Privacy Policy for Sobmit
Last updated: 20 June 2025
This Privacy Policy describes how Sobmit (“we,” “us,” or “our”) collects, uses, and discloses your information when you use our web application Sobmit (the “App”) and the services provided through it. We are committed to protecting your privacy and handling your data in a transparent manner, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Who We Are
App Name: Sobmit URL: sobmit.com Contact Details: [Your contact details, e.g., info@sobmit.com or reference Imprint] Operator:
What Information We Collect
We collect and process the following types of information:
Account Information: When you create an account, we collect your email address. We also record the times of your account creation and logins.
Text Content (User Input and AI Output): When you use Sobmit to improve and optimize texts, you input text into the App. The AI then generates optimized text.
Usage Data (via Vercel Analytics): We collect anonymous usage data related to your interaction with the App, such as page views, load times, and custom events.
How We Collect Your Information
We collect information in the following ways:
Directly from you: When you create an account using your email address or through OAuth providers (Google, LinkedIn).
Through your use of the App: When you submit text for optimization.
Automatically: Through our hosting provider, Vercel, which collects anonymous usage data via Vercel Analytics.
How We Use Your Information
We use the collected information for the following purposes:
To Provide and Maintain the App: To allow you to create and log into your account, and to provide the core functionality of text improvement and optimization.
Account Management and Security: To manage your account, verify your identity, and ensure the security of your account, including tracking login times for security monitoring.
Text Optimization: To process your input text using AI technologies and generate improved text outputs.
Service Improvement: To understand how our App is used and to improve its performance, features, and user experience. This is done through aggregated, anonymized usage data.
Data Minimization and Non-Storage of Text Content
A core principle of Sobmit is data minimization. We want to emphasize that user-submitted text content is not stored or reused after processing. As soon as the optimized text has been generated and provided to you, the purpose of processing by Sobmit is fulfilled, and therefore, the data is no longer stored. This means your text inputs and the AI-generated outputs are processed temporarily in memory and are not retained on our servers.
Sharing Your Information with Third Parties
We work with third-party service providers to operate and maintain our App. These providers act as data processors on our behalf.
Vercel (Hosting & Analytics): Our App is hosted on Vercel.com. Vercel also provides web analytics services. Vercel Web Analytics is designed to be privacy-focused; it does not collect personal identifiers that track and cross-check end users’ data across different applications or websites. Instead, end users are identified by a hash created from the incoming request, and visitor session lifespan is discarded after 24 hours. Vercel is SOC 2 Type 2 attested, ISO 27001:2022 certified, and certified under the EU-U.S. Data Privacy Framework (DPF) for data transfers to the U.S..
Grok AI (xAI): We use AI technologies from Grok (provided by xAI, a U.S.-based company) to perform text improvements.
Data Usage for Model Training: Grok may use your content and interactions (e.g., prompts, searches, and other materials you submit) along with Grok’s responses to train their models.
You have control over whether your data is used for training Grok. This can be managed through settings in the Grok mobile app or on the Grok.com website (e.g., “Improve the model” setting). Content from “Private Chat” (if available and used) is not used for model training. xAI applies quality filters and takes steps to minimize the processing of personal and sensitive data for training purposes; they do not actively seek out personal information to build individual profiles. A limited number of authorized xAI personnel may review conversations for specific business purposes, including improving model performance, investigating security incidents, and complying with legal obligations.
Disclaimer: Please be aware that Grok, being trained on publicly available information, may at times include misleading or factually incorrect information in its responses. We advise you to review the generated texts critically.
OAuth Providers (Google, LinkedIn): When you choose to log in via Google or LinkedIn, we receive only your email address from these providers for the purpose of creating and managing your Sobmit account. We do not collect or store any other personal data from these services beyond what is necessary for account management.
We do not sell your personal data to third parties.
Legal Basis for Processing Your Information
We process your personal information based on the following legal grounds:
Performance of a Contract (Art. 6(1)(b) GDPR): Processing your email address for account creation and login, and processing your text input to provide the text improvement service, is necessary for the performance of the contract between you and us.
Legitimate Interests (Art. 6(1)(f) GDPR): We process your account creation/login times for security purposes and service optimization. We also process anonymous usage data via Vercel Analytics based on our legitimate interest in improving our service and understanding user behavior, provided that your interests and fundamental rights do not override these interests.
Consent (Art. 6(1)(a) GDPR): If applicable, for certain data processing activities (e.g., if you choose to allow Grok to use your data for model training), we rely on your explicit consent. You have the right to withdraw your consent at any time.
Your Data Protection Rights
Under the GDPR, you have the following rights regarding your personal data:
Right to Access (Art. 15 GDPR): You have the right to request copies of your personal data.
Right to Rectification (Art. 16 GDPR): You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure (Art. 17 GDPR - “Right to be forgotten”): You have the right to request that we erase your personal data, under certain conditions.
Right to Restrict Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Data Portability (Art. 20 GDPR): You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Right to Object to Processing (Art. 21 GDPR): You have the right to object to our processing of your personal data, under certain conditions.
Right to Withdraw Consent (Art. 7(3) GDPR): If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time.
To exercise any of these rights, please contact us using the contact details provided in our Imprint.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data at rest (AES-256) and in transit (HTTPS/TLS 1.3) by our hosting provider Vercel, as well as access controls and regular backups.
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Your email address and account creation/login times are retained until you delete your account.
As stated in Section 5, user-submitted text content and AI-generated outputs are not stored after processing.
Anonymous usage data collected by Vercel Analytics is processed for aggregated statistics, with visitor session hashes discarded after 24 hours.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. We encourage you to review this Privacy Policy periodically for any changes.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us via the details provided in our Imprint.