Security & data protection
Real-time AI. Real privacy.
SonicR1 listens in real time — so privacy can't be an afterthought. Here's how your conversations are handled, in plain terms, backed by how the system actually works.
Last reviewed June 2026
- EU data residency
- Encrypted in transit & at rest
- Per-workspace isolation
- PII redacted before AI
- Keys in a separate vault
Full live coaching. No recording kept.
Run SonicR1's real-time sales coach on a live call without recording it. In Ephemeral mode no recording of the call is kept — no audio, transcript, notes or debrief are saved, and the coaching is gone the instant the call ends. Live speech is processed in the moment by our speech-to-text and AI providers to generate the coaching, then discarded; it is never stored.
- No audio stored
- No transcript kept
- No notes persisted
- Gone when the call ends
SonicR1 never stores call audio. Ephemeral is the default; if you'd rather keep a record, switch to AI notes to save a transcript and summary (no recording) for follow-up — with consent, and you choose per call.
EU data residency by default
New workspaces default to EU-only, and EU is the fail-safe on any error. AI requests for EU-region workspaces are processed exclusively in Frankfurt (europe-west3) with EU-only fallbacks — non-EU regions are dropped, never used as a silent fallback. App compute is pinned to Frankfurt (fra1).
Personal data redacted before AI sees it
Personal data is detected and swapped for tokens before any model call — and an egress guard blocks any prompt that isn't redacted.
One tenant can never read another
Per-workspace Row-Level Security, an authorization guard on every privileged route, and cross-tenant isolation tests in CI.
Encrypted, with keys kept apart
Encrypted in transit (TLS) and at rest. Detected PII is stored with AES-256-GCM, and those keys live in a separate vault.
Your data, your call
Consent-gated capture, no call audio stored, configurable retention, and hard deletion per call or workspace.
- Primary AI region
- EU · Frankfurt (europe-west3)
- AI fallbacks
- EU-only (europe-west1 / west4) — non-EU dropped
- App compute region
- Frankfurt (fra1)
- Speech-to-text
- EU endpoints (default)
- Encryption in transit
- TLS (provider-terminated)
- PII value encryption
- AES-256-GCM, keys in a separate vault
Ephemeral (live-only)
Privacy-firstThe default. No recording of the call is kept — no audio, transcript, notes or debrief. Coaching happens live and is gone when the call ends. Live speech is processed transiently to generate coaching, then discarded.
AI notes
SonicR1 never stores call audio. With consent, a transcript and AI summary are saved for your follow-up — no recording.
Practice (self-only)
Your own role-play, kept just for you — no prospect, no third party.
AI transparency
How the AI handles your conversations
Enterprise endpoints, in the EU
Conversations are processed on enterprise AI endpoints in Frankfurt — not consumer API keys.
Not used to train public models
Your calls aren't used to train publicly shared models. The contractual terms are in our DPA.
Redacted before the model
Personal data is detected and tokenized before any AI call.
You stay in control
The rep decides what to say — SonicR1 assists live, it never acts on its own.
Security questions? Reach our team at security@sonicr1.com.
Runs on AWS · Vercel · Supabase · Google Cloud — hosted in the EU (Frankfurt).
Built on SOC 2 / ISO 27001-certified infrastructure (AWS, Vercel, Supabase, Google Cloud).
Need the details for your security review?
We're happy to walk your team through the architecture, and our Data Processing Agreement (DPA) is available on request.