Security & data protection

Real-time AI. Real privacy.

SonicR1 listens in real time — so privacy can't be an afterthought. Here's how your conversations are handled, in plain terms, backed by how the system actually works.

Last reviewed June 2026

  • EU data residency
  • Encrypted in transit & at rest
  • Per-workspace isolation
  • PII redacted before AI
  • Keys in a separate vault
Ephemeral mode

Full live coaching. No recording kept.

Run SonicR1's real-time sales coach on a live call without recording it. In Ephemeral mode no recording of the call is kept — no audio, transcript, notes or debrief are saved, and the coaching is gone the instant the call ends. Live speech is processed in the moment by our speech-to-text and AI providers to generate the coaching, then discarded; it is never stored.

  • No audio stored
  • No transcript kept
  • No notes persisted
  • Gone when the call ends

SonicR1 never stores call audio. Ephemeral is the default; if you'd rather keep a record, switch to AI notes to save a transcript and summary (no recording) for follow-up — with consent, and you choose per call.

Default: EU-only

EU data residency by default

New workspaces default to EU-only, and EU is the fail-safe on any error. AI requests for EU-region workspaces are processed exclusively in Frankfurt (europe-west3) with EU-only fallbacks — non-EU regions are dropped, never used as a silent fallback. App compute is pinned to Frankfurt (fra1).

Pre-egress

Personal data redacted before AI sees it

Personal data is detected and swapped for tokens before any model call — and an egress guard blocks any prompt that isn't redacted.

RLS + CI tests

One tenant can never read another

Per-workspace Row-Level Security, an authorization guard on every privileged route, and cross-tenant isolation tests in CI.

AES-256-GCM

Encrypted, with keys kept apart

Encrypted in transit (TLS) and at rest. Detected PII is stored with AES-256-GCM, and those keys live in a separate vault.

Consent-gated

Your data, your call

Consent-gated capture, no call audio stored, configurable retention, and hard deletion per call or workspace.

spec_readout
Primary AI region
EU · Frankfurt (europe-west3)
AI fallbacks
EU-only (europe-west1 / west4) — non-EU dropped
App compute region
Frankfurt (fra1)
Speech-to-text
EU endpoints (default)
Encryption in transit
TLS (provider-terminated)
PII value encryption
AES-256-GCM, keys in a separate vault
call_handling
  • Ephemeral (live-only)

    Privacy-first

    The default. No recording of the call is kept — no audio, transcript, notes or debrief. Coaching happens live and is gone when the call ends. Live speech is processed transiently to generate coaching, then discarded.

  • AI notes

    SonicR1 never stores call audio. With consent, a transcript and AI summary are saved for your follow-up — no recording.

  • Practice (self-only)

    Your own role-play, kept just for you — no prospect, no third party.

AI transparency

How the AI handles your conversations

Enterprise endpoints, in the EU

Conversations are processed on enterprise AI endpoints in Frankfurt — not consumer API keys.

Not used to train public models

Your calls aren't used to train publicly shared models. The contractual terms are in our DPA.

Redacted before the model

Personal data is detected and tokenized before any AI call.

You stay in control

The rep decides what to say — SonicR1 assists live, it never acts on its own.

Security questions? Reach our team at security@sonicr1.com.

Runs on AWS · Vercel · Supabase · Google Cloud — hosted in the EU (Frankfurt).

Built on SOC 2 / ISO 27001-certified infrastructure (AWS, Vercel, Supabase, Google Cloud).

Need the details for your security review?

We're happy to walk your team through the architecture, and our Data Processing Agreement (DPA) is available on request.