This Privacy Policy describes how Organic Raspberry Pte. Ltd. (trading as "Sophia", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use the Sophia platform, websites (sophiawomen.com and sophiawomen.ai), digital courses, AI money coaching application, and related services (collectively, the "Services").By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not access or use our Services.
1. Who We AreOrganic Raspberry Pte. Ltd. (UEN: 202297027Z) is the data controller responsible for your personal data. We are incorporated in Singapore and provide Services across Singapore, Hong Kong, the United Kingdom, and Australia.Contact: hello@sophiawomen.com | #02-01, 68 Circular Road, Singapore 049422UK Representative (UK GDPR Art. 27): DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom. DataRep is Sophia's appointed representative for the purposes of UK GDPR Article 27 and is the point of contact for UK data subjects and the Information Commissioner's Office (ICO) in respect of Sophia's processing of UK personal data. See Section 9 for contact details.
2. Scope and Applicable LawsThis Privacy Policy is designed to comply with the following data protection frameworks, depending on where you are located:Singapore — Personal Data Protection Act 2012 (PDPA) and its subsidiary regulationsHong Kong — Personal Data (Privacy) Ordinance (Cap. 486) (PDPO)United Kingdom — UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018Australia — Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)California, USA — California Consumer Privacy Act 2018 as amended by the California Privacy Rights Act 2020 (CCPA/CPRA)Where the laws of your jurisdiction grant you additional rights, we will honour those rights to the extent required by law.
3. Personal Data We Collect 3.1 Data You Provide DirectlyIdentity data: name, genderContact data: email address, phone numberAccount data: username, password (hashed), profile preferencesFinancial context data: savings goals, monthly savings amount, risk tolerance, life stage — provided voluntarily for personalised coachingPayment data: billing information (processed by our payment provider; we do not store card details)Communications: messages sent to us via email, contact forms, or in-app chatCoaching session data: notes, questions, and information shared during human coaching sessions, retained for the purpose of continuity of coaching and service improvement 3.2 Data Collected AutomaticallyUsage data: pages visited, features used, course progress, session durationDevice data: IP address, browser type and version, operating system, device identifiersStorage and tracking data: see Section 7 belowAnalytics data: behavioural and usage data collected via a third-party product analytics service, including features used, navigation patterns, and session interactions. Only collected if you have given analytics consent. See Section 7.
3.3 Data from Corporate Partners (B2B Channel)Where your employer or corporate partner has enrolled you in the Sophia platform as part of an employee benefit or financial wellness programme, we may receive your name, work email address, and enrolment information from that corporate partner. The corporate partner's use of your data is governed by their own privacy policy and any Data Processing Agreement (DPA) entered into with us.
3.4 AI and Human Coaching — Special NoticeOur coaching services include both AI-generated coaching and sessions with human coaches. Both process the financial context data you provide (e.g. life goals, monthly savings amount, savings habits) to deliver personalised educational guidance. In both cases:Coaching does not constitute regulated financial advice in any jurisdictionHuman coaches are educators and facilitators only; they do not hold regulatory licences from the Monetary Authority of Singapore (MAS), the Financial Conduct Authority (FCA), the Australian Securities and Investments Commission (ASIC), the Securities and Futures Commission (SFC) in Hong Kong, or any other financial regulatory bodyAI-generated responses are produced automatically and are for educational purposes onlyNeither form of coaching involves automated or human decision-making with legal or similarly significant effects on your financesFinancial context data and coaching session notes are used solely to personalise and deliver your educational experienceAI coaching is processed by AI infrastructure operated by our cloud service providersWe apply heightened care to all coaching data and do not use it for advertising or share it with third parties for marketing purposes. Human coaching session notes are accessible only to the coach assigned to you and authorised Sophia staff.
4. How We Use Your Personal Data
4.1 To Provide and Improve our ServicesAccount creation and managementDelivering courses, content, and AI coaching functionalityProcessing payments and managing subscriptionsTechnical support and troubleshootingLegal basis: performance of contract (Singapore PDPA: contractual necessity / legitimate purpose; UK GDPR Art. 6(1)(b); HK PDPO: use directly related to collection purpose).
4.2 CommunicationsSending transactional and service-related communicationsSending marketing communications where you have opted inLegal basis: consent (for marketing); legitimate interests / contractual necessity (for transactional communications). You may opt out of marketing communications at any time.
4.3 Analytics and Service DevelopmentUnderstanding how users engage with our contentImproving course design, UX, and AI coaching accuracyLegal basis: consent. You may grant or withdraw analytics consent at any time in your account settings. See Section 7 for further details.
4.4 Legal and ComplianceComplying with applicable laws and regulatory requirementsResponding to legal process or regulatory inquiriesProtecting our legal rights and those of our users
5. Sharing Your Personal DataWe do not sell your personal data. We may share it in the following circumstances:
5.1 Service ProvidersWe engage trusted third-party service providers who assist us in operating our Services. These include providers in the following categories:Cloud infrastructure and hostingAI language model processingDatabase and application infrastructureContent managementLearning management system hostingEmail and communications deliveryPayment processingUsage analytics and performance monitoringAll service providers are contractually bound to process your personal data only on our instructions, for specified purposes, and in compliance with applicable data protection law. We maintain a register of sub-processors which is available to corporate partners upon request under a signed Data Processing Agreement.
