Security & Privacy

Everything you need to know about how we protect your data

Privacy Basics

How secure are my thoughts in Sondeas?

Your privacy is our obsession. We've built our entire infrastructure around one core principle: your thoughts belong only to you. Through military-grade encryption, zero-knowledge architecture, and carefully vetted partnerships, we ensure your recordings and notes remain completely private and secure.

How Your Data Flows

Step 1

Your recording is instantly encrypted in your browser

Step 2

Data travels through TLS-encrypted channels

Step 3

Your encrypted privacy password accompanies the data

Step 4

Server processes audio in a secure environment

How is my audio processed?

Your audio is processed in isolated, secure environments. OpenAI converts it to text under a zero-retention policy, meaning all traces of your audio and transcription are immediately deleted after processing.

Encryption & Security

How is my data encrypted?

  • End-to-end encryption using your privacy password
  • Multi-layered encryption for stored data
  • Zero-knowledge architecture - we can't access your data
  • TLS encryption for all data in transit

Can Sondeas access my notes?

No. Our zero-knowledge architecture means even we can't access your notes. Your privacy password, which we never store, is the only key to your data. While this provides unparalleled security, it also means we cannot help recover lost passwords.

Third-Party Services

How do third-party services handle my data?

  • Transcription: Zero retention policy (OpenAI)
  • Translation: 30-day retention for abuse prevention
  • AI Rewrites: 30-day retention for abuse prevention
  • Working towards zero retention for all services

Privacy Password

What happens if I lose my privacy password?

If you lose your privacy password, your data becomes permanently inaccessible. This is not a bug - it's a fundamental security feature. No backdoors exist, ensuring absolute privacy. We recommend storing your password securely and never sharing it.

How is my privacy password protected?

  • Never stored on our servers
  • Multi-layer encryption in your browser
  • 7-day expiration after inactivity
  • Used as encryption key for all content

Common Questions

What happens if someone hacks your servers?

Even if our entire infrastructure is compromised, your data remains inaccessible. Without your privacy password (which we never store), the encrypted data is useless. This isn't marketing speak - it's a fundamental architectural choice that makes it mathematically impossible to decrypt your content.

Be honest - can you really not help if I lose my password?

Absolutely not. This isn't a customer-unfriendly policy - it's a technical impossibility. If we could help recover your password, it would mean our 'unbreakable' security is actually breakable. Your notes would be permanently lost, which is painful but necessary for true privacy.

Do you REALLY not track anything I write?

We use analytics tools that could potentially track everything, including your notes and searches. However, we explicitly configure them to ignore all fields containing sensitive data. You can verify this in your browser's network inspector - no note content or searches are ever sent to analytics providers.

What's the deal with OpenAI and other AI services?

We use OpenAI for transcription with zero retention - they delete everything immediately. For translations and rewrites, there's currently a 30-day retention for abuse prevention. We're pushing for zero retention across all services, but we're being transparent: it's taking time to negotiate with these providers.

Why should I trust you with my private thoughts?

You don't have to trust us - that's the point. We've built a system where your trust isn't required because it's mathematically impossible for us to access your data. Your privacy password never leaves your browser unencrypted, and without it, your data is just random noise, even to us.

Future Security Enhancements

We're constantly improving our security measures. Upcoming features include:

  • Auto-deletion after failed password attempts
  • Zero retention across all third-party services
  • Enhanced encryption options for power users
  • Customizable security policies

Have questions about privacy or security? Our security team is here to help at privacy@sondeas.com