Privacy Policy

Please read this important information about your privacy.

Who are we?

We are Soda, registered as a Data Controller in Belgium (Drukpersstraat 35, 1000 Brussels). You can read more about our company here.
Your privacy is important to you, and so is your data. To learn about Soda’s approach to data protection, and what this means for you, please read on

What do we want to know, and why?

When you visit this website or use our cloud platform, we (Soda) will collect and observe some information about your activity. This helps us to understand how our trial users and customers interact with our product, so that we can:

  • Help you make the most of your subscription
  • Identify and reach organisations who would benefit from enterprise product features
  • Tailor our sales approach for a variety of professions, roles, industries and regions
  • Track the effectiveness of our sales and marketing activities
  • Keep our site and services secure

Things we don't do:

  • Profile your lifestyle, demographics or personal behaviour
  • Sell individuals' data
  • Upload your personal data to social media for targeted advertising

Our Processing

When You Arrive On The Website


Please note that we’re in the process of working to make this site privacy-friendly and compliance with EU law. In the meantime, here’s the information you need to identify the cookies set by our website so that you can remove (and block) them if you choose.


Your activity on this site is tracked by the companies listed below, to assist us in identifying marketing leads, operate the site and assess its performance. To prevent this tracking while we’re in the process of making the site privacy-friendly, you can install a tracking-blocker. Caution: if you block the performance trackers, some parts of the site may not work properly.

Site Performance

  • Cloudfront
  • JSDelivr
  • Webflow

Marketing and Advertising

  • IPify
  • Facebook
  • LinkedIn
  • Google
  • QuickKoala (Autopilot)

When You Create an Account

  • We’ll ask you for your name, your company email address, your job title and employer/company, the technology stack you’re working with and the problems you’re looking to solve. You can choose whether to provide your work telephone number as well. The information you provide is sent securely from the website into our customer relationship management system (CRM), which is hosted inside the EU.
  • We’ll confirm your signup by sending an email to the address you’ve registered with.
  • A user account on the Soda Cloud will be created for you.

We use external companies to host our CRM, our data warehouse and our website – these are all engaged under Processor terms, which means they can’t do anything with your data unless we give them permission.

For free users – your data will be kept for as long as your account is active. After you close it down, your name and contact details will be retained for 3 years, for marketing and analytics, and after that, your de-identified activity data will be kept in de-identified form for as long as it is useful for our product analytics. We keep your information for your convenience, in case you want to re-activate your account at a later date; and also so that we can analyse user journeys and our interactions with product users to inform our sales strategies.

For enterprise users – if you are the main point of contact for Soda sales or support within your company, your data will be kept for six years after the last financial year in which we have an interaction, to meet our tax record-keeping and financial accountability obligations.

Our lawful basis for this processing is legitimate interests – we want to help you get the best out of our product, and we want you to have a good experience of using it.

When You Request a Demo

  • Your chosen date and time are sent to us via Calendly, along with the details you’ve entered into the online booking form.
  • We’ll contact you to invite you to view our demo, and your data goes into our CRM.
  • If you don’t go on to create an account on the Soda Cloud, we will keep your information on record for 3 years, to help us analyse our sales performance. You won’t be sent any marketing materials unless you have opted-in to receive our newsletter.

Our lawful basis for this processing is legitimate interests – we’d like to show you what Soda can do!

When You Download a Resource

We’ll ask you for some details about your work and how to contact you. These will go into our CRM so that we can keep track of how often you’ve interacted with us, which helps us reach out to companies that could benefit from our assistance. We won’t send you marketing emails unless you opt in, and you can unsubscribe at any time afterwards.

Legitimate interests are our lawful basis for this use of your data - we want to make our marketing as effective as possible , and you want access to helpful resources.

When You Use Soda Cloud

Your login sessions and activity while logged in are logged and analysed for security, sales and product support insights. 

If you set alerts on a monitor within the product, you’ll receive emails when those alerts are triggered. We have disabled analytics tracking for these messages.

Our lawful basis for this processing is legitimate interests – in keeping our systems secure, making sure you have what you need to get the most out of Soda, and do our jobs as best we can. 

When You Sign Up To Our Newsletter or Other Marketing Communications

If you sign up to our marketing comms, your contact information will be stored in our CRM and messages will be sent to you through our marketing automation tool.

Our lawful basis for sending you these materials is consent. You can withdraw your consent at any time by unsubscribing through the link at the end of the message.

If you unsubscribe, we will keep your email address on our suppression list unless you change your mind and re-subscribe.

Our marketing messages include tracking pixels to log when our emails are opened, when links within them are clicked, and when an unsubscribe request is sent back to us. These pixels allow us to log the following information:

  • Date, time, IP address, geolocation (approx.), client device, IP address owner, recipient email address, links clicked

If you prefer not to be tracked in this way, please set your email client to disable loading of remote images.

If You Give Us a Star on GitHub

If you ‘star’ any of our projects on GitHub, your profile information will be visible to us. If you work for a company or hold a role that is of particular interest to us, we’ll reach out to you in a non-spammy way to make sure you have all the information you need to make the most of Soda products.

Data From Third Parties

We buy access to databases of professional information and contact details for people who have opted-in to receive marketing messages from third parties, but we take care to ensure that we don’t send messages to anyone who has not given their consent, or has opted out since giving consent. If you’ve had an unwanted marketing email from us and you haven’t given us your data directly, you can query this with us to find out where we got your data from, and of course you can unsubscribe from future communications.

Your Rights

Data protection law outlines certain rights that give you the power to check and make sure that your personal data is being used appropriately and lawfully. Some of these rights will only apply in particular circumstances.The data protection rights which will apply in nearly all* circumstances are:

  • The right to be informed about how and why your personal data is being processed – that’s what this privacy information is all about
  • Rectification – to have inaccurate or out-of-date personal data corrected or updated. The right to request access to your personal data, and explanations of why/how it is being processed. This is called a ‘subject access request’ and if you send us one then the following applies:
    - We may need to take steps to verify that the request is actually from you, such as requesting confirmation by email
    - We then have 1 month (usually 30 calendar days) to send you the information you have requested
    - Unless you ask us for a hard copy, we’ll provide and send you your data securely via digital means
  • The right to complain to a data protection regulator if your personal data has been processed unlawfully or inappropriately.
  • Restriction – to restrict processing of your personal data to what is needed for legal claims only

(*except processing for law enforcement and national security, which has its own set of rules)

Rights which only apply in particular circumstances are:

  • Erasure – to have your personal data deleted from our systems and records 
    - (applies when consent is withdrawn, you’ve objected to processing under legitimate interests, the data is no longer needed, or the processing is unlawful – which we will definitely try to avoid)
  • Portability – to have your personal data exported in machine-readable format, ready for processing by another Controller(
    - applies to data you’ve supplied to us if the processing is for a contractual agreement with you, or the processing is based on consent)
  • Objection – to object to the use of your personal data for direct marketing, or to object to processing carried out on a legitimate interests basis
    - (applies to all processing for direct marketing, and to processing under legitimate interests unless those interests are strong enough to outweigh your preference – such as processing for monitoring systems security and acceptable use)

To exercise any of your rights, please contact us