How we protect your voice

1. What We Listen For

Your Voice Recordings

When you share your thoughts with Sonora, we listen carefully and purposefully with your permission:

• Transcription Processing: Your audio is securely transmitted to our trusted transcription service to convert speech to text with industry-standard encryption
• AI Analysis: Transcribed text (never the original audio) is analyzed to generate summaries, extract themes, and identify actionable insights
• Local Storage: Audio files and transcriptions are stored locally on your device under your complete control
• Temporary Processing: Audio data exists on our servers only during transcription—typically 10-30 seconds—then is permanently deleted

Transcription & Service Tiers

Sonora uses cloud-based transcription powered by OpenAI Whisper to convert your voice recordings into text. To balance privacy, performance, and fair use, we offer two subscription tiers:

• Free Tier: 60 minutes per month of cloud transcription. Audio is sent securely via encrypted connection, transcribed, and immediately deleted from our servers after processing.
• Pro Subscription: Unlimited transcription and advanced AI analysis. Pro subscribers get unrestricted recording time plus enhanced AI features including Thinking Patterns, Cross-memo insights, and Smart action items.

Note: All transcription is cloud-based. Audio is encrypted in transit, processed securely, and deleted within seconds of transcription completion.

Pro Subscription & Payment Processing

Sonora offers an optional Pro subscription with additional features and unlimited transcription. Here's how subscriptions work and what data is involved:

• Subscription Options:
  • Monthly: $6.99/month
  • Annual: $59.99/year (29% savings)
• Payment Processing: All payments are processed through Apple's App Store using your Apple ID. Sonora never sees or stores your payment card information.
• Subscription Management: We use RevenueCat, a trusted third-party service, to verify your subscription status and manage entitlements across devices. RevenueCat only receives:
  • An anonymous app user identifier (not linked to your Apple ID)
  • Your subscription status (active/expired/canceled)
  • The subscription tier you've purchased
  • Purchase timestamps for entitlement verification
• What We Don't Collect: We never collect, store, or have access to your:
  • Credit card numbers or payment information
  • Billing address or personal payment details
  • Apple ID or email address (unless you contact support)
  • Purchase history beyond what's needed for subscription verification
• Privacy Protection: RevenueCat is bound by strict contractual privacy requirements and cannot use your subscription data for advertising, marketing, or any purpose other than providing subscription services to Sonora.

For more information about RevenueCat's privacy practices, visit: RevenueCat Privacy Policy

Diagnostics (non-tracking)

We collect crash reports and basic performance data to improve reliability. This data is not used for tracking, not sold, and not linked to your identity.

Calendar & Reminders Access (Optional)

Sonora can optionally help you turn voice memo insights into actionable calendar events and reminders. This feature requires your explicit permission and operates with strong privacy protections:

• Permission Required: iOS will ask for your permission before Sonora can access your Calendar or Reminders. You can decline or revoke this permission anytime in iOS Settings.
• Write-Only Access: Sonora uses write-only permissions, meaning the app can create new events and reminders but cannot read your existing calendar or reminder data. Your existing schedule remains private.
• User Approval for Each Action: When Sonora's AI identifies potential events or action items in your voice memos, you must individually review and approve each suggested event or reminder before it's added to your calendar. Nothing is added automatically.
• What Gets Created:
  • Calendar events with dates, times, and descriptions derived from your voice memo content
  • Reminders with titles and notes based on AI-detected action items
  • All created items are standard iOS Calendar/Reminder entries that you fully control
• Local Processing: Event and reminder detection happens entirely on-device. Your calendar and reminder data never leaves your iPhone.
• No Data Collection: Sonora does not collect, store, or transmit any information about:
  • Your existing calendar events or reminders
  • Event attendees, locations, or details
  • Calendar metadata or usage patterns
  • Which events or reminders you approve or decline

Note: This feature is entirely optional. Sonora works perfectly without Calendar or Reminder access, and declining these permissions does not affect transcription or AI analysis features.

