INTRODUCTION

Welcome to Sonautic. At Sonautic Inc., we respect your privacy and are committed to protecting your personal information.

This Privacy Policy explains what data we collect, how we use it, and the rights you have when using the Sonautic mobile application, web platform, and related services (collectively, the "Service").

By using Sonautic, you agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

INFORMATION WE COLLECT

2.1 Account Information

• Email address

• Display name

• Password (encrypted and hashed)

• User role (student or educator)

• Profile image/avatar (optional)

• Authentication tokens

2.2 Profile Information

• Bio (up to 200 characters)

• Cover photo

• Primary instrument

• Social media links (YouTube, SoundCloud, Instagram, TikTok)

2.3 Practice and Productivity Data

• Practice sessions and time tracked

• Tasks, schedules, notes, and goals

• Workspace collaboration data (for example, teacher or bandmate comments)

• Progress stats and history

• Projects and events

2.4 Sheet Music and PDF Data

• PDF files and sheet music you upload

• PDF annotations (drawings, highlights, notes)

• Metadata (file names, upload dates, page counts)

We use this data to:

• Store and organize your music library

• Enable annotation and markup features

• Sync your sheet music across devices

• Facilitate collaboration with teachers and peers

2.5 Audio Data from Music Practice

When you use features that record, upload, or analyze your playing or singing, we collect:

• Audio recordings of your practice sessions

• Derived data such as pitch tracking, timing, tempo, and performance metrics

• Metadata (date, duration, instrument tags, session notes, self-ratings)

We use this data to:

• Provide practice feedback and analytics

• Improve the accuracy of your progress tracking

• Power features like AI-guided practice and performance review

• Help you track improvement over time

We do not sell or publicly share your audio recordings.

2.6 Social and Communication Data

• Social posts, comments, and likes

• Direct messages

• Collaboration and workspace data

2.7 AI Interaction Data

• Prompts and messages you send to the AI practice agent

• AI-generated responses

• Any practice context you link to AI sessions

• Conversation history

This information is stored only as needed to provide the Service and maintain your history.

2.8 Device and Technical Information

• Device model and operating system

• App version

• IP address (for security)

• Crash logs and performance data

• Anonymous usage statistics

2.9 Purchase and Subscription Data

• Subscription status and product type

• Renewal information and purchase history

This data is processed via:

• Apple App Store

• Google Play Store

• RevenueCat (for entitlement validation)

We never see your full payment card details.

2.10 Information Collected Automatically

Device Information

• Device type and model

• Operating system and version

• Unique device identifiers

• App version

Usage Information

• Features used and actions taken

• Time spent in the app

• Practice session frequency and duration

• Interaction with AI features

Log Data

• Access times and dates

• App crashes and error reports

• Performance data

2.11 Information from Third Parties

Authentication Providers

• We may receive basic profile information if you sign in using third-party services.

School or Institution Data

• If your account is associated with an educational institution, we may receive your affiliation from the institution administrator.

HOW WE USE YOUR INFORMATION

We use your information to:

3.1 Provide and Operate the Service

• Create and manage your account

• Process and manage your subscription

• Store and display your content

• Enable practice tracking and analytics

• Facilitate communication with other users

• Sync your data across devices

3.2 Analyze and Improve Your Practice

• Track your practice sessions and improvement over time

• Analyze audio recordings to give feedback and insights

• Provide performance metrics (pitch, timing, tempo)

• Generate progress statistics and history

3.3 Personalize Your Experience

• Customize AI recommendations based on your practice history

• Personalize AI suggestions and practice plans

• Tailor content to your instrument and interests

• Remember your preferences and settings

3.4 Improve the Service

• Analyze usage patterns to enhance features

• Debug and fix technical issues

• Develop new features based on user needs

• Improve reliability, performance, and feature quality

3.5 Communicate with You

• Send service-related announcements

• Respond to your inquiries and support requests

• Send optional notifications such as practice reminders and task deadlines

• Notify you of changes to our terms or policies

• Communicate important updates and support information

3.6 Ensure Safety and Security

• Detect and prevent fraud, abuse, and security threats

• Enforce our Terms and Conditions

• Protect the rights and safety of users

3.7 Legal Compliance

• Comply with applicable laws and regulations

• Respond to legal requests and governmental authorities

• Establish, exercise, or defend legal claims

3.8 What We Do Not Do

• We do not use your audio or personal data to train external third-party models (models not operated by us).

