Privacy Policy

This Privacy Policy describes how Sora Invite ("we," "our," or "us") operating the website https://www.sorainvite.org (the "Website") collects, uses, shares, and protects your information when you purchase Sora 2 invitation codes through our platform (the "Service"). Your privacy matters to us.

Independence Notice Sora Invite is an independent invitation code retailer for OpenAI's Sora 2 service. We are not affiliated with, endorsed by, or sponsored by OpenAI or any of its subsidiaries. Third-party trademarks belong to their respective owners.

By using the Website or Service, you consent to the practices described below.

1. Information We Collect

1.1 Information You Provide

  • OAuth Credentials – When you log in with Google OAuth 2.0, we receive your Google nickname (display name), email address, and OAuth ID.
  • Billing & Transaction Data – Invitation code purchases, transaction IDs, payment method information (last-4 of card, processed by our payment processor).
  • Support Communications – Emails or chat transcripts you send to us regarding orders or technical issues.

1.2 Information Collected Automatically

  • Usage Logs – IP address, browser type, device information, pages visited, timestamps, and error logs.
  • Cookies & Similar Tech – Session cookies for authentication, preference cookies, and analytics pixels.

1.3 Third-Party Sources

  • Payment Processors – We receive order confirmation metadata but never store full payment card details.
  • Analytics Providers – Aggregated site usage statistics (e.g., Google Analytics 4).

2. How We Use Your Information

We use your information for the following purposes:

  • Process & fulfill orders – We use your information to authenticate users, process invitation code purchases, and deliver codes via email to complete your transactions.

  • Customer support – We use your contact information and order history to respond to inquiries, resolve issues, and provide technical assistance.

  • Improve & develop – We analyze usage data to diagnose technical issues, improve website performance, and enhance user experience through A/B testing.

  • Communicate – We send you order confirmations, delivery notifications, policy updates, critical alerts, and marketing communications (with your consent) to keep you informed.

  • Security & fraud prevention – We monitor for fraudulent activity, abusive behavior, and enforce our Terms of Service to maintain platform integrity.

  • Legal compliance – We process your information to meet tax obligations, accounting requirements, and respond to court orders as required by law.

We never sell your personal data to third parties.

3. Sharing Your Information

We do not sell personal data. We share it only:

  1. Service Providers – Cloud hosting, payment processors, and email service providers—limited to what is strictly necessary to operate the Service.
  2. Legal or Safety Reasons – To comply with laws, subpoenas, court orders, or protect our rights and safety.
  3. Business Transfers – In the event of a merger, acquisition, insolvency, or asset sale (with advance notice to users).
  4. With Your Consent – Any other sharing will require explicit opt-in consent.

4. Data Retention

Data Types and Their Handling:

Order & Transaction Records – Purchase history, invitation codes purchased, and transaction details are retained for 7 years to comply with legal, tax, and accounting requirements.

Account Information – Your account profile, login credentials (OAuth tokens), and email address are retained for as long as your account remains active. You may request account deletion at any time.

Invitation Code Delivery Records – Records of delivered invitation codes (without the actual code values) are kept for customer support purposes for 1 year after delivery.

Analytics Logs – Raw usage logs are retained for 90 days or less, after which they are aggregated and anonymized for analytical purposes.

Support Communications – Email correspondence and support tickets are retained for 2 years for quality assurance and reference purposes.

5. Your Rights

Depending on jurisdiction (GDPR, CCPA, PDPA-SG, etc.) you can:

  • Access, correct, or delete your personal data
  • Object to or restrict certain processing activities
  • Request a machine-readable copy of your data (data portability)
  • Withdraw consent for marketing communications

Email [email protected] to exercise your rights; we may verify your identity before processing requests.

6. Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data transmission
  • Encryption-at-rest for stored data
  • IAM (Identity and Access Management) with least privilege principle
  • Routine security audits and penetration testing

No Internet transmission is 100% secure, but we follow industry best practices to protect your information.

7. Children's Privacy

The Service is not directed to children under 13 years of age (or higher local age requirement). If we learn we have collected data from a child without parental consent, we will delete it promptly.

8. International Transfers

Our servers and service providers may be located in different countries. We rely on Standard Contractual Clauses (SCCs) or equivalent mechanisms for cross-border data flows when required by applicable data protection laws.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or website banner 15 days before taking effect. The latest revision date appears below.

10. Contact

Questions or requests regarding your privacy? Email [email protected].

Last updated: 2025-10-13