Personalization Data (Display Name)

Sonora allows you to set an optional display name for a more personalized in-app experience. Here's how it works and what protections are in place:

• Completely Optional: Setting a display name is entirely optional. The app works perfectly without one.
• Local Storage Only: Your display name is stored exclusively on your device using iOS's secure storage. It is never uploaded to our servers or transmitted over the internet.
• How It's Used: Your display name is used locally to personalize:
  • In-app greetings: Messages like "Welcome back, [Name]" within the app interface
  • Prompt personalization: Your name may be added to local prompts (e.g., "[Name]'s thoughts") but is never sent to AI services
  • Settings displays: Showing your name in the personalization settings section
• Important Clarification: Your display name:
  • Does NOT appear in AI-generated summaries, analyses, or transcriptions
  • Is NOT transmitted to OpenAI or any third-party services
  • Is NOT included in any network requests or cloud storage
  • Only affects the local user interface on your device
• Full Control: You can:
  • Change your display name anytime in Settings → Personalization
  • Clear it completely to return to anonymous usage
  • Delete the app to remove all data including your display name
• Privacy Protection: Because display names stay local, they:
  • Cannot be accessed by our servers or any third parties
  • Are not included in crash reports, analytics, or logs
  • Do not sync across devices (each device stores its own independently)
  • Are deleted when you delete the app or clear app data

Example: If you set your display name to "Alex", you might see "Welcome back, Alex" in the app — but this name exists only on your iPhone and is never sent anywhere.

Information We Absolutely Do Not Collect

• Personal identification information (name, email, phone number)
• Location data or GPS coordinates
• Contact lists or other device data
• Usage analytics for advertising purposes
• Behavioral tracking across apps or websites
• Voice recordings for any purpose other than transcription

2. How We Use Your Information

Core Functionality

Your data serves one primary purpose: making Sonora work for you.

• Transcription: Audio recordings are processed solely to provide accurate text transcription
• AI Analysis: Transcripts are analyzed only to generate summaries, themes, and actionable insights
• App Features: Data enables Live Activities, search functionality, and intelligent memo organization
• Personal Search: Local indexing allows you to find your own recordings quickly and efficiently

Service Improvement

We use anonymized, aggregated data to make Sonora better:

• Transcription Quality: Improve accuracy and speed without accessing individual recordings
• AI Enhancement: Refine analysis algorithms based on general usage patterns
• Bug Fixes: Identify and resolve technical issues for smoother user experience
• Performance Optimization: Enhance app speed and battery efficiency

Lawful Basis for Processing (EU/UK)

Where applicable under GDPR and UK data protection laws, we process your data under these lawful bases:

• Contract Performance: To provide the core app functionality you've requested
• Legitimate Interests: To maintain app security, performance, and user experience
• Consent: For microphone access and optional features you explicitly enable
• Legal Compliance: To comply with applicable laws and regulations when required

3. Keeping Your Voice Secure

Your Thoughts Stay With You

Your recordings and transcriptions live primarily on your device, where they belong, protected by iOS's thoughtful security architecture and your device's built-in encryption.

Secure Processing Pipeline

When audio requires processing for transcription and analysis:

• Encryption in Transit: All data transmission uses TLS 1.3 encryption with perfect forward secrecy
• Secure Infrastructure: Processing occurs on infrastructure with industry-standard security controls
• Minimal Retention: Audio files are permanently deleted within minutes of processing completion
• Zero Permanent Storage: No long-term copies are ever stored on our servers
• Access Controls: Strict employee access controls with audit logging
• Data Isolation: Your data is processed in isolated environments with no cross-contamination

Data Retention Policy

• Local Data: Remains on your device indefinitely until you choose to delete it
• Server Processing: Audio data is deleted immediately after transcription
• Technical Logs: Anonymized performance logs retained for maximum 30 days for debugging
• User Deletion: When you delete a recording, all associated data is permanently removed

Security Measures

• Encryption in Transit: Data is encrypted between your device and our servers
• Secure Architecture: Built using Apple's security best practices and guidelines
• Regular Audits: Ongoing security assessments and penetration testing
• Compliance: Adherence to industry security standards and frameworks

4. Third-Party Processors

Third-Party Processors

Sonora works with carefully selected, privacy-respecting service providers to deliver core functionality. Here's every third-party service we use and what data they process:

• Hosting: Our API runs on Fly.io; requests are TLS-encrypted in transit. Temporary debug logs may be retained for up to 30 days for troubleshooting purposes.
  • Privacy Policy: Fly.io Privacy Policy
• Transcription: Audio recordings are sent to OpenAI Whisper API for speech-to-text conversion. Audio is transmitted over TLS encryption and deleted immediately after transcription.
  • Important: OpenAI does not use your audio or transcripts to train their AI models
  • OpenAI may retain limited logs for up to 30 days for abuse monitoring and security purposes only
  • Privacy Policy: OpenAI Privacy Policy
• AI Analysis: Text transcripts (never audio) are sent to the OpenAI GPT-4o-mini API to generate summaries, themes, and action items. Content is sent over TLS.
  • Important: OpenAI does not use your transcripts for advertising or model training
  • Limited retention for abuse monitoring only (30 days maximum)
  • Zero days retention for API customers (enterprise-level privacy protection)
• Subscription Management: RevenueCat manages Pro subscription verification and entitlements across your devices.
  • Receives: Anonymous app user ID, subscription status, tier purchased, purchase timestamps
  • Does NOT receive: Payment card info, billing address, Apple ID, email, or personal data
  • Strict Privacy: RevenueCat cannot use your data for advertising, marketing, or any purpose other than subscription services
  • Privacy Policy: RevenueCat Privacy Policy

Contractual Safeguards: All service providers are bound by data processing agreements requiring privacy compliance, security standards, and prohibition of secondary data use.

