Privacy Policy

• Account data: your email and a hashed password (via Better Auth), and your email-verification state.
• Jurisdiction data: your onboarding attestation and a server-side IP-geolocation and sanctions signal used to gate trading.
• Product data: the flows, runs, evidence, watches, and labels you create.
• Billing data: handled by Stripe (email, billing details, country/IP). Card numbers never reach Sonde’s servers.
• Support data: the messages and context you send us.
• Security data: rate-limit and request metadata used to protect the service.

• operate your account and run your guarded flows;
• enforce jurisdiction, sanctions, entitlement, and plan caps;
• process payments and prevent abuse;
• provide support and respond to your requests;
• keep the service secure and meet legal obligations.

Where EU/UK data-protection law applies, we rely on: performance of our contract with you (running the service), our legitimate interests (security and abuse prevention), legal obligations (tax and compliance), and your consent where specifically requested. The applicability of EU/UK scope is pending counsel confirmation.

We share data with the following providers only as needed to run Sonde:

• Vercel — hosting (IP, request metadata, payloads sent to the app).
• Supabase — database (account and product data).
• Better Auth — authentication (account and session data in our database).
• Stripe — checkout and billing (email, billing, payment, country/IP).
• Resend — transactional email (your email address and email content).
• Sentry — error and event monitoring (scrubbed errors and request metadata).
• Upstash — rate limiting (user/IP keys).
• Cloudflare — DNS and security (IP and request metadata).

We do not use analytics, session-replay, or advertising trackers, and no AI/LLM provider receives your data in the current product. If we add any vendor, we will update this list and the Cookie Policy first.

• Run evidence: retained by plan — 18 days (Trial), 90 days (Pro), 365 days (Elite).
• Account and product data: kept until you delete your account.
• Soft-deleted account data: removed within 30 days.
• Sentry events: 30–90 days. Application logs: 30 days.
• Stripe billing records: kept for the legally required tax period.
• Backups: kept on a documented rolling window.

Subject to applicable law, you can request access to or a copy of your data, correction, deletion, and to opt out of any marketing. If EU/UK law applies, you can also complain to your supervisory authority.

To exercise a right, contact us through support; we aim to respond within 30 days. Self-serve export may not be available yet, but the request is handled manually.

When you delete your account, we remove or handle your data across every store we use:

• your Better Auth user and sessions, and your user-owned product rows;
• your delegations, which are revoked;
• your Stripe customer record, handled per billing and tax-retention rules;
• your Resend subscription state and Sentry identifiers, on a best-effort basis;
• your Upstash rate-limit keys where practical.

If any data is soft-deleted first, it is permanently removed within the 30-day sweep window above.

We protect data in transit, enforce ownership server-side so you only ever see your own data, and scrub emails, passwords, tokens, secrets, and payment data from logs and error reports.

Our providers may process data in regions recorded in our data-residency decision. Where required, transfers rely on appropriate safeguards. Exact regions are pending operator/counsel confirmation.

Sonde is not intended for anyone under the age of majority where they live, and we do not knowingly collect their data.

We will revise the “last updated” date whenever this policy, the sub-processor list, or our data flows change.

For privacy questions or to exercise a data right, reach us at [support contact email — operator to confirm] or through the Sonde support page. Privacy-specific requests can also go to [privacy contact email — operator/counsel to confirm].

Sonde is operated by [Sonde operating entity — counsel to confirm]. This page was drafted for review and is pending human/counsel approval before paid launch.