1. Introduction
Welcome to Sorom ("we," "us," "our," or "Sorom"). This Privacy Policy explains how Sorom Inc. collects, uses, shares, and protects your personal information when you use our mobile application and related services (collectively, the "Services").
By using Sorom, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Services.
2. Information We Collect
2.1 Information You Provide
Account Information. When you create an account, we collect your full name, display name, email address, date of birth (we require users to be 18+), username, password (stored in encrypted form), profile photo, bio or description, and home city and country.
Profile & Matching Information. To provide our matching services, we collect your travel preferences and interests, personality assessment responses based on the Big Five traits, communication style preferences, travel style preferences including budget, pace, and spontaneity, languages spoken, travel availability dates and destinations, and match profile photos and descriptions.
Content You Create. This includes journals containing text, photos, and videos; Moments (48-hour stories); travel diaries; comments and reactions; chat messages; itinerary details; and Interesting Places submissions including descriptions, categories, photos, and location coordinates, as well as comments on Interesting Places, bookmarks, and visit markers.
Safety Information. To support our safety features, we collect emergency contact details including name, phone, email, and relationship; safety check-in schedules; and meetup verification PINs.
Booking Information. When you use our booking features, we collect Price Check request details, guest information for reservations, booking history, and payment information which is processed securely by third parties.
Email Import. Monthly and Annual subscribers may use the Email Import feature to forward booking confirmation emails to a unique Sorom email address. When you use this feature, we collect the content of forwarded emails (including sender, subject, body, and attachments), which is processed by our inbound email handling and AI parsing providers to extract booking details such as hotel names, dates, guest names, and confirmation numbers into itinerary items. Parsed data is stored in your itinerary; the raw email content is retained for 30 days for troubleshooting, then deleted. You opt in by generating your unique forwarding address in Settings.
Maya AI Conversations. When you use the Maya AI Travel Advisor (Monthly and Annual subscribers), we collect your chat messages and queries, photos and images you share (analyzed via AI vision capabilities), itinerary and trip details referenced during conversations, your GPS location (used for local knowledge features such as transit routes, nearby services, weather, and emergency information), preference data derived from your confirmed and rejected suggestions, and trip memories that carry over between conversations. All Maya AI data is sent to third-party AI service providers for processing. Web search queries are sent to a third-party search service. See Section 8 ("AI Data Consent & Third-Party AI Disclosure") for full details on what data is shared, how consent works, and your rights.
2.2 Information Collected Automatically
Device Information. We automatically collect information about your device type and model, operating system version, unique device identifiers, and push notification tokens.
Usage Information. We collect data about your app interactions and feature usage, search queries, content viewed, time spent on features, crash logs and diagnostics, and analytics events (with opt-out option in Settings → Privacy).
Location Information. We collect location data when you tag content, which is optional and user-initiated, city-level location for matching purposes (approximate), real-time location when using the Live Connexions feature (opt-in, time-limited sessions), and viewport-based queries when browsing Interesting Places on the map (user-initiated). We do NOT continuously track your location.
2.3 Information from Third Parties
Authentication Providers. Sorom offers three ways to create an account: email and password, Google Sign-In, or Apple Sign-In. All three methods are optional.
Google Sign-In. When you sign in with Google, Sorom receives your name, email address, and profile photo to create your account. We do not access your Google contacts, calendar, Google Drive, or any other Google services. Your Google credentials are never stored by Sorom. You can revoke Sorom's access at any time via your Google Account security settings at myaccount.google.com.
Apple Sign-In. When you sign in with Apple, Sorom receives your name and email address (or Apple's private relay address if you choose "Hide My Email") to create your account. We do not access your iCloud data, contacts, calendar, or any other Apple services. Apple's private relay email forwarding is fully supported. You can manage or revoke Sorom's access via Settings > Apple ID > Password & Security > Apps Using Apple ID on your Apple device.
For both Google and Apple Sign-In, Sorom stores only the profile information received at sign-in (name, email, profile photo). We do not request or store authentication tokens beyond the initial session.
Identity Verification. For Annual subscribers who opt into verification, we receive verification status from our identity verification provider indicating whether you are verified or not verified. We do not receive copies of identity documents.
Payment Processors. Subscriptions are processed by our payment infrastructure provider, and we receive subscription status only. We do not store credit card numbers.
3. How We Use Your Information
Providing Core Services. We use your information to create and manage your account, enable travel matching based on compatibility, facilitate communication between matched users, display and share your content, and manage itineraries and bookings.
