SoraMinds LLC (“SoraMinds”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information across our five AI platforms — SoraAnalyst, SoraMobility, SoraScholar, SoraRobolink, and SoraEcoXmall — and their associated solutions SoraLogic, SoraLift, SoraLyric, SoraLiva, and SoraLoop, all powered by SoraCore and guided by SoraGuru.

This Policy applies to all users of our websites, platforms, APIs, avatar services, robotics systems, kiosk and POS deployments, and any other SoraMinds service. By using any SoraMinds service, you consent to the practices described in this Policy.

SoraMinds LLC is a technology company incorporated in the State of Michigan, USA. Our registered address is:

For privacy-related inquiries, contact our Privacy Team at: privacy@soraminds.com

The categories of personal information we collect depend on which SoraMinds platform or solution you use. We collect information in three ways: information you provide directly, information collected automatically, and information from third parties.

• Account registration data: name, email address, organisation, job title, password.
• Contact and communication data: messages, enquiries, and feedback submitted through our website or platforms.
• Payment information: billing name and address (payment card details are processed exclusively by third-party payment processors; SoraMinds does not store card numbers).
• Profile and preference data: learning preferences (SoraScholar/SoraLyric), care routines (SoraRobolink/SoraLiva), service configurations (SoraEcoXmall/SoraLoop).
• Health and care data (SoraRobolink/SoraLiva only, with explicit consent): daily routines, health reminders, medication schedules, and wellness check-in data provided voluntarily by or on behalf of senior users.

• Device and browser data: IP address, browser type and version, operating system, device identifiers.
• Usage data: pages visited, features used, session duration, click patterns, and interaction logs.
• Avatar interaction data: conversation logs, queries, and responses exchanged with SoraGuru across all platforms, used to improve SoraCore and SoraGuru performance.
• Location data: approximate geolocation derived from IP address; precise location data only where explicitly requested and consented to (e.g., SoraMobility V2X services).
• Vehicle and mobility data (SoraMobility/SoraLift only): vehicle telemetry, traffic interaction data, and V2X communication logs where applicable and consented to.
• Kiosk and POS transaction data (SoraEcoXmall/SoraLoop only): order selections, reservation data, and service interaction logs at deployed kiosk and POS points.
• Learning analytics (SoraScholar/SoraLyric only): content engagement, assessment results, learning pace, and progress tracking data.

• Integration partners: data received from third-party POS systems, healthcare management platforms, vehicle networks, and enterprise software connected to SoraMinds APIs.
• Public sources: publicly available business information for organisational accounts.
• Analytics providers: aggregated and anonymised usage insights from analytics platforms.

We use personal information for the following purposes, always based on a lawful basis as described in Section 6:

• To provide, operate, and improve the Services.
• To authenticate users and maintain account security.
• To communicate with you about your account, service updates, and support requests.
• To train, improve, and evaluate SoraCore and SoraGuru, using anonymised and aggregated interaction data.
• To detect, prevent, and respond to fraud, security incidents, and Terms of Use violations.
• To comply with legal obligations and respond to lawful requests from regulatory authorities.

• To process and analyse data inputs to generate business intelligence, safety alerts, and predictive insights.
• To deliver real-time safety notifications for school zones, pedestrian areas, and vulnerable road user environments.
• To provide avatar-guided insight delivery through SoraGuru on the SoraAnalyst platform.

• To process vehicle telemetry, V2X communications, and traffic data to support connected mobility services.
• To deliver over-the-air (OTA) software updates to SoraLift-enabled vehicle systems.
• To provide real-time mobility guidance and safety alerts through SoraGuru.

• To personalise companion support for senior users, including routine guidance, health reminders, and communication assistance.
• To process health and care interaction data to improve SoraLiva’s support capabilities, with explicit consent.
• To enable integration with third-party health APIs, care management systems, and family communication services.
• To support the future transition of SoraLiva from companion tablet to autonomous care robot, including cognitive continuity for existing users.

• To personalise learning content, pace, and recommendations based on individual learner profiles.
• To track and report learner progress to educators, L&D managers, or institutional administrators as authorised.
• To facilitate social and collaborative learning features, including peer interactions and community content.

• To enable SoraGuru service assistant interactions at kiosk, POS, and web touchpoints.
• To process service requests, orders, and reservations within the SoraLoop solution.
• To provide personalised service recommendations based on interaction history, where consented.
• To facilitate integration between SoraLoop and third-party POS, payment, and reservation systems.

