Privacy Policy
Effective Date: June 15, 2026
1. Data Controller
Ömer Dertlioglu SonicR1 Kurfürstendamm 96 10709 Berlin Email: legal@sonicr1.com
2. Types of Data Collected
2.1 Account Data (We are Controller) Email address Password (hashed) Display name Profile picture Company name 2.2 Product Usage Data When processing Customer Content (audio, transcripts, call data), we act as Processor pursuant to a DPA under Art. 28 GDPR and process data solely on behalf of and according to the Customer's instructions as Controller. For our own service analytics (aggregated usage metrics, system logs), we act as Controller. Real-time audio streams (transcribed live, then discarded — no audio recordings are stored) Transcripts Conversation analytics Metadata (timestamps, duration, type, source) User actions and logs 2.3 Technical Data IP address Browser & device information Session cookies for authentication Server logs
3. Purpose of Processing
Authentication & account management Real-time AI co-piloting Transcription & conversation analysis Providing insights & coaching features System monitoring, debugging, stability Fraud prevention & security
4. Legal Basis
Account creation: Art. 6(1)(b) GDPR Processing on behalf (Customer Content): pursuant to a DPA under Art. 28 GDPR; legal basis determined by the Customer as Controller Product analytics: Art. 6(1)(f) GDPR Logging & security: Art. 6(1)(c) and (f) Communication: Art. 6(1)(b)/(f)
5. AI / Audio Processing
5.1 Processing Steps Audio → Transcription by trusted third-party providers Transcript → Analysis by AI/NLP service providers Insights → Storage by cloud infrastructure providers 5.2 No Model Training Usage Data is not used for model improvement.
6. Cookies
We use exclusively: Essential session cookies for authentication No tracking cookies No advertising cookies
7. Data Deletion
Users can delete data themselves Automatic deletion options: 3/6/12/24/36 months Logs: 30 days Aggregated metrics: 1 year Labeled data: 2 years
8. Data Recipients (Subprocessors)
We use carefully selected third-party service providers ("Sub-Processors") for: - Real-time speech-to-text transcription - Artificial intelligence and natural language processing - Cloud hosting and infrastructure - Payment processing (if applicable) These providers process personal data only on our instructions and under data processing agreements that include the processor obligations set out in Art. 28 GDPR. A current list of Sub-Processors is available upon request at: legal@sonicr1.com
9. Third-Country Transfers
Transfers occur exclusively on the basis of: Standard Contractual Clauses (SCC Module 2) Adequate safeguards Transfer Impact Assessments
10. Data Subject Rights
You have the right to: Access (Art. 15) Rectification (Art. 16) Erasure (Art. 17) Restriction (Art. 18) Data portability (Art. 20) Objection (Art. 21) Lodge a complaint with a supervisory authority
11. Contact for Data Protection
Email: legal@sonicr1.com
12. Minors
Use is restricted to persons aged 18 and over.
13. Changes
We reserve the right to adapt this Privacy Policy.