Privacy Policy

Last updated: June 26, 2026

This Privacy Policy describes how Organic Raspberry Pte. Ltd. (trading as "Sophia", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use the Sophia platform, websites (sophiawomen.com and sophiawomen.ai), digital courses, AI money coaching application, and related services (collectively, the "Services").By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not access or use our Services.

1. Who We Are
Organic Raspberry Pte. Ltd. (UEN: 202297027Z) is the data controller responsible for your personal data. We are incorporated in Singapore and provide Services across Singapore, Hong Kong, the United Kingdom, and Australia.Contact: hello@sophiawomen.com | #02-01, 68 Circular Road, Singapore 049422UK Representative (UK GDPR Art. 27): DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom. DataRep is Sophia's appointed representative for the purposes of UK GDPR Article 27 and is the point of contact for UK data subjects and the Information Commissioner's Office (ICO) in respect of Sophia's processing of UK personal data. See Section 9 for contact details.

2. Scope and Applicable Laws
This Privacy Policy is designed to comply with the following data protection frameworks, depending on where you are located:Singapore — Personal Data Protection Act 2012 (PDPA) and its subsidiary regulationsHong Kong — Personal Data (Privacy) Ordinance (Cap. 486) (PDPO)United Kingdom — UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018Australia — Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)California, USA — California Consumer Privacy Act 2018 as amended by the California Privacy Rights Act 2020 (CCPA/CPRA)Where the laws of your jurisdiction grant you additional rights, we will honour those rights to the extent required by law.

3. Personal Data We Collect3.1 Data You Provide Directly
Identity data: name, genderContact data: email address, phone numberAccount data: username, password (hashed), profile preferencesFinancial context data: savings goals, monthly savings amount, risk tolerance, life stage — provided voluntarily for personalised coachingPayment data: billing information (processed by our payment provider; we do not store card details)Communications: messages sent to us via email, contact forms, or in-app chatCoaching session data: notes, questions, and information shared during human coaching sessions; and where you have given consent, coach-authored session summaries capturing key themes discussed and agreed next steps, retained for the purpose of continuity of coaching and service improvement

3.2 Data Collected Automatically
Usage data: pages visited, features used, course progress, session durationDevice data: IP address, browser type and version, operating system, device identifiersStorage and tracking data: see Section 7 belowAnalytics data: behavioural and usage data collected via a third-party product analytics service, including features used, navigation patterns, and session interactions. Only collected if you have given analytics consent. See Section 7.

3.3 Data from Corporate Partners (B2B Channel)
Where your employer or corporate partner has enrolled you in the Sophia platform as part of an employee benefit or financial wellness programme, we may receive your name, work email address, and enrolment information from that corporate partner. The corporate partner's use of your data is governed by their own privacy policy and any Data Processing Agreement (DPA) entered into with us.

3.4 AI and Human Coaching — Special Notice
Our coaching services include both AI-generated coaching and sessions with human coaches. Both process the financial context data you provide (e.g. life goals, monthly savings amount, savings habits) to deliver personalised educational guidance. In both cases:Coaching does not constitute regulated financial advice in any jurisdictionHuman coaches are educators and facilitators only; they do not hold regulatory licences from the Monetary Authority of Singapore (MAS), the Financial Conduct Authority (FCA), the Australian Securities and Investments Commission (ASIC), the Securities and Futures Commission (SFC) in Hong Kong, or any other financial regulatory bodyAI-generated responses are produced automatically and are for educational purposes onlyNeither form of coaching involves automated or human decision-making with legal or similarly significant effects on your financesFinancial context data and coaching session notes are used solely to personalise and deliver your educational experience. Session summaries, where created, are used only for continuity of coaching and are not used for any other purposeAI coaching is processed by AI infrastructure operated by our cloud service providersWe apply heightened care to all coaching data and do not use it for advertising or share it with third parties for marketing purposes. Human coaching session notes and summaries are accessible only to the coach assigned to you and authorised Sophia staff. Where your coach creates a session summary, this is done only with your consent. You may withdraw consent for session summaries at any time without affecting your right to continue using the coaching service.

4. How We Use Your Personal Data

4.1 To Provide and Improve our Services
Account creation and managementDelivering courses, content, and AI coaching functionalityProcessing payments and managing subscriptionsTechnical support and troubleshootingLegal basis: performance of contract (Singapore PDPA: contractual necessity / legitimate purpose; UK GDPR Art. 6(1)(b); HK PDPO: use directly related to collection purpose).

4.2 Communications
Sending transactional and service-related communicationsSending marketing communications where you have opted inLegal basis: consent (for marketing); legitimate interests / contractual necessity (for transactional communications). You may opt out of marketing communications at any time.

4.3 Analytics and Service Development
-
Understanding how users engage with our contentImproving course design, UX, and AI coaching accuracy
-Legal basis: consent. You may grant or withdraw analytics consent at any time in your account settings. See Section 7 for further details.

4.4 Legal and Compliance
-
Complying with applicable laws and regulatory requirements
-Responding to legal process or regulatory inquiries
-Protecting our legal rights and those of our users

5. Sharing Your Personal Data
We do not sell your personal data. We may share it in the following circumstances:

5.1 Service Providers
We engage trusted third-party service providers who assist us in operating our Services. These include providers in the following categories:
Cloud infrastructure and hostingAI language model processing
-Database and application infrastructure
-Content management
-Learning management system hosting
-Email and communications delivery
-Payment processingUsage analytics and performance monitoring

All service providers are contractually bound to process your personal data only on our instructions, for specified purposes, and in compliance with applicable data protection law. We maintain a register of sub-processors which is available to corporate partners upon request under a signed Data Processing Agreement.