Service Provider Safeguards

We only engage trusted service providers under strict data protection terms:

• Contractual Obligations: Written agreements requiring privacy compliance and data protection
• Limited Purpose: Providers process data only for specified services, nothing else
• Security Requirements: All providers must meet our security and privacy standards
• No Secondary Use: Providers cannot use your data for their own purposes or products
• Regular Audits: We monitor and audit provider compliance with privacy requirements

What We Never Do

Your trust is paramount. We commit to never:

• Sell your data to third parties for any reason
• Share your recordings with advertisers or marketing companies
• Use your voice content for training our AI models
• Provide data to social media platforms for profile building
• Share information with data brokers or analytics companies
• Use your content for any commercial purpose beyond providing Sonora's features

5. Your Rights and Controls

Data Control Features

Sonora puts you in the driver's seat of your privacy:

• Instant Deletion: Delete any recording and its transcription with a simple swipe
• Easy Export: Export your data using iOS sharing capabilities to any destination you choose
• Full Transparency: All your data is accessible and viewable directly within the app
• Granular Controls: Choose which features to enable and when to use AI analysis
• Local First: Your data stays on your device unless you specifically choose to process it

Privacy Settings

Customize your privacy experience:

• Microphone Access: Revoke recording permissions anytime in iOS Settings
• Live Activities: Control dynamic island and lock screen features in iOS Settings
• Background Processing: Manage background app refresh in iOS Settings
• AI Analysis: Choose when and if to run AI analysis on your recordings
• Analytics: Opt out of anonymous usage analytics if desired

Your Legal Rights (Where Applicable)

Under GDPR, CCPA, and other privacy laws, you have the right to:

• Access: Request information about what personal data we have about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information
• Object/Restrict: Object to or restrict certain processing of your data
• Portability: Request a copy of your data in a portable format
• Withdraw Consent: Withdraw consent where processing relies on your consent
• Non-Discrimination: Exercise your rights without discrimination or service degradation

To exercise these rights, contact us at kahessay [at] icloud [dot] com. We'll respond within 30 days and never discriminate against users for exercising their privacy rights.

6. Children's Privacy Protection

Sonora is rated 9+ on the App Store and is designed for users ages 9 and older. We do not knowingly collect personal information from children under 13 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at kahessay [at] icloud [dot] com and we will take prompt action to remove such information.

Parental Controls

• Family Sharing: Use iOS Family Sharing to manage app downloads and permissions
• Screen Time: Set app usage limits through iOS Screen Time controls
• Restrictions: Use iOS Restrictions to control microphone access and app features

7. International Users and Data Transfers

Sonora is designed to work globally while respecting local privacy laws. Our servers are located in secure data centers in the United States, operated by industry-leading cloud providers with international privacy certifications.

Cross-Border Transfers

• Global Compliance: We comply with applicable international data transfer regulations
• Adequate Protections: All international transfers include appropriate safeguards
• Standard Contractual Clauses: We use approved transfer mechanisms where required
• Secure Infrastructure: All data centers meet international security and privacy standards

Regional Privacy Laws

We respect and comply with regional privacy requirements:

• GDPR (European Union): Full compliance with EU General Data Protection Regulation
• UK GDPR: Adherence to UK data protection requirements
• CCPA (California): Compliance with California Consumer Privacy Act
• PIPEDA (Canada): Alignment with Canadian privacy legislation

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do:

• Clear Dating: We will update the "Last Updated" date at the bottom of this policy
• Material Changes: Significant changes will be communicated through the app with clear explanations
• Direct Notice: For major changes affecting data use, we may notify you directly if we have your contact information
• Advance Notice: Changes will typically take effect 30 days after notification
• In-App Notification: You'll see a clear notice in the app when policy updates are available
• Continued Use: Continued use of Sonora after changes constitutes acceptance of the updated policy

Your Options When Policies Change

• Review Changes: Take time to review any policy updates before continuing to use the app
• Ask Questions: Contact us if you have questions about policy changes
• Choose to Leave: If you disagree with changes, you can delete the app and your data
• Stay Informed: We'll always provide clear summaries of what's changed and why