Privacy Policy

This Privacy Policy explains how Human Frontier Labs Inc.(“Sontara,” “we,” or “us”) handles personal information when you use sontara.ai, our mobile applications, and related services (the “Service”). We’ve tried to write this in plain English. If anything is unclear, email privacy@sontara.ai.

1. The short version

• We collect what we need to run your account and your AI agents, and nothing more.
• We don’t sell your data, train AI models on your conversations, or run third-party advertising.
• Conversations and files you send through the Service are processed by the AI provider you choose. Their policies apply to that data.
• You can delete your account at any time from inside the app or by emailing us.

2. Information we collect

2.1 Information you give us

• Account information.When you sign in with Google or Apple, we receive your email address and name from your authentication provider. If you sign in with Apple and choose “Hide My Email,” we receive only Apple’s private relay address.
• Subscription information. If you subscribe to a paid plan, we receive a customer reference and subscription status from our payment processor. We do not receive or store your card number, CVC, or full billing address.
• Agent configuration. The names you give your agents, the AI model you choose, the autonomy policy you set, and the channels you connect.
• Channel and integration credentials.When you connect external services (e.g. Telegram, Slack, Discord), you provide tokens or OAuth credentials so your agent can interact with those platforms. We store them in encrypted form and use them only to operate the connections you set up.

2.2 Information generated by your use of the Service

• Conversations and files. Messages between you and your agent, and any files you upload, are stored alongside your agent so it can remember context across sessions.
• Usage metrics.Aggregate metrics about your agent’s activity (such as message counts and tokens consumed) for billing and capacity planning.
• Diagnostic logs. Standard server logs we use for troubleshooting and security. We do not intentionally log message content. Logs are retained for a limited period and then deleted.

2.3 Mobile-app specifics

• On-device data. Your sign-in token is stored in iOS Keychain or Android Keystore (encrypted by the operating system). The app remembers basic UI state.
• Microphone & speech recognition.Voice input is transcribed on your device using your operating system’s built-in speech recognition. Only the resulting text is sent to your agent. We do not upload audio.
• No advertising or analytics SDKs. The mobile app does not embed third-party analytics or ad-tracking.

3. How we use information

We use the information described above to:

• Operate, maintain, and improve the Service;
• Authenticate you and protect your account;
• Process payments and manage subscriptions;
• Provide your agent with the credentials it needs to talk to channels and AI providers you have connected;
• Detect, investigate, and prevent fraud, abuse, and security incidents;
• Communicate with you about service updates, billing issues, and support requests;
• Comply with legal obligations and enforce our Terms of Service.

We do not use your conversations, files, or agent memory to train AI models, profile you for advertising, or share with data brokers.

4. Service providers

We engage third parties to help operate the Service. Their roles fall into a small number of categories:

• Authentication. A third-party identity provider handles sign-in (Apple, Google) and session management.
• Payments. A PCI-compliant payment processor handles all card data and billing. We never see card numbers.
• Cloud infrastructure.Reputable cloud providers host our application, database, and your agent’s runtime environment. All data is encrypted in transit and at rest.
• AI inference.Your conversations are sent to the AI provider your agent is configured to use. You can choose between Sontara-managed inference and bringing your own API key. The chosen provider’s privacy policy applies to the data they process.

We bind each provider by contract to confidentiality and appropriate security. A current list of subprocessors with specifics is available to enterprise customers, regulators, and auditors on request via privacy@sontara.ai.

5. International data transfers

Sontara is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other jurisdictions where our service providers operate. By using the Service, you consent to this transfer.

6. Data retention

We retain personal information for as long as your account is active or as needed to provide the Service. After you delete your account, we delete or anonymize your information within a reasonable period, except where we are required to retain it for legal, tax, accounting, or fraud-prevention purposes (for example, payment records may be retained by our payment processor for several years to satisfy tax and PCI compliance obligations).

7. Your rights

Regardless of where you live, you can:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account from inside the app or by emailing us.
• Export your data on request.
• Object or restrict certain processing where applicable law gives you that right.

European Economic Area, United Kingdom, and Swiss residents have additional rights under the GDPR (and UK equivalent), including the right to lodge a complaint with your data-protection authority. California residents have rights under the CCPA / CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of the “sale” or “sharing” of personal information — we do neither.

To exercise any right, email privacy@sontara.ai. We may ask you to verify your identity before fulfilling certain requests.

8. Children

Sontara is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact privacy@sontara.ai and we will delete it.

9. Security

We use industry-standard practices to protect your information, including encryption in transit and at rest, isolation of your agent’s runtime from other customers’, access controls on internal systems, and the principle of least privilege for engineering access. No system is perfectly secure; if you become aware of a vulnerability, please report it to privacy@sontara.ai.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or in-app notice and update the “Last updated” date above. Continued use of the Service after a change indicates your acceptance.

11. Contact

Questions, concerns, or requests under this policy should go to privacy@sontara.ai.

Human Frontier Labs Inc., a Delaware corporation.