SoraMinds does not sell your personal information. We share information only in the following circumstances:

• Third-party companies that perform services on our behalf (cloud hosting, analytics, customer support, security monitoring) under contractual data processing agreements: Service providers
• Third-party systems connected to SoraMinds APIs at your request (POS systems, healthcare platforms, vehicle networks, payment processors) — governed by their own privacy terms: Integration partners
• In the event of a merger, acquisition, or sale of SoraMinds assets, your information may be transferred as part of that transaction, with notice provided: Business transfers
• Where required by law, court order, or regulatory authority, or to protect the rights, property, or safety of SoraMinds, our users, or the public: Legal compliance
• Anonymised, aggregated data that cannot identify individuals may be shared for research, industry reporting, or platform improvement purposes: Aggregated insights
• In any other circumstances, only with your explicit prior consent: With your consent

Platform	Special data considerations
SoraAnalyst / SoraLogic	Traffic and safety data may include imagery from public spaces. Deployed in compliance with applicable CCTV, surveillance, and data minimisation regulations.
SoraMobility / SoraLift	Vehicle telemetry and V2X data may be regulated under automotive cybersecurity laws. OTA update logs retained for audit and safety traceability.
SoraRobolink / SoraLiva	Health and care data treated as sensitive personal data. HIPAA Business Associate Agreements available on request. Not shared without explicit consent.
SoraScholar / SoraLyric	Learner data for users under 18 subject to COPPA and FERPA. Parental consent required for under-13 accounts. Learning records retained per institutional agreement.
SoraEcoXmall / SoraLoop	Transaction and guest data processed at kiosk / POS. Payment card data never stored by SoraMinds. Customer data subject to deploying business’s privacy obligations.

For users in the European Economic Area (EEA) or United Kingdom, we process personal data on the following lawful bases:

• Contract performance: to fulfil our contractual obligations to you as a platform user or licensee.
• Legitimate interests: to operate and improve our platforms, prevent fraud, and ensure security — where these interests are not overridden by your rights.
• Consent: for health and care data (SoraLiva), precise location data, marketing communications, and avatar interaction data used for AI training.
• Legal obligation: to comply with applicable laws and regulatory requirements.

You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal. To withdraw consent, contact privacy@soraminds.com.

SoraCore and SoraGuru are central to all SoraMinds platforms. The following specific practices apply to AI-processed data:

• Interaction data from SoraGuru conversations may be used to improve AI model performance. Such data is anonymised and aggregated before use in training.
• You may opt out of AI training data use at any time by contacting privacy@soraminds.com. Opting out does not affect service availability.
• SoraCore does not make fully automated decisions with legal or similarly significant effects on individuals without human review.
• AI-generated outputs from SoraGuru are not stored permanently unless required for service delivery or explicitly requested by you.
• SoraMinds does not use sensitive personal data categories (health, biometric, racial or ethnic origin) to train SoraCore without explicit consent.

We retain personal information for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required by law. Our general retention principles:

• Account data: retained for the duration of your account plus 3 years after closure for legal and audit purposes.
• Avatar interaction logs: retained for up to 12 months for service quality purposes, then anonymised or deleted.
• Health and care data (SoraLiva): retained only for the duration of active service use, deleted within 30 days of account closure unless legally required otherwise.
• Vehicle and mobility data: retained for up to 24 months for safety traceability, then anonymised.
• Learning analytics: retained per institutional agreement, typically for the duration of enrolment plus 1 year.
• Transaction and commerce data: retained for 7 years for financial and legal compliance purposes.
• Security logs: retained for up to 12 months.

Depending on your location, you may have the following rights regarding your personal information:

• Right of access: to request a copy of the personal data we hold about you.
• Right to rectification: to request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): to request deletion of your data, subject to legal retention obligations.
• Right to restriction: to request that we limit processing of your data in certain circumstances.
• Right to data portability: to receive your data in a structured, machine-readable format.
• Right to object: to object to processing based on legitimate interests or for direct marketing.
• Rights related to automated decision-making: to request human review of any automated decisions that significantly affect you.
• Right to withdraw consent: at any time, without affecting prior lawful processing.

To exercise any of these rights, contact us at privacy@soraminds.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

SoraMinds uses cookies and similar tracking technologies on our websites and kiosk interfaces to:

• Maintain session state and authentication.
• Analyse usage patterns and platform performance.
• Deliver personalised content and SoraGuru interactions.

You can control cookie preferences through your browser settings or our cookie consent interface. Disabling certain cookies may affect platform functionality. We do not use cookies for cross-site advertising or sell cookie data to third parties.

SoraMinds implements appropriate technical and organisational security measures to protect your personal information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access controls limiting employee access to personal data.
• Regular security assessments, penetration testing, and vulnerability management.
• Incident response procedures with notification timelines compliant with applicable breach notification laws.
• SoraLift Rust-based architecture providing memory safety guarantees for vehicle system data.

No system is completely secure. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by law.

SoraMinds is headquartered in the United States. If you are located in the EEA, UK, or other jurisdictions with data transfer restrictions, your personal information may be transferred to and processed in the United States. We rely on the following mechanisms for such transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Data Processing Agreements with third-party processors containing appropriate safeguards.

For more information about cross-border transfer safeguards, contact privacy@soraminds.com.

SoraMinds does not knowingly collect personal information from children under 13 without verifiable parental consent. For SoraScholar deployments serving learners under 18, institutional operators are responsible for obtaining appropriate consent in compliance with COPPA, FERPA, and equivalent laws. For SoraLiva deployments serving senior users, family members or care providers acting on behalf of users must agree to these terms.

If you believe we have inadvertently collected information from a child under 13 without consent, please contact privacy@soraminds.com immediately.

We may update this Privacy Policy from time to time. Material changes will be communicated by posting an updated version on our website with a revised effective date and, where required by law, by direct notification. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

For privacy enquiries, data subject requests, or to reach our Data Protection Officer:

We aim to respond to all privacy enquiries within 30 days.