Back to home

Privacy Policy

Last updated: 7 June 2026

Who we are

Socrate is operated by Luca Tiriolo, an individual based in the United Kingdom. You can reach us at hello@usesocrate.com. Luca Tiriolo is the data controller for personal data collected through this website.

What data we collect

We collect the minimum data necessary to operate Socrate. An account is required to use Socrate. Here is exactly what we collect and why.

  • Account data — when you create an account, we store your email address and, if you sign in with Google, your name and profile picture as provided by Google. Legal basis: contract (you asked us to create an account for you).
  • Session usage count — to operate the free plan (which includes a limited number of sessions per month) and the unlimited paid plan, we record each session you start: a random session identifier, your account identifier, and a timestamp. We use this only to count your sessions. Legal basis: contract (to provide the free and paid tiers).
  • Session metadata — we store a short summary of each session: duration, number of messages exchanged, whether you reached the closing reflection, and the language detected. Legal basis: legitimate interest and contract.
  • Closing reflections (Plus plan only) — at the end of each session, Socrate produces a closing reflection: an AI-generated summary of what you found, not the raw conversation. On the paid Plus plan this reflection is saved to your account as your session history. It is on by default for Plus members; you can turn it off at any time with the Save my reflections setting in your account, and delete saved reflections. Free accounts do not have reflections saved. Legal basis: contract (part of the Plus service).
  • Cross-session memory (Plus plan only) — while reflection saving is enabled, your own recent saved reflections are provided to the AI at the start of new sessions so it can notice patterns across your sessions. This uses only your own reflections. Turning off Save my reflections stops this. Legal basis: contract (part of the Plus service).
  • Conversation content — anything you type during a session is sent in real time to Anthropic's API to generate responses. We do not store it. Your conversation is deleted automatically when you close or refresh the page. Before each message is sent, we run an automated check for explicit crisis language so we can show safety information when appropriate; this check is automated and does not store your message. Only the closing reflection (see above) can be saved, and only on the Plus plan.
  • Payment data — if you subscribe to the paid plan, your payment is processed by Stripe. We do not store your card number, CVV, or full billing details. Stripe shares with us a limited set of non-sensitive billing information: your name, email address, last four card digits, card type, and subscription status. We store a Stripe customer identifier in our database to manage your subscription. Legal basis: contract (to provide and manage the paid service you subscribed to).
  • Usage analytics — we use Vercel's privacy-friendly, cookieless analytics to understand aggregate usage: page views and a small set of anonymous product events (for example, that a session started or completed). This does not identify you personally and is not used to track you across other websites. Legal basis: legitimate interest.
  • Server access logs — standard technical data including IP address, browser type, and the time of your request. This is processed by our hosting provider (Vercel) and retained according to their standard policy. We do not use it for tracking.

What we do not collect

  • We do not use cookies for advertising, and we do not track you across other websites.
  • The only analytics we use is Vercel's cookieless, privacy-friendly analytics, which measures aggregate usage and does not identify you. We do not use Google Analytics, Mixpanel, or any advertising trackers.
  • We do not store the content of your conversations. What you type stays between you and the session. Only the AI-generated closing reflection can be saved, and only for Plus members who have the feature enabled.
  • We do not sell your data to anyone, ever.

Third-party processors

We share data with the following services to operate Socrate. Each is bound by its own privacy policy.

  • Anthropic — your conversation content is sent to Anthropic's API to generate responses. Anthropic processes this data under their own privacy policy. See anthropic.com/privacy.
  • Vercel — hosts usesocrate.com, processes all web requests, and provides cookieless, privacy-friendly usage analytics (aggregate page views and anonymous product events). See vercel.com/legal/privacy-policy.
  • Supabase — handles user authentication and stores account data and session metadata on our behalf. Data is stored in the EU. See supabase.com/privacy.
  • Google — if you choose to sign in with Google, Google authenticates your identity and shares your name, email address, and profile picture with us. See policies.google.com/privacy.
  • Brevo — when you create an account or join the waitlist, your email address is added to Brevo, which we use to send occasional product updates and account-related emails (such as subscription confirmations and cancellation notices). Every marketing email includes an unsubscribe link. See brevo.com/legal/privacypolicy.
  • Stripe — processes payments and manages subscriptions on our behalf. If you subscribe to a paid plan, your card details are entered directly into Stripe-hosted fields and are never transmitted to or stored on our servers. Stripe is PCI DSS Level 1 certified. See stripe.com/gb/privacy.
  • Google Fonts — fonts on this website are loaded from Google's servers, which may process your IP address. See Google's privacy policy.

Data retention

  • Conversation content — not retained. Deleted when your session ends.
  • Closing reflections (Plus) — retained while your account exists and the "Save my reflections" setting is on. You can delete them at any time in your account settings or by emailing hello@usesocrate.com.
  • Session usage counter — the per-session records used to enforce the free monthly limit are retained while your account exists.
  • Account data (email, name, profile picture) — retained until you delete your account or ask us to remove it.
  • Session metadata — retained as long as your account exists.
  • Payment data — billing records (subscription status, Stripe customer ID, last four digits) are retained for as long as your account exists and for up to 7 years after deletion, as required by UK financial record-keeping obligations. Full card data is held by Stripe and subject to their retention policy.
  • Server logs — retained per Vercel's standard policy.

Your rights

Under UK GDPR, you have the following rights regarding your personal data. To exercise any of them, email hello@usesocrate.com. We will respond within 30 days.

  • Right to access — request a copy of the data we hold about you.
  • Right to rectification — ask us to correct inaccurate data.
  • Right to erasure — ask us to delete your data.
  • Right to restrict processing — ask us to limit how we use your data.
  • Right to object — object to processing based on legitimate interest.
  • Right to data portability — request your data in a portable format.
  • Right to complain — if you believe we have handled your data unlawfully, you can lodge a complaint with the ICO (Information Commissioner's Office).

Email communications

When you create an account or join the waitlist, we add your email address to our email tool (Brevo) and may send you occasional product updates as well as account and billing emails (such as sign-up confirmations, cancellation notices, and subscription receipts). Product updates are infrequent and every one includes an unsubscribe link; you can opt out of marketing emails at any time while still receiving essential account emails. To opt out, use the unsubscribe link or email hello@usesocrate.com. Our legal basis for product updates is our legitimate interest in keeping our users informed about the service they use.

International data transfers

Some of our processors (including Anthropic and Stripe) may process data outside the UK, including in the United States. Where personal data is transferred outside the UK, it is protected by appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or a relevant adequacy decision.

Children's privacy

Socrate is intended for adults. You must be at least 18 years old to use it. We do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has provided us with personal data, contact hello@usesocrate.com and we will delete it.

Changes to this policy

If we make material changes to this policy, we will update the date at the top of this page. If you have joined the waitlist, we may also notify you by email.

Contact

Questions about this policy or your data: hello@usesocrate.com. We aim to respond within 2 business days.