Legal

Privacy Policy

How Sora LLC collects, uses, discloses, and protects information.

Effective: [DATE] • Last updated: [DATE]

This is a structural scaffold only. Every section below is a heading and a plain-language description of what the section must contain. The binding legal text must be written or reviewed by counsel before this page is published. Do not treat the descriptive copy as a finished privacy policy.

Scope note for the drafter: Sora LLC operates in a HIPAA context. This policy should distinguish clearly between (a) protected health information handled on behalf of covered-entity clients, which is governed by the applicable Business Associate Agreement rather than this policy, and (b) ordinary business and website information this policy actually governs. Keep that boundary explicit.

1. Who we are

Identify Sora LLC as the entity responsible for the platforms, and name the products it operates. State the relationship between this policy and the BAA for PHI.

2. Information we collect

Describe the categories of information collected: account and contact information, billing information, usage and technical data, and any information submitted through the platforms. State plainly that PHI processed for clients is governed by the BAA, not this policy.

3. How we use information

Explain the purposes: providing and operating the service, billing, support, security, and legal compliance. State what is not done with the information.

4. How we share information

Describe disclosure to subprocessors that support the service, and link to the maintained list. Cover disclosures required by law and in connection with a business transfer.

The current list of third parties is maintained at sora-llc-group.com/legal/subprocessors.

5. Data security

Summarize the safeguards: encryption at rest and in transit, access controls, audit logging, and the HIPAA-baseline / SOC 2-goal posture. Avoid specific claims counsel has not approved.

6. Data retention

State how long information is retained and the basis for retention periods. Reference contractual and legal retention obligations for PHI.

7. Your rights and choices

Describe how individuals or clients can access, correct, or request deletion of information, and how to exercise those rights. Note any applicable state-law rights.

8. Changes to this policy

State how changes are communicated and how the effective date is updated.

9. Contact

Provide the contact method for privacy inquiries.

Insert the official privacy contact (recommend a dedicated address such as privacy@sora-llc-group.com).