• We do not sell your data.

• We do not sell or publicly share your audio recordings.

HOW WE SHARE YOUR INFORMATION

We do not sell your personal information.

We may share your information in the following circumstances:

4.1 With Your Consent

We share information when you direct us to, such as:

• Making your profile or content public

• Sharing projects with collaborators

• Posting to the community or social features within the Service

4.2 With Service Providers

We rely on trusted third-party service providers to operate and improve the Service. Each provider receives only the minimum data necessary to perform its specific function. The providers and the types of data shared with them are listed below:

• Supabase: Used for authentication, database operations, secure syncing, and file storage. We share account data, content, and files as required for these functions.

• RevenueCat: Used for subscription management and entitlement validation. We share your user ID and subscription status.

• AI services: Used to enable AI-powered practice and related features. We share relevant conversation data and task context necessary for functionality.

• Expo and EAS: Used for app infrastructure, builds, and updates. We share device information and app version details.

• Apple App Store: Used for billing and distribution on iOS devices. We share purchase-related data required for transactions.

• Google Play Store: Used for billing and distribution on Android devices. We share purchase-related data required for transactions.

• Cloud infrastructure providers: Used for hosting, processing, and storage of the Service. Encrypted service data may be stored or processed as part of normal operations.

These providers are contractually bound to protect your information and use it only for the purposes we specify.

4.3 For Legal Purposes

We may disclose your information if required by law or in response to:

• Court orders or subpoenas

• Government requests

• Situations where disclosure is necessary to protect our rights, property, or safety

• Situations where disclosure is necessary to investigate potential violations of our Terms

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have.

4.5 Aggregated or Anonymized Data

We may share aggregated or anonymized data that cannot identify you for research, analytics, or marketing purposes.

DATA SECURITY

We implement industry-standard security measures to protect your information.

5.1 Technical Safeguards

• Encryption in transit (TLS or SSL)

• Encryption at rest for stored data

• Secure password hashing

• Access controls and authentication

• Regular security audits

5.2 Operational Safeguards

• Limited employee access to personal data

• Employee training on data protection

• Incident response procedures

• Regular backup and recovery testing

5.3 Your Responsibilities

• Keep your password secure and confidential.

• Use strong, unique passwords.

• Log out from shared devices.

• Report suspicious activity immediately.

No method of transmission or storage is 100 percent secure. While we strive to protect your information, we cannot guarantee absolute security.

DATA RETENTION AND DELETION

We keep your data only as long as necessary to provide Sonautic or as required by law.

6.1 Retention Periods

• Account information: Until account deletion

• Profile information: Until account deletion

• Practice sessions: 90 days active, then archived

• Audio recordings: Until deleted or account closure

• Sheet music and PDFs: Until deleted or account closure

• AI conversations: Until deleted or account closure

• Files and content: Until deleted or account closure

• Messages: Until deleted or account closure

• Log data: 12 months

• Analytics data: 24 months (aggregated)

6.2 Deletion

When you request account deletion, the following data is deleted or anonymized:

• Practice history

• Audio recordings and derived metrics

• Sheet music and PDF files

• PDF annotations

• AI interactions

• Workspace data

• Account information

Exceptions: We may retain certain billing or legal records as required by law.

When you delete content or your account:

• Content is removed from active systems within 30 days.

• Account data is deleted within 90 days.

• Backups are purged according to our backup retention schedule.

6.3 Archived Data

After the active retention period:

• Practice history may be archived for your reference.

• Archived data is stored securely and accessed only when necessary.

• You can request permanent deletion of archived data.

YOUR PRIVACY RIGHTS

7.1 All Users

Regardless of your location, you have the right to:

• Access: View the personal information we hold about you.

• Correction: Request correction of inaccurate information.

• Deletion: Request deletion of your personal information.

• Portability: Export your data in a portable format.

• Withdraw consent: Withdraw consent for optional data processing.

7.2 European Users (GDPR)

If you are in the European Economic Area (EEA), you have additional rights:

• Right to erasure: Request deletion of your data (the "right to be forgotten").

• Right to restriction: Request limitation of data processing.

• Right to object: Object to processing based on legitimate interests.