Improving and Personalizing. We calculate compatibility scores, recommend potential travel matches, personalize your feed and content, analyze usage patterns to improve our features, and provide personalized AI-powered travel recommendations through Maya AI based on your conversation history and preferences.
Safety and Security. We process emergency contact alerts, enable safety check-ins and panic button features, generate meetup verification PINs, detect and prevent fraud, spam, and abuse, and enforce our Terms of Use.
Communications. We send account-related notifications, deliver push notifications with your permission, send email updates about matches, messages, and activity, and provide customer support.
Legal and Compliance. We use your information to comply with legal obligations, respond to legal requests, and protect rights and safety.
4. How We Share Your Information
4.1 With Other Users
Public Information. Your profile name, photo, and bio are visible based on your privacy settings. Journals marked as "public" are visible to all users, and Moments are visible to your followers. Approved Interesting Places submissions, community-contributed photos, and your attribution name are visible to all users.
Matched Users. When you accept a match, your profile details are shared with that match. Chat messages are visible to conversation participants, and shared itinerary information is visible to itinerary members.
Private Accounts. If your account is set to private, your content is only visible to approved followers.
4.2 With Service Providers
We share data with trusted third-party service providers who process personal data on our behalf. We enter into data processing agreements with each provider to ensure your data is handled securely and in accordance with applicable law.
Cloud infrastructure and hosting providers that store and process your account data, content, and application data on secure servers.
Media storage providers that securely host photos, videos, and other media you upload.
Location and mapping services that enable location search, route planning, and display map features within the app.
Travel data providers that supply flight schedules, tracking information, weather forecasts, currency exchange rates, and other travel-related data to power itinerary and trip planning features.
Payment and subscription processors that handle subscription billing, payment transactions, and related financial operations. We do not store your payment card details.
AI service providers that power our AI travel advisor (Maya AI) and automated email parsing features. Maya AI requires your explicit consent before processing your data (see Section 8). Your data is not used to train third-party AI models.
Communication services that deliver email notifications, push notifications, SMS alerts, and other messages on our behalf.
Inbound email processing providers that receive and route forwarded booking confirmation emails for our Email Import feature.
Identity verification providers that confirm your identity for our premium verification feature, without sharing copies of identity documents with us.
Analytics providers that help us understand how users interact with our app, in aggregate form where possible, to improve our Services. You may opt out of analytics in Settings → Privacy.
4.3 For Legal Reasons
We may disclose information to comply with legal obligations, respond to valid legal requests, protect the safety of users or the public, prevent fraud or security issues, or in connection with a merger or acquisition.
4.4 With Your Consent
We may share information for other purposes with your explicit consent.
5. Your Rights & Choices
5.1 Access & Portability
You can view your profile and account information in the app at any time. You may also request a copy of your data through Settings → Account Management → Export Data, and download your data in a portable format.
5.2 Correction
You can update your profile information at any time through the app.
5.3 Deletion
You can delete individual content such as journals, moments, and comments. You can also delete your entire account through Settings → Account Management → Delete Account. Account deletion removes your data within 30 days, with anonymized backup retention for 12 months.
5.4 Privacy Controls
You can set your account to private so only approved followers can see your content. You can control who sees your location through visibility settings. You can block specific users to prevent them from seeing your content or contacting you. You can disable analytics tracking through Settings → Privacy → Product Analytics. Live Connexions real-time location sharing is always opt-in with time-limited sessions. You can grant or revoke AI data consent for Maya AI at any time through Settings → Privacy (see Section 8).
5.5 Communication Preferences
You can manage notifications in Settings → Notifications, where you can toggle push notifications and email notifications by type, and mute specific conversations.
5.6 GDPR Rights (EEA/UK Users)
If you are in the European Economic Area or UK, you have the right to access and request a copy of your data, the right to rectification to correct inaccurate data, the right to erasure to request deletion of your data, the right to restrict processing to limit how we use your data, the right to data portability to receive your data in a portable format, the right to object to certain processing, and the right to withdraw consent at any time. To exercise these rights, contact privacy@sorom.co.
5.7 CCPA Rights (California Users)
California residents have the right to know what personal information we collect, request deletion of personal information, opt-out of the sale of personal information (we do not sell your data), and non-discrimination for exercising privacy rights. To exercise these rights, contact privacy@sorom.co.
