Last updated: May 2026 · SOTO ⟂ DEV, Alvin Soto — San José, Costa Rica
SOTO ⟂ DEV is operated by Alvin Soto, an independent AI engineering studio based in San José, Costa Rica. Contact: rs@sotoprojdev.com.
Contact form submissions: When you fill out the contact form at /contact, we collect your name, email address, company or organization (if provided), and the message you submit. This data is stored in our CRM (Supabase, SOC 2 Type II) and used solely to respond to your inquiry.
Analytics: This site uses Plausible Analytics, a privacy-first analytics service that collects no personal identifiers, sets no cookies, and is GDPR-compliant. Plausible collects aggregate page view data (page URL, referrer, country, device type, browser). No IP addresses or cross-site tracking.
Engagement data: During active client engagements, we handle data as described in your scope document and, where applicable, under a signed NDA. Client engagement data is stored in isolated Supabase projects with row-level security.
We do not set advertising cookies. We do not use Meta Pixel, Google Analytics, or other tracking tools that share your data with third parties for advertising. We do not sell, rent, or share your data with any third party for marketing purposes.
Contact form data is used to respond to your inquiry and assess whether an engagement is appropriate. We may follow up once if we don't receive a response, after which your data remains in our CRM for 12 months and is then deleted unless you become a client.
We do not send unsolicited marketing emails. If you become a client, we will send engagement-related communications (scope documents, invoices, delivery notifications) until the engagement closes.
Contact inquiries: 12 months from last contact, then deleted. Client engagement data: retained for 5 years from engagement close for legal and accounting requirements, then deleted. Analytics data (Plausible): retained per Plausible's standard policy (aggregate only, no personal data).
You have the right to: access the data we hold about you; request correction of inaccurate data; request deletion of your data (subject to legal retention requirements); object to processing; and receive a copy of your data in a portable format.
To exercise any of these rights, email rs@sotoprojdev.com with the subject "Privacy request." We will respond within 5 business days.
Your data is stored on Supabase (SOC 2 Type II, servers in the United States) and served through Vercel (SOC 2 Type II, global CDN). All data in transit is encrypted via TLS 1.2+. Access to CRM data is limited to authorized personnel (currently: Alvin Soto only). See our Security page for the full infrastructure description.
This site uses one localStorage entry (soto-theme) to remember your light/dark mode preference. This is not a cookie and is not transmitted to any server. No other cookies, trackers, or persistent identifiers are set.
If we make material changes to this policy, we will update the "Last updated" date at the top of this page. We may notify active clients by email for significant changes.
Privacy questions: rs@sotoprojdev.com. We respond within 2 business days.