Your recordings are yours.

A plain-English explanation of how Sonnote handles your data. Not a wall of legalese you'll never read.

Last updated April 13, 2026

The short version

We collect the minimum needed to make the app work. We don't sell your data. We don't use your recordings or transcripts to train AI. You can delete your account and everything in it at any time.

What we collect

Account information

When you sign up, we store your email address, first name, and a securely-hashed version of your password (we can't see or recover your actual password). If you sign in with Google, we also store your Google account ID to recognize you on return visits.

Your recordings and generated content

Audio files you record or upload, along with the transcripts and AI-generated summaries Sonnote creates from them. These are stored on our servers so you can access them from any device signed into your account.

Usage data

Basic information needed to run the service: when you recorded something, how long it was, how much storage you're using, what subscription tier you're on. We don't track what you look at, how long you stare at the screen, or build behavioral profiles.

Device information

If you enable push notifications, we store your device's push token so we can notify you when a transcript is ready.

What we don't collect

Your location
Your contacts, photos, calendar, or other device data
Your web browsing history or behavior outside Sonnote
Advertising identifiers or third-party tracking data

How we use your data

We use your data only to operate Sonnote:

Transcribe your recordings. Audio is sent to our transcription service (Whisper, running on our own infrastructure) and converted to text.
Generate AI summaries. Transcripts are sent to Anthropic's Claude API to produce summaries, action items, key terms, flashcards, and mind maps. Anthropic does not train on API inputs per their standard commercial terms.
Correct proper nouns. When you enable AI cleanup, Claude may use web search to verify names and current facts mentioned in your recording. Only the specific names or phrases being verified are sent, not the entire transcript to the search.
Deliver notifications. We send push notifications when your transcript or summary is ready, if you've enabled them.
Process payments. If you upgrade to a paid plan, Stripe handles payment processing. We never see or store your credit card details.

Your recordings are never used to train AI models.

Not by us. Not by Anthropic. Not by anyone. This is a hard rule for Sonnote.

Who we share data with

We share data only with the service providers needed to run Sonnote:

Anthropic — processes transcripts to generate summaries via the Claude API
Google — if you sign in with Google, we verify your identity through their OAuth service
Stripe — processes subscription payments if you upgrade
Apple / Expo — delivers push notifications to your iPhone

We never sell your data. We never share it with advertisers, data brokers, or anyone whose business model involves your personal information.

How we protect your data

All traffic is encrypted in transit with TLS 1.2+
Passwords are hashed with bcrypt (12 rounds) — not stored in plain text
Refresh tokens are stored hashed with SHA-256 in our database
Access tokens expire after 15 minutes; refresh tokens after 30 days
On mobile, refresh tokens are stored in the iOS Keychain
On the web, refresh tokens use httpOnly, Secure, SameSite=Strict cookies (immune to cross-site scripting attacks)
Audio files are stored on our servers with access restricted to authenticated requests only

Your rights and controls

Delete a recording

Open any recording and tap the trash icon. It's immediately deleted from our servers, along with its transcripts and summaries.

Delete your account

Email sonnote@protonmail.com and we'll delete your account and all associated data within 30 days. We'll confirm when it's done.

Export your data

You can view all your transcripts and summaries from the web app. To request a full export in JSON, email us.

Change your password

Settings → Change password (in the app or on the web).

Data retention

We keep your recordings and account data for as long as your account exists. If you cancel your subscription, your data remains until you delete your account or your storage limit is reduced (we'll email you before deleting anything).

If you delete your account, all your data — recordings, transcripts, summaries, account info — is permanently removed within 30 days. Backups that may include your data are rotated out within 60 days.

Children

Sonnote is not intended for children under 13. We do not knowingly collect personal information from children. If you believe we have, please email us and we'll delete it.

Changes to this policy

If we change this policy in a material way, we'll notify you by email before the change takes effect. The "last updated" date at the top of this page is always accurate.

Contact us

Questions, concerns, or requests about your data? Email sonnote@protonmail.com. A real person will respond.