.
- Launch report data: Approximately 24 hours after a successful provision, we perform a one-time read of your AWS account (e.g. provisioning status, a compliance snapshot, and a cost estimate) for the resources we created, solely to compile the free launch report we send you. We do not poll your AWS account on an ongoing basis.
- Transaction data: Purchase history and payment method type (not card numbers, which are processed by our payment provider) — collected when you purchase Premium or an add-on.
- Usage data: Pages visited, time spent, browser type, device type, IP address — collected automatically via analytics tools.
- Communications data: Content of any emails or messages you send to us.
3. How We Use Your Data
We use your personal data for the following purposes:
- To operate the Service — to authenticate you, provision infrastructure into your AWS account, and monitor the resources we create.
- To process payments and provide customer support.
- To send transactional emails (account, purchase, provisioning status, and alert notifications).
- To send marketing communications if you have given explicit consent — you may opt out at any time.
- To improve the Site and Service through aggregated usage analysis.
- To comply with legal obligations.
4. Legal Basis for Processing
We process your data on the following legal bases:
- Contract performance: To provide the Service, including provisioning the infrastructure you request and generating the one-time launch report.
- Legitimate interests: To improve our products and communicate relevant updates.
- Consent: For marketing communications — you may withdraw consent at any time.
- Legal obligation: To comply with applicable laws and regulations.
5. Data Retention
We retain personal data for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Purchase records are retained for a minimum of 7 years for tax and accounting purposes. You may request deletion of your data at any time, subject to legal retention requirements.
6. Data Sharing
We do not sell your personal data. We may share your data with trusted third-party processors who assist us in operating the Service, including:
- Amazon Web Services (AWS) — hosting of the Soracin platform, and the account your infrastructure is provisioned into.
- Amazon Cognito — user authentication and account management.
- Creem.io — payment processing.
- Resend — transactional and notification emails.
- Cloudflare — content delivery and protection for the Site.
- Analytics providers — for aggregated, anonymised usage data.
All processors are contractually required to handle your data in accordance with GDPR and applicable data protection laws.
7. Your Rights
Under applicable data protection law, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate data.
- Right to erasure: Request deletion of your data ("right to be forgotten").
- Right to restriction: Request that we restrict processing of your data.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests.
To exercise any of these rights, email us at support@soracin.com. We will respond within 30 days.
8. Cookies
We use strictly necessary cookies to operate the Site and, with your consent, analytics cookies to understand how the Site is used. You may control cookie preferences via your browser settings or our cookie consent banner.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Your cloud connection data (role ARN and External ID) is encrypted at rest, and we access your AWS account only via temporary credentials obtained by assuming the role you authorise — we never store long-lived AWS keys. You can revoke our access at any time by deleting the role in your AWS account. However, no method of transmission over the internet is 100% secure.
10. Contact & Data Controller
Soracin is the data controller for personal data collected via this Site. For any privacy-related queries, to exercise your rights, or to make a complaint, contact us at: support@soracin.com.
If you are dissatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.