This privacy policy describes how Appolius d.o.o. (the company developing SOPX) collects, uses, and protects personal data when you use the SOPX website and web application. By accessing or using SOPX, you consent to the practices described in this policy.
Appolius d.o.o. is committed to protecting your personal data. We process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Personal Data Protection Act of the Republic of Slovenia.
Definitions
Personal data means any information relating to an identified or identifiable natural person. Processing means any operation performed on personal data, including collection, storage, use, transmission, and deletion. Data controller means Appolius d.o.o., which determines the purposes and means of processing your personal data. Data processor means a third party that processes personal data on behalf of the data controller, under a written data processing agreement.
Data Controller
The data controller responsible for your personal data is Appolius d.o.o., Republic of Slovenia. For all data protection matters, contact us at [email protected].
Legal Basis for Processing
We process your personal data on the following legal bases under Article 6 of the GDPR: Contract performance: processing necessary to provide the SOPX service to you under your subscription agreement, including account management, processing uploaded content to generate SOPs, and billing. Legitimate interests: processing necessary for the security of the service, fraud prevention, and improving service reliability, where these interests are not overridden by your rights. Legal obligation: processing required to comply with applicable laws and regulations. Consent: where you have given explicit consent, such as for optional cookies. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
Data We Collect
Account data: When you register, we collect your name, email address, and password (stored in hashed form). We also collect your organization name and subscription plan details.
Content data: When you use SOPX, we store the videos you upload, the audio extracted from those videos for transcription, the generated SOPs and work instructions, and any edits you make to that content.
Usage and log data: We automatically collect technical data necessary to operate the service, including IP address, browser type, device type, timestamps of actions performed in the application, and error logs.
Billing data: Payment processing is handled by third-party payment processors. We do not store full payment card details. We retain transaction records such as amounts, dates, and subscription status.
Website data: When you visit our website, device and log data (IP address, date and time of visit) are collected automatically. This data is used for security and analytics purposes.
AI Processing of Your Content
SOPX uses artificial intelligence to transcribe audio from uploaded videos and to analyze video content in order to generate structured work instructions and SOPs. This processing is the core function of the service.
To deliver this functionality, audio and video content you upload is transmitted to third-party AI service providers who act as data processors on our behalf. These providers process your content solely to provide the transcription and analysis service and are bound by data processing agreements that prohibit them from using your content for any other purpose, including training AI models.
You should be aware that videos and audio you upload may contain personal data of individuals appearing in or speaking in that content. You are responsible for ensuring you have a lawful basis under applicable data protection law to upload and process such content using SOPX.
International Data Transfers
Appolius d.o.o. is based in the Republic of Slovenia and stores your account data, content, and SOPs on servers located within the European Union.
To provide AI-powered transcription and video analysis features, certain content data is transmitted to AI service providers based in the United States. These transfers are carried out on the basis of Standard Contractual Clauses (SCCs) adopted by the European Commission, which provide appropriate safeguards for the transfer of personal data to third countries under Article 46 of the GDPR. Our AI service providers have incorporated SCCs into their standard data processing agreements.
Data Processors
We engage the following categories of third-party data processors to operate the service: AI service providers for audio transcription and video analysis; payment processors for subscription billing; analytics providers for understanding service usage. All processors are engaged under written data processing agreements that restrict their use of your data to the purposes specified.
We use Plausible Analytics to understand how the service is used. Plausible collects anonymized, aggregated usage data and does not use cookies or collect personal data as defined under GDPR. No personal data is shared with Plausible.
Data Control and Security
Your data is controlled by Appolius d.o.o. We implement technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, or alteration. These measures include encrypted data transmission (TLS), access controls limiting data access to authorized personnel only, and regular security reviews of our infrastructure.
Data Retention
We retain your personal data and content for as long as your account is active. When you cancel your subscription or delete your account, all your data, including uploaded videos, generated SOPs, transcripts, and account information, is permanently deleted from our systems. Deletion is irreversible. We may retain billing and transaction records for the period required by applicable tax and accounting law.
Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
Right of access: You may request a copy of the personal data we hold about you.
Right to rectification: You may request correction of inaccurate or incomplete personal data.
Right to erasure: You may request deletion of your personal data. You can delete your account and all associated data directly from your account settings.
Right to restriction: You may request that we restrict processing of your personal data in certain circumstances.
Right to data portability: You may request a copy of your data in a structured, machine-readable format.
Right to object: You may object to processing based on legitimate interests.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec, www.ip-rs.si) or another competent supervisory authority in the EU member state of your habitual residence.
Minimum Age
SOPX is not intended for use by individuals under the age of 16. By using the service, you confirm that you are at least 16 years of age. If we become aware that personal data has been collected from a person under 16 without verifiable parental consent, we will delete that data promptly.
Contact Forms and Inquiries
If you submit a form on our website, the following personal data will be collected: name, email address, and your message. We use this data solely to respond to your inquiry. This data is retained until your inquiry is resolved and for a reasonable period thereafter, or until you withdraw your consent.
Appolius d.o.o. stores personal data submitted through forms securely and does not transfer it to third parties except where necessary to respond to your inquiry.
Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. Where changes are material, we will notify you by email or through a notice within the service before the changes take effect. Your continued use of SOPX after the updated policy takes effect constitutes your acceptance of the changes.
Cookie Policy
This website and web application use cookies and similar technologies to operate core functionality and to understand how the service is used.
Strictly necessary cookies are required for the service to function. These include session authentication cookies that keep you logged in and security cookies that protect against cross-site request forgery. These cookies cannot be disabled without breaking the service.
Analytics cookies: We use Plausible Analytics, which does not set cookies and does not collect personal data. It measures anonymized, aggregated usage patterns only.
We do not use advertising cookies, tracking pixels, or third-party marketing cookies.
You can control cookie settings through your browser. Disabling strictly necessary cookies will prevent you from logging in and using the service.
Contact Us
If you have any questions or requests regarding this Privacy Policy or the personal data we hold about you, please contact us at [email protected].