Legal

Privacy Policy

Last updated: March 2026 · Compliant with DPDP Act 2023 (India)

The short version: We collect call recordings you voluntarily submit, strip out personal information, and license the cleaned data to AI companies. We don't sell your name, phone number, or identity to anyone. You can ask us to delete your data at any time.

1. Who this applies to

This Privacy Policy applies to everyone who uses Sorus — contributors who upload call recordings, and AI companies that access our datasets. It explains what data we collect, how we use it, and what rights you have.

2. What we collect from contributors

When you sign up and use Sorus, we collect:

Email address — to create and verify your account
UPI ID — to process payouts (collected only when you request a payout)
Submitted audio/video files — the call recordings you upload
Submission metadata — language, call type, duration, and timestamp

We do not collect your phone number for identity purposes. We do not track your location. We do not use cookies beyond what is technically necessary to keep you signed in.

3. How we process submitted recordings

Every recording you submit goes through our processing pipeline:

Review — we listen to confirm the recording is a real spam/telecaller call and meets our quality criteria
Anonymization — we redact personally identifiable information: names, phone numbers, bank account details, Aadhaar numbers, and other sensitive data mentioned in the call
Speaker separation — we split the audio into speaker tracks and generate a transcript
Storage — the original file and cleaned version are stored securely in encrypted cloud storage (Wasabi)

The cleaned, anonymized version is what gets licensed to AI companies. Your name and UPI ID are never included in any data we share.

4. How we use your data

To process your submissions and pay you for approved recordings
To verify your account and send you payout confirmations
To build and license datasets to AI companies for model training
To improve our review and anonymization processes

We do not sell your personal data. We do not share your email or UPI ID with AI company partners. We do not use your data for advertising.

5. What AI company partners receive

When we license data to AI companies, they receive:

Anonymized audio files (no identifying information)
Transcripts with PII removed
Metadata: language, call type, duration, speaker count

They do not receive your name, email, phone number, UPI ID, or any other information that could identify you as the person who submitted the recording.

6. Data retention

We keep your account data for as long as your account is active. Submitted recordings are retained to maintain the integrity of our dataset and audit trail. If you request deletion, we will delete your account and associated personal data (email, UPI ID) within 30 days. Note that anonymized recordings already licensed and embedded in a training corpus may not be fully retractable, as they contain no information linking them to you.

7. Your rights under DPDP Act 2023

Under India's Digital Personal Data Protection Act 2023, you have the right to:

Access — know what personal data we hold about you
Correction — request we correct inaccurate personal data
Erasure — request deletion of your personal data
Grievance redressal — raise concerns about how we handle your data

To exercise any of these rights, write to delete@sorus.io. We will respond within 30 days.

8. Data security

All data is stored in encrypted cloud storage. Data transfers between your browser and our servers use HTTPS. Access to raw contributor data is restricted to authorized Sorus personnel only. We do not share your personal data with third parties except as necessary to process payouts (e.g., our payment infrastructure).

9. Third-party services

We use the following third-party services to operate Sorus:

Supabase — database and authentication
Wasabi — cloud storage for audio files
Resend — email delivery (for verification emails and notifications)
AssemblyAI — automated transcription
PostHog — product analytics (page views and anonymous usage events; no PII shared)

Each of these services has its own privacy practices. We choose partners with strong data security standards and do not grant them access to contributor personal data beyond what is required for the service.

10. Children's privacy

Sorus is not intended for anyone under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has submitted data, contact us at hello@sorus.io and we will remove it.

11. Changes to this Policy

If we make material changes to this Privacy Policy, we'll notify account holders by email before the changes take effect. Continued use of the platform after changes take effect means you accept the updated Policy.

12. Contact

Privacy questions: hello@sorus.io
Data deletion requests: delete@sorus.io