SonaVoice for iOS is coming·Join the waitlist →

Privacy Policy

SonaVoice is a dictation tool — it hears what you say. This policy explains, in plain terms, what we collect, what we deliberately do not, and the choices you have.

Last updated: June 14, 2026

The short versionWe transcribe your audio and immediately discard it — we never store recordings or use them to train models. Your dictation history lives on your device, not on our servers. We collect the minimum needed to run your account, we don't show ads, and we never sell your data.

This Privacy Policy describes how Sona Labs, Inc. (“SonaVoice”, “we”, “us”) handles personal data across the SonaVoice desktop app, the website at sonavoice.cc, and the SonaVoice Engine API (together, the “Service”). By using the Service you agree to this policy together with our Terms of Service.

Your voice and transcripts

This is the part that matters most for a dictation tool, so we put it first. When you dictate, your audio is streamed to a speech-to-text engine, converted to text, and then discarded. We do not keep recordings, we do not build voice profiles, and we do not use your audio or text to train models.

The resulting transcript — the text itself — is not stored on our servers. Your dictation history is kept locally on your device and you can clear it at any time from the desktop app. For more detail, see Why we don't store your audio and the Privacy section of the user guide.

Features that read the context of your active app (for better accuracy) are off by default. When you turn one on, only a short, bounded snippet is sent for that session — never your whole screen, and nothing we retain.

Information we collect

Account information. Your email address, and — if you sign in with Google — your name and a Google account identifier. We sign you in without a password.
Authentication data. One-time sign-in codes and session tokens. These are stored only as irreversible hashes, never in plain text.
Usage counts. The number of words you dictate per day and total speaking time — used to enforce free-plan limits and to draw the activity chart in your account. This is a count; it does not include the content of what you dictated.
Custom dictionary. Any names, brands, or terms you add so SonaVoice spells them your way.
Devices. The license keys that link your installed copies of SonaVoice to your account, with a label and an activation date.
Billing data. If you subscribe to Pro, your payment is handled by Stripe. We store your Stripe customer and subscription identifiers, plan, and renewal date. We never see or store your card number — Stripe does.
Referral data. Your referral code, the code that referred you (if any), and the status of any rewards.
Limited technical data. Minimal server logs needed to operate the Service securely. We do not run third-party analytics or advertising trackers.

How we use information

To provide the Service: transcribe your speech, sync your dictionary and devices, draw your dashboard.
To authenticate you and keep your account secure.
To enforce free-plan limits and process Pro subscriptions and referral rewards.
To respond to your support requests.
To prevent abuse and fraud (for example, we block known disposable-email providers at sign-up).
To comply with legal obligations.

We do not sell your personal data, and we do not use it for advertising.

We share data only with the providers we need to run the Service, and only what each needs to do its job:

Speech-to-text and language-model providers. Third-party AI providers that transcribe your audio and clean up the text in real time. They receive the audio for the duration of transcription only; it is not retained.
Stripe — payment processing for Pro subscriptions.
Google— only if you choose “Continue with Google” to sign in.
Our transactional email provider — to send your one-time sign-in codes.
Our hosting provider — to run our servers.

Each of these providers processes data on our behalf under their own terms. A current list of our subprocessors is available on request at support@sonavoice.cc.

Cookies and local storage

We don't use advertising or analytics cookies. The website stores your session token and email in your browser's local storage so you stay signed in — these are functional, not tracking. Signing in with Google sets one short-lived security cookie to protect the login flow. That's all.

Data retention

Account data is kept while your account is active.
Daily usage counts are retained for the life of your account; your activity chart shows roughly the last six months.
Sign-in codes expire within minutes; sessions expire after 30 days.
Audio is never retained. Your transcript history lives only on your device, and you can clear it at any time from the desktop app.
To delete your account, email support@sonavoice.cc; we delete or anonymize your personal data, except records we must keep (for example, billing records) to meet legal obligations.

Your rights

You can access, correct, export, or delete your personal data, and withdraw consent at any time. Email support@sonavoice.cc and a human will help.

EEA / UK users (GDPR). Our legal bases for processing are: performing our contract with you (running your account), our legitimate interests (security and preventing abuse), your consent (optional features like app-context reading), and legal obligations. You also have the right to lodge a complaint with your local data protection authority.

California users (CCPA/CPRA).We do not sell or “share” your personal information as those terms are defined by California law. You have the right to know what we collect, to request deletion, and not to be discriminated against for exercising these rights.

Security

We protect your data with HTTPS in transit, irreversible hashing of sign-in codes, session tokens, and license keys, and by keeping card data entirely with Stripe. On your device, your license and session are stored in your operating system's encrypted secure store. No system is perfectly secure, but our design goal is to keep as little as possible — there's nothing interesting to take when there's nothing kept.

Children

SonaVoice is not directed to children and is not intended for anyone under 13 (or the minimum age required in your country). We do not knowingly collect data from children.

International data transfers

We and our providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards for international transfers.

Changes to this policy

We may update this policy from time to time. We'll change the “Last updated” date above and, for material changes, give notice through the Service.

Contact

Questions or requests? Email support@sonavoice.cc. Sona Labs, Inc. — see our contact page for more ways to reach us.