Privacy Policy

Last updated: April 2, 2026

SonoVault (“we”, “us”, “our”) operates the sonovault.now website and the SonoVault API (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and a hashed password. If you subscribe to a paid plan, our payment processor (Stripe) collects your billing information. We do not store credit card numbers on our servers.

Usage Data

We automatically collect:

• API request metadata (endpoint, timestamp, response status, latency)
• IP address and approximate geographic location
• Browser type and operating system (for website visits)
• Pages visited and referral source

Cookies and Analytics

We use Google Analytics to understand how visitors interact with our website. We use a session cookie to keep you signed in. We do not use advertising cookies or sell data to third parties.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and manage subscriptions
• Enforce rate limits and prevent abuse
• Send transactional emails (account verification, password resets, billing receipts)
• Monitor and improve Service performance and reliability
• Respond to support requests

We do not send marketing emails unless you explicitly opt in. We will never sell, rent, or share your personal information with third parties for their marketing purposes.

3. Data Retention

Account information is retained for the lifetime of your account. API usage logs are retained for 90 days. Aggregated, non-identifying statistics may be retained indefinitely. When you delete your account, we remove your personal information within 30 days, except where retention is required by law.

4. Data Sharing

We share data only with:

• Stripe— for payment processing. Stripe's privacy policy governs their handling of your billing data.
• Infrastructure providers — our servers are hosted by Hetzner in the EU. They process data on our behalf under data processing agreements.
• Google Analytics — for anonymized website analytics.

We may disclose information if required by law, legal process, or to protect the rights, safety, or property of SonoVault or others.

5. Data Security

We use industry-standard security measures including TLS encryption for all data in transit, hashed passwords (bcrypt), API key authentication, and encrypted backups. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your account and personal data
• Export your data in a portable format
• Object to processing of your personal data

To exercise these rights, contact us at support@sonovault.now. We will respond within 30 days.

7. International Data Transfers

Our servers are located in the European Union. If you access the Service from outside the EU, your information may be transferred to, stored, and processed in the EU. By using the Service, you consent to such transfers.

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal information, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy, contact us at support@sonovault.now.