How we protect your data

Before your conversation reaches our coaching AI, we automatically detect and tokenize structured personal data: email addresses, phone numbers, payment-card numbers, IBANs, BICs, postal codes, and URLs.

This runs wherever SonicR1's coaching AI processes your conversation — live coaching in real time and post-call debriefs.

Detected values are replaced with neutral tokens in memory before the request leaves our systems, so the coaching AI receives tokens in place of raw structured personal data.

Your team sees the real values in the product; the coaching model works from tokens.

Identifying values are encrypted at rest with AES-256-GCM. The encryption key is held in an isolated secrets vault, separate from application credentials.

All data is encrypted in transit with TLS 1.3.

Your conversations are never used to train AI models. We use production AI endpoints that do not learn from your data.

You can request erasure of identifying data at any time under GDPR Article 17. We acknowledge within 48 hours and complete within 14 days.

Email privacy@sonicr1.com to start a request.

Retention is configurable per workspace. After the retention window, the tokens generated during analysis can no longer be re-linked to their original values, while aggregate analytics remain available.

Every redaction event is written to an append-only, tamper-evident audit trail that cannot be altered or deleted.

Primary data storage is located in Frankfurt, Germany (eu-central-1). Your data is isolated per organization and never shared across tenants.

See our Privacy Policy and Data Processing Agreement for full detail, or our Security overview for infrastructure and tenancy.