Privacy Policy

Sondra ("we", "us", "our") is operated by Sondra Labs Ltd., registered in [COMPANY JURISDICTION]. We provide AI-powered audio and video processing at sondra.app.

We built Sondra with one principle: your files are yours. This Privacy Policy explains exactly what data we collect, why, and what we do — and don't do — with it.

1. Who This Policy Applies To

This policy applies to everyone who uses Sondra, including:

• Visitors who use the service without an account ("Anonymous Users")
• Registered users on Free, Pro, or Business plans
• Business customers using the Sondra API

If you are located in the European Union, European Economic Area, or United Kingdom, additional rights apply to you under the GDPR and UK GDPR (see Section 9).

2. Data We Collect

2.1 Files You Upload

When you upload a file to Sondra for processing, we handle it as follows:

After the retention period, your file is automatically and permanently deleted from our servers. This is enforced by automated deletion policies — not a manual process.

Files processed client-side (in your browser, for files under 200MB) never leave your device and are never stored on our servers.

2.2 Account Information

If you create an account, we collect:

• Email address
• Password (stored as a bcrypt hash — we cannot read your password)
• Name (optional)
• Subscription tier and billing status

2.3 Payment Information

We do not store your payment card details. All payments are processed by Stripe, a PCI-DSS certified payment processor. We receive only a payment confirmation and a customer reference from Stripe. Stripe's privacy policy is available at stripe.com/privacy.

2.4 Usage Data

We collect anonymised data about how you use Sondra to improve the service:

• Pages visited and features used
• File type and duration (not file content)
• Processing time and outcome (success or failure)
• Browser type, operating system, and approximate location (country level)

2.5 Cookies

We use two categories of cookies:

Essential cookies (always active):

• Session authentication
• Your cookie consent preference (sondra_cookie_consent)

Analytics cookies (only with your consent):

• Google Analytics 4 — anonymised usage statistics
• Mixpanel — product behaviour analytics

You can change your cookie preferences at any time via the banner at the bottom of the page.

3. How We Use Your Data

We do not:

• Sell your data to any third party
• Use your files to train AI models (without explicit opt-in)
• Share your personal data with advertisers
• Use your data for automated decision-making that produces legal effects

4. File Processing — How It Works

Client-side processing: Files under 200MB are processed directly in your browser using WebAssembly technology. These files are never transmitted to our servers.

Server-side processing: Files over 200MB, or those requiring advanced AI noise cancellation, are uploaded to our servers via an encrypted connection. The file is processed and then deleted according to the retention schedule in Section 2.1.

In both cases, files are never reviewed by human staff and are never linked to your identity if you are using Sondra without an account.

5. Data Sharing

We share data only with the following trusted service providers, who process it strictly on our behalf:

All providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

6. Data Security

We take security seriously:

• All connections use TLS 1.3 encryption
• Files stored on our servers use AES-256 encryption at rest
• Files are accessed via temporary signed URLs — our S3 bucket is never publicly accessible
• We do not log the content of your files
• Anonymous users' files are never linked to any identity

We conduct regular security reviews. If we become aware of a data breach that affects your personal data, we will notify you and the relevant supervisory authority within 72 hours, as required by law.

7. Children's Privacy

Sondra is not directed at children under the age of 13 (or 16 in EU member states where applicable). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify registered users by email at least 14 days in advance.

9. Your Rights (GDPR / UK GDPR)

If you are located in the EU, EEA, or UK, you have the following rights:

Right of access — You can request a copy of the personal data we hold about you.

Right to rectification — You can ask us to correct inaccurate data.

Right to erasure — You can delete your account and all associated data at any time from your account settings. This is immediate and permanent.

Right to restriction — You can ask us to restrict processing of your data in certain circumstances.

Right to data portability — You can request your data in a structured, machine-readable format.

Right to object — You can object to processing based on legitimate interest.

Right to withdraw consent — Where processing is based on consent (e.g. analytics cookies), you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@sondra.app. We will respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). In the EU, contact your national data protection authority.

Data controller:
Sondra Labs Ltd.
[ADDRESS]
privacy@sondra.app

10. Contact

For any privacy-related questions, contact us at privacy@sondra.app.