6. Data Security
We implement security measures including encryption of data in transit and at rest, database-level access controls ensuring users can only access their own data, secure authentication protocols, regular security audits, and comprehensive access controls and logging. However, no system is 100% secure. Please use strong passwords and protect your account credentials.
Chat Messages & Maya AI Conversations. All chat messages — both user-to-user and Maya AI conversations — are encrypted in transit. Database-level access controls ensure that only conversation participants can access their own messages. Maya AI conversations are transmitted to our AI service providers over encrypted connections only after you have granted explicit AI data consent (see Section 8). We recommend not sharing sensitive personal information (such as passport numbers, financial details, or health information) in any chat or Maya AI conversation.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Content (journals, moments) | Until deleted by user or account deletion |
| Moments | Auto-expire after 48 hours |
| Chat messages | Until deleted by user (soft-delete) |
| Deleted content | 12 months (anonymized backup) |
| Expired matches | 1 month after expiration |
| Points transactions | 18 months (inactive points expire) |
| Itineraries (free users) | 72 hours after trip end date |
| Maya AI conversations | Until deleted by user or account deletion |
| Rate limit logs | 7 days |
8. AI Data Consent & Third-Party AI Disclosure
Maya AI Travel Advisor is powered by third-party artificial intelligence and web search services. In compliance with Apple App Store Guidelines 5.1.1(i) and 5.1.2(i), we provide the following disclosure about how your data is handled when using Maya AI.
8.1 Explicit Consent Requirement
Maya AI requires your explicit opt-in consent before any data is sent to our AI service providers. When you first access Maya AI, a consent dialog explains what data will be shared, who receives it, and how it is protected. You must affirmatively grant consent before Maya AI can be used. The feature is completely disabled without your consent — no data is transmitted to AI service providers unless you opt in.
8.2 Data Shared with AI Providers
When you use Maya AI with consent granted, the following data may be sent to our AI service providers for processing:
| Data Type | Purpose |
|---|---|
| Chat messages and queries | To generate travel recommendations and respond to your requests |
| Photos and images | Analyzed via AI vision capabilities (e.g., menus, tickets, landmarks) to extract travel-relevant details |
| Trip and itinerary details | To provide context-aware planning suggestions, manage itinerary items, and detect schedule gaps |
| Travel preferences | Learned from your confirmed and rejected suggestions to personalize recommendations |
| Location data | Used for local knowledge features including transit routes, nearby services, weather forecasts, and emergency information |
| Trip memories | Retained across conversations to provide continuity and personalized context for future interactions |
| Web search queries | Sent to a web search provider to retrieve real-time information on events, festivals, visa requirements, and travel advisories |
We anonymize personal identifiers before transmitting data to our AI service providers where technically feasible. However, conversation content (such as travel destinations, preferences, photos, and planning details) is shared in order to provide the service. Your data is not used to train third-party AI models.
8.3 How AI Providers Process Your Data
Our AI service providers process your data to generate responses in accordance with their respective usage policies. All data is transmitted over encrypted connections (HTTPS/TLS). We recommend not sharing sensitive personal information (such as passport numbers, financial details, or health information) in Maya AI conversations.
8.4 Managing Your Consent
You can revoke your AI data consent at any time through Settings → Privacy in the app. Revoking consent immediately disables Maya AI and stops all data transmission to AI service providers. Previously sent data is subject to our providers' respective data retention policies. You can re-enable consent at any time to resume using Maya AI.
8.5 AI-Generated Content Disclaimer
Maya AI provides recommendations and travel planning assistance powered by artificial intelligence. AI-generated content may contain errors, inaccuracies, or outdated information. Maya AI suggestions regarding places, prices, opening hours, travel requirements, and other details should be independently verified before making travel decisions or bookings. Sorom does not guarantee the accuracy, completeness, or reliability of any AI-generated content. Users are responsible for verifying information and exercising their own judgment when acting on AI recommendations.
9. Children's Privacy
Sorom is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected data from a child under 18, we will delete it promptly.
10. International Data Transfers
Your data may be processed in countries outside your residence, including the United States. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy with a new "Last Updated" date, sending an email notification for significant changes, and providing an in-app notification. Your continued use of Sorom after changes constitutes acceptance.
12. Contact Us
For privacy questions, concerns, or to exercise your rights, please contact us:
Email: privacy@sorom.co
Data Protection Officer (EEA/UK): dpo@sorom.co