Privacy Policy

Effective Date: June 15, 2026

SonicR1 — Operated by Ömer Dertlioglu

Kurfürstendamm 96, 10709 Berlin, Germany

legal@sonicr1.com

1. Data Controller

Ömer Dertlioglu SonicR1 Kurfürstendamm 96 10709 Berlin Email: legal@sonicr1.com

2. Types of Data Collected

2.1 Account Data (We are Controller) Email address Password (hashed) Display name Profile picture Company name 2.2 Product Usage Data When processing Customer Content (audio, transcripts, call data), we act as Processor pursuant to a DPA under Art. 28 GDPR and process data solely on behalf of and according to the Customer's instructions as Controller. For our own service analytics (aggregated usage metrics, system logs), we act as Controller. Real-time audio streams (transcribed live, then discarded — no audio recordings are stored) Transcripts Conversation analytics Metadata (timestamps, duration, type, source) User actions and logs 2.3 Technical Data IP address Browser & device information Session cookies for authentication Server logs

3. Purpose of Processing

Authentication & account management Real-time AI co-piloting Transcription & conversation analysis Providing insights & coaching features System monitoring, debugging, stability Fraud prevention & security

4. Legal Basis

Account creation: Art. 6(1)(b) GDPR Processing on behalf (Customer Content): pursuant to a DPA under Art. 28 GDPR; legal basis determined by the Customer as Controller Product analytics: Art. 6(1)(f) GDPR Logging & security: Art. 6(1)(c) and (f) Communication: Art. 6(1)(b)/(f)

5. AI / Audio Processing

5.1 Processing Steps Audio → Transcription by trusted third-party providers Transcript → Analysis by AI/NLP service providers Insights → Storage by cloud infrastructure providers 5.2 No Model Training Usage Data is not used for model improvement.

6. Cookies

We use exclusively: Essential session cookies for authentication No tracking cookies No advertising cookies

7. Data Deletion

Users can delete data themselves Automatic deletion options: 3/6/12/24/36 months Logs: 30 days Aggregated metrics: 1 year Labeled data: 2 years

8. Data Recipients (Subprocessors)

We use carefully selected third-party service providers ("Sub-Processors") for: - Real-time speech-to-text transcription - Artificial intelligence and natural language processing - Cloud hosting and infrastructure - Payment processing (if applicable) These providers process personal data only on our instructions and under data processing agreements that include the processor obligations set out in Art. 28 GDPR. A current list of Sub-Processors is available upon request at: legal@sonicr1.com

9. Third-Country Transfers

Transfers occur exclusively on the basis of: Standard Contractual Clauses (SCC Module 2) Adequate safeguards Transfer Impact Assessments

10. Data Subject Rights

You have the right to: Access (Art. 15) Rectification (Art. 16) Erasure (Art. 17) Restriction (Art. 18) Data portability (Art. 20) Objection (Art. 21) Lodge a complaint with a supervisory authority

11. Contact for Data Protection

Email: legal@sonicr1.com

12. Minors

Use is restricted to persons aged 18 and over.

13. Changes

We reserve the right to adapt this Privacy Policy.