MySOP

Privacy Policy

Last updated: 28 May 2026

MySOP ("we", "us", "our") helps international students draft Statements of Purpose. This Privacy Policy explains what personal information we collect, how we use it, and the rights you have under privacy laws in Australia (Privacy Act 1988 & APPs), the European Union and United Kingdom (GDPR / UK GDPR), California (CCPA/CPRA), Canada (PIPEDA), India (DPDP Act 2023), and other jurisdictions where our users live, including Nepal, Bangladesh, Sri Lanka, Vietnam, China (PIPL), Thailand (PDPA), Indonesia (PDP Law) and Ireland.

1. Information we collect

  • Account data: name, email, password hash, country.
  • SOP content: answers to interview questions, academic history, uploaded documents (transcripts, passport, offer letters).
  • Payment data: handled by Stripe and (for manual payments) bank/QR reference and receipt image. We never see full card numbers.
  • Technical data: IP address, browser, device, cookies, and basic analytics.
  • Communications: emails you send us and our support responses.

2. How we use it

  • To generate, store, and let you edit your SOP.
  • To process payments and unlock paid features.
  • To verify identity for document checklists and OTP flows.
  • To send transactional emails (account, payment, security).
  • To send marketing emails and product offers only if you opted in at signup or in Account settings. You can withdraw consent at any time.
  • To detect abuse, comply with law, and improve the service.

3. Legal bases (GDPR / UK GDPR)

  • Contract: creating your account, delivering the SOP you paid for.
  • Consent: marketing emails, non-essential cookies.
  • Legitimate interests: security, fraud prevention, service improvement.
  • Legal obligation: tax, accounting, lawful requests.

4. Sharing

We share data only with processors that help us run the service:

  • Hosting & database (Supabase / Cloudflare).
  • Payment processing (Stripe).
  • Email delivery (Resend / Supabase Auth).
  • AI providers (Google, OpenAI) — strictly to generate SOP text from your inputs; providers are contractually prohibited from training on your data.

We do not sell your personal information. We do not share it with universities, governments, or migration agents.

5. International transfers

Because we serve students worldwide, your data may be processed outside your home country (typically the EU, US, or Australia). We use Standard Contractual Clauses and equivalent safeguards where required.

6. Retention

  • Uploaded documents auto-delete 30 days after upload.
  • SOP drafts are kept while your account is active.
  • Payment records: 7 years (tax law).
  • Account deletion requests are processed within 30 days.

7. Your rights

Depending on where you live, you have the right to:

  • Access, correct, or delete your data.
  • Object to or restrict processing.
  • Port your data to another service.
  • Withdraw consent (marketing, cookies).
  • Lodge a complaint with your data protection authority (OAIC in Australia, ICO in the UK, your EU supervisory authority, the CPPA in California, etc.).

To exercise any right, email privacy@mysop.io or use the Delete account button in Account settings.

8. Marketing communications

We will only send you marketing or promotional emails if you ticked the marketing opt-in checkbox at signup or enabled it in Account → Marketing preferences. Every marketing email contains a one-click unsubscribe link, and you can switch the toggle off at any time.

9. Children

MySOP is intended for users aged 16 and over. If you believe a child has provided us data, contact privacy@mysop.io and we will delete it.

10. Security

We use TLS, encrypted storage, row-level security, and the principle of least privilege. No system is perfectly secure; please use a strong unique password.

11. Changes

We will post material changes here and, where required, notify you by email.

12. Contact

Privacy questions: privacy@mysop.io. General support: support@mysop.io.