5.2 Corporate PartnersWhere you access Sophia through an employer or corporate partner, we may share aggregated, anonymised programme engagement data with that partner (e.g. overall course completion rates). We do not share individual personal data with corporate partners without your consent, except where required under the applicable DPA.
5.3 Business TransfersIn the event of a merger, acquisition, or sale of substantially all of our assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.
5.4 Legal RequirementsWe may disclose your data to comply with applicable law, court order, or lawful government request, or to protect the safety, rights, or property of Sophia, our users, or the public.
6. International Data TransfersYour data may be processed in countries other than Singapore, including where our service providers are located. We take steps to ensure that any cross-border transfers comply with applicable law, including:For Singapore: transfers only to countries with adequate protection or governed by PDPC-approved contractual clausesFor UK GDPR: International Data Transfer Agreements (IDTAs) or adequacy decisionsFor Australia: contractual protections binding overseas recipients to equivalent privacy standardsDetails of international transfer safeguards for specific sub-processors are available to corporate partners upon request under a signed Data Processing Agreement.
7. Storage and Analytics TechnologiesSophia uses browser storage (such as localStorage) rather than cookies for its core functionality. This applies across both sophiawomen.com and sophiawomen.ai.Essential storage: required for the platform to work — e.g. keeping you logged in (an authentication token) and security.Analytics: we use Mixpanel, a third-party product analytics service, to understand how the platform is used. This data is linked to your account (your email) and may include profile and engagement information. This includes information such as screens visited, features used, session frequency, and your email address as an account identifier. We only send analytics data to Mixpanel if you have given analytics consent, which you can grant or withdraw at any time in your account settings. Mixpanel processes data in the United States. By enabling analytics consent, you agree to this transfer.Third-party login: signing in via our learning management system takes you to that service's site, which uses its own cookies under its own privacy policy.We do not use marketing or advertising cookies. You can manage analytics consent in your account settings, and clear browser storage through your browser. Disabling essential storage will prevent you from staying logged in.
8. Data RetentionFinancial context and coaching data: deleted or anonymised within 12 months of account closurePayment records: retained for 7 years for financial and tax complianceCommunications logs: retained for 3 yearsUsage/analytics data: retained in anonymised form indefinitelyYou may request deletion of your account and personal data at any time (subject to legal retention obligations).
9. Your RightsAccess: request a copy of the personal data we hold about youCorrection: request correction of inaccurate or incomplete dataErasure / Deletion: request deletion of your data where we have no lawful basis to retain itPortability: receive your data in a structured, machine-readable formatObjection: object to processing based on legitimate interestsRestriction: request that we restrict processing in certain circumstancesWithdraw consent: withdraw consent for marketing or other consent-based processing at any timeTo exercise any of these rights, please contact us at: hello@sophiawomen.com
UK residents — contacting our UK Representative (DataRep)If you are located in the United Kingdom, you may also exercise your rights under the UK GDPR by contacting our appointed UK representative, DataRep, through any of the following channels:
Email: datarequest@datarep.com — please include “Sophia, SophiaAI” in the subject line.
Online: www.datarep.com/data-request
Post: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom. Address your letter to “DataRep” (not “Sophia”), and clearly reference “Sophia, SophiaAI” in the correspondence.We or DataRep may request proof of your identity before processing your request, to protect your personal data. For further information about your rights under the UK GDPR, you may consult the UK Information Commissioner’s Office at ico.org.uk. DataRep’s own privacy notice is available at www.datarep.uk/privacy-policy.We will respond within 30 days (or such shorter period as required by applicable law). We may ask you to verify your identity before processing your request.If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the relevant supervisory authority (e.g. PDPC in Singapore, PCPD in Hong Kong, ICO in the UK, OAIC in Australia).
10. SecurityWe implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encryption in transit (TLS), encryption at rest, access controls, and regular security reviews.In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant regulators as required by applicable law.
11. California Privacy Rights (CCPA / CPRA)This section applies to residents of California and supplements the rest of this Privacy Policy, pursuant to the CCPA/CPRA.
11.1 Categories of Personal Information CollectedIdentifiers: name, email address, IP address, device identifiers, account usernamePersonal information under Cal. Civ. Code § 1798.80(e): name, email, financial context data voluntarily providedCommercial information: records of courses purchased or subscribed toInternet / network activity: usage data, pages visited, features accessedInferences: personalised coaching profile derived from data you provide
11.2 Sale or Sharing of Personal InformationWe do not sell your personal information for monetary consideration. We do not share your personal information with third parties for cross-context behavioural advertising. We therefore do not offer a ‘Do Not Sell or Share’ opt-out as we do not engage in these activities.
11.3 Your California Privacy RightsRight to Know: request disclosure of categories and specific pieces of personal information collectedRight to Delete: request deletion of personal information, subject to certain exceptionsRight to Correct: request correction of inaccurate personal informationRight to Limit Use of Sensitive Personal Information: limit use to necessary service purposes onlyRight to Non-Discrimination: we will not discriminate against you for exercising your rights
11.4 How to Submit a RequestContact us at hello@sophiawomen.com with subject line ‘California Privacy Request’. We will respond within 45 days (extendable by a further 45 days with notice).
11.5 Shine the LightWe do not share personal information with third parties for their direct marketing purposes.
12. ChildrenOur Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. Contact us immediately if you believe a minor has provided us with personal data.
13. Changes to This PolicyWe will notify you of material changes by email and/or in-app notice at least 14 days before they take effect.