Privacy
Protocol
Sondra is a privacy-first AI recording application for Android. This Privacy Policy explains what data we collect, how we use it, and what rights you have over it.
We built Sondra with a local-first philosophy: your audio recordings, transcripts, summaries, and action items are stored on your device and are never uploaded to our servers. Only the minimum data required for authentication, billing, and AI quota enforcement is stored remotely.
Introduction
Sondra ("we", "our", or "us") is a privacy-first AI recording application for Android. This Privacy Policy explains what data we collect, how we use it, and what rights you have over it.
Information We Collect
The following is stored exclusively in the app's private local database (Room) and private files directory on your device. It never leaves your device except when you explicitly choose to export or share it.
| Data Type | Description |
|---|---|
| Audio recordings | Raw PCM audio files captured via your device's microphone, stored in the app's private files directory |
| Transcript segments | Text output from AI transcription, including speaker identifiers and timestamps |
| AI summaries | Text summaries generated from your transcripts |
| Key points | AI-extracted highlights from your recordings |
| Action items | AI-extracted tasks and follow-ups |
| Recording metadata | Title, duration, creation date, recording status, speaker count |
| Tags and categories | User-created labels for organizing recordings |
| Recording marks | User-set bookmarks with timestamps and labels |
| Theme preference | Your selected app theme (light, dark, or system) |
To provide authentication and keep your account secure, we store the following in Firebase Authentication:
- radio_button_unchecked Email address
- radio_button_unchecked Authentication credentials (hashed/managed by Firebase; we never see your password)
- radio_button_unchecked Firebase User ID (UID)
To enforce plan limits and manage billing, we store the following in Firebase Firestore:
- radio_button_unchecked Subscription tier (Free or Pro)
- radio_button_unchecked Google Play product ID and purchase token
- radio_button_unchecked Subscription expiration date
- radio_button_unchecked AI usage count and monthly quota limit
- radio_button_unchecked AI usage reset month reference
If you choose to submit a report about a transcript or summary quality issue, we store your user ID, the recording ID, report type (TRANSCRIPT, SUMMARY, or OTHER), optional written notes, and submission timestamp. Submitting a report is entirely voluntary.
How We Use Your Information
| Purpose | Data Used |
|---|---|
| Authentication | Email, Firebase UID |
| Transcription | Audio recording (sent to Deepgram via a secure server-side call) |
| AI summarization & action items | Transcript text (sent to Google Gemini via a secure server-side Cloud Function) |
| Billing and quota enforcement | Subscription tier, usage count, Google Play purchase token |
| Purchase validation | Google Play purchase token (validated against Google Play's API server-side) |
| Bug reports | Issue report contents if voluntarily submitted |
| App functionality | All locally stored recording data |
We do not use your data for advertising, profiling, or any purpose not listed above.
Third-Party Services
We use Firebase Authentication and Firebase Cloud Firestore for account management and data sync. Firebase is operated by Google LLC.
Audio recordings are transmitted to Deepgram's speech-to-text API (nova-3 model with speaker diarization) for transcription. The Deepgram API key is stored securely in Firebase Cloud Secret Manager and is never stored on your device. We do not retain audio or transcripts on Deepgram's servers beyond the duration of the API request.
Transcript text is sent to Google's Gemini API (gemini-2.0-flash model) server-side to generate summaries, key points, and action items. The API key is stored in Firebase Cloud Secret Manager. AI-generated content is returned to your device and stored locally.
Subscription purchases are processed by Google Play. Purchase tokens are validated server-side against Google's androidpublisher API. We receive and store subscription status and expiry data but do not have access to your payment card details.
Android Permissions
| Permission | Why |
|---|---|
| RECORD_AUDIO | Core app functionality — capturing audio recordings |
| FOREGROUND_SERVICE | Allows recording to continue while the app is in the background with a visible notification |
| MODIFY_AUDIO_SETTINGS | Routing audio to earpiece or speaker based on proximity sensor and connected headsets |
| READ_MEDIA_AUDIO | Access to audio files on your device |
| INTERNET | Connecting to Firebase, Deepgram, Gemini, and Google Play |
| POST_NOTIFICATIONS | Displaying recording-in-progress and completion notifications |
| WAKE_LOCK | Keeping the device awake during transcription processing |
Data Security
- lock All network communication uses HTTPS/TLS.
- lock API keys for Deepgram and Gemini are stored in Firebase Cloud Secret Manager and are never transmitted to or stored on your device.
- lock Audio files are stored in the app's private files directory, which is inaccessible to other apps on non-rooted devices.
- lock Local Room database and DataStore preferences are protected by Android's standard app sandbox.
- lock Firebase Authentication manages credential security; we never handle raw passwords.
Data Retention
| Data | Retention Period |
|---|---|
| Local recordings, transcripts, summaries | Until you delete them or uninstall the app |
| Firebase Auth account | Until you delete your account |
| Firestore subscription and quota data | Until you request account deletion |
| Issue reports | Until you request deletion or we purge them during account deletion |
Monthly AI usage counts are reset on the 1st of each month by an automated server-side process.
Your Rights and Choices
You can delete your account from the app's Settings screen. This triggers a server-side process that removes all Firestore documents associated with your user ID, followed by deletion of your Firebase Authentication record. Local data (recordings, database) is cleared when you uninstall the app.
You can export individual recording transcripts and summaries as PDF files using the in-app export feature.
Transcription and summarization are triggered explicitly by user action. You can use the recording and playback features without using any AI features.
If you are located in the European Economic Area (EEA) or United Kingdom, you may have additional rights under GDPR, including the right to access, rectify, restrict, or object to the processing of your personal data. To exercise these rights, contact us at the address in Section 11.
Children's Privacy
Sondra is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this document and, where appropriate, through an in-app notice. Continued use of the app after changes constitutes acceptance of the updated policy.