Privacy
Privacy Policy
Last updated: April 29, 2026
The short version. Your data is yours. We collect what we need to run the service and nothing else. We do not sell or share your information with advertisers. You can delete your account at any time and your data goes with it.
The long version is below.
Information we collect
When you sign up
- Email address. Your account identifier and how we deliver weekly notifications.
- Sign-in codes we email you to verify each session.
While you use the service
- Listening behavior. Which papers you open, your playback preferences, and your progress through each briefing.
- Onboarding preferences. Your last-used persona, style, and voice, so the next paper opens with your last picks instead of a fresh prompt.
Standard server logs
- IP address and browser user-agent, kept short-term for security, debugging, and abuse prevention.
Categories of sources
- Directly from you. Your email address, onboarding preferences, and any messages you send to support.
- Automatically as you use the service. Listening behavior, transcript interactions, server logs, and cookies set by your browser.
How we use it
- Authentication. Sending and verifying sign-in codes.
- Personalization. Remembering your preferences for the next paper.
- Product improvement. Aggregate listening patterns help us understand which papers, voices, and formats engage people.
- Service communications. Occasional emails when new papers are ready, and replies if you contact support. Notification emails include a one-click unsubscribe; transactional sign-in codes do not, since they are required for the service to function.
Information we do not collect
- Payment information. The service is free during early access and we never see your card.
- Passwords. Sign-in is passwordless.
- Microphone, camera, location, or device sensor data.
- Browsing history outside SOTA Institute.
- Sensitive Personal Information as defined by the California Privacy Rights Act, including Social Security numbers, government IDs, financial account credentials, precise geolocation, contents of your private communications, genetic or biometric data, and information about your race, religion, health, or sexual orientation. We have no need for any of this and do not request or store it.
AI and automated decisions
SOTA Institute uses AI to do two things:
- Summarize peer-reviewed papers into transcripts and audio briefings. Output can contain errors; always consult the original paper for citations or decisions that matter.
- Surface relevant content. We may use your past listening behavior to default the next paper to your last-picked persona, style, and voice.
We do not use AI to make automated decisions about you with legal or similarly significant effect. There is no scoring, profiling, or eligibility decisioning that would meaningfully change what the service offers different people. You can request human review of any service decision by emailing support@sotainstitute.io.
Service providers
To run the service we rely on a small number of third-party service providers, each bound by their own privacy obligations. The categories of providers and the data each handles on our behalf are:
- Database and authentication infrastructure. Your account record, listening sessions and events, onboarding preferences.
- Transactional email delivery. Your email address, used only at the moment a message is sent (sign-in codes, week notifications, support replies).
- Edge networking, DNS, and email forwarding. Server logs (IP address, user-agent) and inbound email metadata in transit.
- Anonymized product analytics. Aggregated usage records and a session cookie.
- Web hosting. Server logs and request metadata.
We choose providers who hold us to standard data-protection commitments. We may add or change providers as the service evolves; material changes will be reflected here with an updated date at the top of this page.
Cookies and similar technologies
- Session cookie set after sign-in to keep you logged in.
- Analytics cookies set by PostHog to measure how the product is used.
You can clear cookies through your browser settings at any time. Doing so will sign you out and reset your session.
Your rights
If you reside in California, the California Consumer Privacy Act and the California Privacy Rights Act give you the right to:
- Know what information we have about you and how we use it.
- Correct inaccurate personal information. Contact us and we will use commercially reasonable efforts to fix it.
- Delete your information.
- Opt out of the sale or sharing of your information. We do not sell, share, or trade personal information with anyone, so this right is automatic.
- Limit the use of Sensitive Personal Information. We do not collect SPI, so this right is also automatic.
- Be free from discrimination for exercising any of the above.
We honor Global Privacy Control signals. Because we do not sell or share personal information, the GPC signal does not change our processing; the absence of selling is confirmed by our practices.
Independent of any state law, every account holder can:
- Delete their account by emailing support@sotainstitute.io. Account deletion removes your profile, listening history, and any associated data within 30 days.
- Request a copy of their data on request.
Data retention
- Account data. Kept while your account is active, deleted within 30 days of account deletion.
- Sign-in codes. Discarded as soon as they are used or shortly after issue.
- Server logs. Retained no longer than 90 days.
Security
We use HTTPS for all traffic and follow standard practices to protect your data and reduce attack surface. No security system is perfect.
Children
This service is intended for adults aged 18 and older. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us with information, contact support@sotainstitute.io and we will delete it.
International users
SOTA Institute is designed for use in the United States. If you access the service from outside the US, you understand that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
Changes to this policy
We may update this policy from time to time. If changes are material, we will notify you by email. Continued use of the service after changes take effect constitutes acceptance.
Contact
General inquiries: hello@sotainstitute.io Privacy and account requests: support@sotainstitute.io