5.2 Corporate Partners
Where you access Sophia through an employer or corporate partner, we may share aggregated, anonymised programme engagement data with that partner (e.g. overall course completion rates). We do not share individual personal data with corporate partners without your consent, except where required under the applicable DPA.

5.3 Business Transfers
In the event of a merger, acquisition, or sale of substantially all of our assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.

5.4 Legal Requirements
We may disclose your data to comply with applicable law, court order, or lawful government request, or to protect the safety, rights, or property of Sophia, our users, or the public.

6. International Data Transfers
Your data may be processed in countries other than Singapore, including where our service providers are located. We take steps to ensure that any cross-border transfers comply with applicable law, including:For Singapore: transfers only to countries with adequate protection or governed by PDPC-approved contractual clausesFor UK GDPR: International Data Transfer Agreements (IDTAs) or adequacy decisionsFor Australia: contractual protections binding overseas recipients to equivalent privacy standardsDetails of international transfer safeguards for specific sub-processors are available to corporate partners upon request under a signed Data Processing Agreement.

7. Storage and Analytics Technologies
Sophia uses browser storage (such as localStorage) rather than cookies for its core functionality. This applies across both sophiawomen.com and sophiawomen.ai.
-Essential storage: required for the platform to work — e.g. keeping you logged in (an authentication token) and security.
-Analytics: we use Mixpanel, a third-party product analytics service, to understand how the platform is used. This data is linked to your account (your email) and may include profile and engagement information. This includes information such as screens visited, features used, session frequency, and your email address as an account identifier. We only send analytics data to Mixpanel if you have given analytics consent, which you can grant or withdraw at any time in your account settings. Mixpanel processes data in the United States. By enabling analytics consent, you agree to this transfer.
-Third-party login: signing in via our learning management system takes you to that service's site, which uses its own cookies under its own privacy policy.

We do not use marketing or advertising cookies. You can manage analytics consent in your account settings, and clear browser storage through your browser. Disabling essential storage will prevent you from staying logged in.

8. Data Retention
Financial context and coaching data, including session summaries: deleted or anonymised within 12 months of account closure, or within 30 days of withdrawal of consent for session summariesPayment records: retained for 7 years for financial and tax complianceCommunications logs: retained for 3 yearsUsage/analytics data: retained in anonymised form indefinitelyYou may request deletion of your account and personal data at any time (subject to legal retention obligations).

9. Your Rights
-
Access: request a copy of the personal data we hold about you
-Correction: request correction of inaccurate or incomplete data
-Erasure / Deletion: request deletion of your data where we have no lawful basis to retain it
-Portability: receive your data in a structured, machine-readable format
-Objection: object to processing based on legitimate interests
-Restriction: request that we restrict processing in certain circumstances
-Withdraw consent: withdraw consent for marketing or other consent-based processing at any time

To exercise any of these rights, please contact us at: hello@sophiawomen.com

UK residents — contacting our UK Representative (DataRep)
If you are located in the United Kingdom, you may also exercise your rights under the UK GDPR by contacting our appointed UK representative, DataRep, through any of the following channels:

Email: datarequest@datarep.com — please include “Sophia, SophiaAI” in the subject line.

Online: www.datarep.com/data-request

Post: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom. Address your letter to “DataRep” (not “Sophia”), and clearly reference “Sophia, SophiaAI” in the correspondence.We or DataRep may request proof of your identity before processing your request, to protect your personal data. For further information about your rights under the UK GDPR, you may consult the UK Information Commissioner’s Office at ico.org.uk. DataRep’s own privacy notice is available at www.datarep.uk/privacy-policy.

We will respond within 30 days (or such shorter period as required by applicable law). We may ask you to verify your identity before processing your request.If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the relevant supervisory authority (e.g. PDPC in Singapore, PCPD in Hong Kong, ICO in the UK, OAIC in Australia).

10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encryption in transit (TLS), encryption at rest, access controls, and regular security reviews.In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant regulators as required by applicable law.

11. California Privacy Rights (CCPA / CPRA)
This section applies to residents of California and supplements the rest of this Privacy Policy, pursuant to the CCPA/CPRA.

11.1 Categories of Personal Information Collected
Identifiers: name, email address, IP address, device identifiers, account usernamePersonal information under Cal. Civ. Code § 1798.80(e): name, email, financial context data voluntarily providedCommercial information: records of courses purchased or subscribed toInternet / network activity: usage data, pages visited, features accessedInferences: personalised coaching profile derived from data you provide

11.2 Sale or Sharing of Personal Information
We do not sell your personal information for monetary consideration. We do not share your personal information with third parties for cross-context behavioural advertising. We therefore do not offer a ‘Do Not Sell or Share’ opt-out as we do not engage in these activities.

11.3 Your California Privacy Rights
Right to Know: request disclosure of categories and specific pieces of personal information collectedRight to Delete: request deletion of personal information, subject to certain exceptionsRight to Correct: request correction of inaccurate personal informationRight to Limit Use of Sensitive Personal Information: limit use to necessary service purposes onlyRight to Non-Discrimination: we will not discriminate against you for exercising your rights

11.4 How to Submit a Request
Contact us at hello@sophiawomen.com with subject line ‘California Privacy Request’. We will respond within 45 days (extendable by a further 45 days with notice).

11.5 Shine the Light
We do not share personal information with third parties for their direct marketing purposes.

12. Children
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. Contact us immediately if you believe a minor has provided us with personal data.

13. Changes to This Policy
We will notify you of material changes by email and/or in-app notice at least 14 days before they take effect.

14. Contact Us
Organic Raspberry Pte. Ltd. (trading as “Sophia”) | UEN: 202297027Zhello@sophiawomen.com | #02-01, 68 Circular Road, Singapore 049422 | sophiawomen.com | sophiawomen.ai