This policy explains how Sprinter Software Solutions ("Sprinter", "we", "us") handles your information when you use Sofia. Sofia is provided free of charge — we do not sell your data, and there are no advertisers behind the scenes.
1. What we collect
You give us
- Account details: name, work email, password (hashed), company name, GSTIN, contact details.
- Business data you enter: invoices, clients, vendors, expenses, account transactions, reimbursement claims, attachments (logos, signatures, OCR documents).
- Communications: feedback you submit through the in-app form, password-reset requests, and any direct emails.
We collect automatically
- Technical data: IP address, browser/device info, basic event logs (e.g. login times, errors). Used to keep the service running and to debug.
- Cookies: a session cookie when you sign in, and an optional 30-day "Remember me" cookie if you tick that box on login. We don't use third-party advertising cookies.
2. Why we use it
- To run Sofia: authenticate you, save your invoices and reports, send password-reset emails, deliver feedback to our team.
- To improve the product: aggregate, anonymised usage signals tell us which features get used and where things break.
- To meet legal obligations: respond to lawful government requests, comply with tax/audit requirements that apply to us as a service provider.
3. What we don't do
- We do not sell, rent, or trade your personal or business data to anyone.
- We do not use your invoices or transactions to train external AI models.
- We do not share your data with advertisers or marketing networks.
4. Where your data lives
Sofia is hosted in India. Your data sits in our managed MySQL database with regular backups. Files you upload (logos, signatures, OCR scans) are stored on the same infrastructure under per-company folders, scoped by access controls.
5. How we keep it safe
- Passwords are hashed with PBKDF2 / Werkzeug's password hashing — we never see them in plain text.
- Password-reset tokens are stored as SHA-256 hashes; the original token is sent only to your inbox and works once.
- Sessions use secure cookies with the
HttpOnlyandSameSiteflags. - SMTP credentials live in encrypted environment variables, not in source code.
- We follow the principle of least access: only essential staff can reach the production database, and only when needed.
No system is perfectly secure. If you spot a security issue, please report it to info@sprinter.co.in.
6. Third parties we rely on
To deliver Sofia we use a small set of vendors as data processors:
- An SMTP provider to deliver transactional emails (e.g. password resets, feedback).
- A cloud hosting provider in India for compute & storage.
- CDN providers for fonts, icons, and front-end libraries (Tailwind, Alpine, ApexCharts, ionicons).
These providers see only what's strictly required and are contractually bound to protect your data.
7. Your rights
You can:
- Access your data — every screen in Sofia exposes your own data; you can export invoices to PDF and reports as printable tables.
- Correct your data — most fields are user-editable; for the rest, email us.
- Delete your data — delete an account/profile in-app, or email us to fully delete your company data.
- Object or restrict processing where the law gives you that right.
To exercise any of these, write to info@sprinter.co.in. We respond within 30 days.
8. Data retention
We keep your data for as long as your account is active. After deletion, business records may be retained in encrypted backups for up to 90 days for disaster-recovery purposes, then permanently erased. Aggregate, anonymised analytics may be retained indefinitely.
9. Children
Sofia is not designed for users under 18. We don't knowingly collect data from minors.
10. Changes to this policy
We'll post material updates here and notify you in-app or via email when the change matters. The "Last updated" date at the top reflects the most recent revision.
11. Contact
For any privacy questions or to exercise your rights, write to:
Sprinter Software Solutions
Email: info@sprinter.co.in