• Rights related to automated decision-making: Right not to be subject to solely automated decisions.

Legal basis for processing includes:

• Contract performance (providing the Service)

• Legitimate interests (improving the Service and ensuring security)

• Consent (for optional features and marketing)

• Legal obligations (compliance with laws)

7.3 California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used.

• Request deletion of your personal information.

• Opt out of the sale of personal information (we do not sell your data).

• Be free from discrimination for exercising your privacy rights.

7.4 How to Exercise Your Rights

To exercise your privacy rights:

• Use the in-app settings under Account Settings and Data Management, or

• Email us at privacy@sonautic.io and include your account email and specific request.

We will respond within 30 days or as required by applicable law.

CHILDREN'S PRIVACY

8.1 Age Restrictions

Sonautic is not intended for children under 13 years of age and is rated accordingly. We do not knowingly collect personal information from children under 13.

8.2 Parental Consent

Users between 13 and 18 years old should have parental or guardian consent before using the Service. Parents or guardians can contact us at privacy@sonautic.io regarding their child's data.

8.3 COPPA Compliance

If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly. If you believe we have collected information from a child under 13, please contact us immediately at privacy@sonautic.io.

COOKIES AND TRACKING

9.1 Web Platform

Our web platform uses:

• Essential cookies that are required for basic functionality, such as authentication and preferences.

• Analytics cookies that help us understand how users interact with the Service.

9.2 Mobile App

The mobile app uses:

• Local storage for caching content and preferences (for example, MMKV or AsyncStorage).

• A PDF cache for offline access to sheet music (up to approximately 3 GB, managed automatically).

9.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals, as there is no industry standard for implementation.

THIRD-PARTY LINKS AND SERVICES

Our website or app may contain links to external sites. We are not responsible for the content or privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws.

For users in the EEA, we ensure appropriate safeguards for international transfers through:

• Standard Contractual Clauses approved by the European Commission.

• Data processing agreements with service providers.

• Compliance with applicable data protection frameworks.

CAMERA AND MICROPHONE

12.1 Camera Access

The Service may request camera access for:

• Head tracking page turning and similar hands-free navigation of PDF sheet music.

Camera data for head tracking is:

• Processed locally on your device.

• Not transmitted to our servers.

• Not stored or recorded.

12.2 Microphone Access

The Service may request microphone access for:

• Tuner functionality to detect pitch for instrument tuning.

• Audio recording of practice sessions (optional).

Audio data is:

• Processed locally for tuner functionality.

• Stored only when you choose to record.

• Fully controlled by you, and you may delete recordings at any time.

12.3 Permissions

Camera and microphone permissions are optional. You can deny these permissions and still use core Service features. You can change permissions at any time in your device settings.

AI AND DATA USE

Sonautic uses AI-based models to assist with practice planning, feedback, and productivity.

13.1 How AI Uses Your Data

Our AI features use your data to:

• Generate personalized practice recommendations.

• Analyze task patterns and suggest improvements.

• Provide conversational assistance.

• Personalize recommendations based on audio-derived metrics.

13.2 What Data AI Accesses

• Conversation messages you send to the AI.

• Task and practice session context, when relevant.

• Profile information such as instrument and skill level.

• Audio-derived metrics for personalized recommendations.

13.3 AI Data Protection

• Your prompts and context are processed securely.

• AI interactions are processed by secure, third-party AI services.

• AI logs are not used to train public models.

• Your data is not used to train general AI models without your consent.

• AI conversation history can be deleted at any time.

• You can request deletion of AI interaction history and associated data.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. When we make material changes:

• We will post the updated policy within the Service.

• We will update the "Last Updated" date.

• We may notify you via email or in-app notification.

Your continued use of the Service after changes indicates acceptance of the updated Privacy Policy.

CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Sonautic Inc.

• General and support contact: contact@sonautic.io

• Privacy inquiries and data rights requests: privacy@sonautic.io

• Website: https://sonautic.io

We aim to respond to all privacy-related inquiries within 30 days.

ADDITIONAL INFORMATION FOR SPECIFIC JURISDICTIONS

If you are located in the European Union, the United Kingdom, or California, you may exercise your data protection or privacy rights by contacting us at privacy@sonautic.io. You also have the right to lodge a complaint with your local data protection authority where applicable.

© 2025 Sonautic Inc. All rights reserved.