Motion & GSAP UI for React. Built for shadcn/ui.
Sora UISora UI

Legal

Back to home

Privacy Policy

Last updated: June 24, 2026.

Sora UI (“we,” “us,” or “our”) is an open-source component registry and documentation site. This Privacy Policy explains how we collect, use, and protect information when you visit the site, sign in, save bookmarks, or use account features.

Component licensing is separate from this policy. See the component license for terms on using Sora UI code in your projects.

1. Information we collect

1.1 Information you provide

When you sign in or use account features, we may collect:

  • Name, email address, and profile picture from Google or GitHub
  • Bookmarked components and documentation pages
  • Communications you send to us through GitHub

We never store your Google or GitHub password. Authentication is handled through OAuth; we receive only the profile fields needed to create and maintain your account.

1.2 Information collected automatically

When you browse Sora UI, we may collect:

  • Pages visited and component views through Vercel Analytics
  • Error diagnostics such as browser, route, and stack traces when something fails
  • Session and verification data required for authentication
  • IP address and device information for security and rate limiting

2. How we use information

We use collected information to:

  • Create and manage your account
  • Save your bookmarks across devices
  • Improve components and documentation experience
  • Monitor errors and protect against abuse
  • Respond to support requests on GitHub

We do not sell your data.

We do not use account data for advertising profiling.

3. Services we use

Sora UI relies on the following infrastructure:

  • Better Auth — authentication, sessions, and account management
  • PostgreSQL — user profiles, sessions, and saved bookmarks
  • Redis — temporary auth and rate-limit cache
  • Sentry — error monitoring and performance diagnostics
  • Vercel Analytics — aggregated page and component usage

4. Error monitoring

When we send diagnostics to Sentry, we aim to capture enough context to fix bugs without exposing secrets. We do not intentionally send session cookies, OAuth tokens, access tokens, or sensitive request bodies to Sentry.

If you believe an error report included something it should not have, open an issue on GitHub and we will investigate.

5. Data retention

We retain account and bookmark data while your account is active. Session and cache data in Redis expires automatically. You may delete your account from settings; associated profile and bookmark data will be removed as part of that process.

6. Your choices

You can browse docs and components without signing in. Bookmarks and account features require an authenticated session. You may sign out at any time or delete your account from settings.

7. Google user data

If you sign in with Google, we access your email, display name, profile picture, and unique Google account identifier. We only request the minimum scopes needed for authentication. Google user data is used exclusively to create and maintain your account and is not used for advertising or unrelated analytics.

You may revoke access at any time through your Google Account Permissions.

8. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised “Last updated” date.

9. Contact

Questions about this policy? Open an issue or discussion on GitHub.