Cloud Privacy Policy

Last updated: 2026-04-27

This Privacy Policy explains what information the Soniqo Cloud transcription service at cloud.soniqo.audio ("the Service", operated by Soniqo, "we", "us") collects, why we collect it, and how you can manage it.

1. What we collect

Account information

• email address (from sign-up or via a third-party identity provider such as Google or GitHub);
• display name and avatar URL provided by the identity provider, if you use one;
• billing class (free / starter / pro / enterprise);
• API keys you create (stored as one-way Argon2 hashes — we cannot recover the plaintext after creation).

Usage content

• audio files you upload and the transcripts and diarisation results we produce;
• speaker-profile embeddings you register;
• support tickets you open and the messages in those threads.

Operational records

• billing ledger entries (timestamps, amounts, billing class) and usage events (audio-seconds processed, hardware used, cost);
• server-side request logs (timestamp, request ID, route, status code, latency, billing class) without audio or transcript content;
• aggregated metrics (no per-user or per-job labels).

Audio and transcripts do not appear in logs, metrics, or traces; the telemetry collector enforces a redaction step as a safety net.

2. Why we collect it

• To provide the Service — running speech recognition on your audio and returning the result.
• To bill — the ledger and usage events drive your balance and invoices.
• To keep the Service reliable — logs and metrics let us detect outages and reproduce bugs.
• To prevent abuse — rate limits, anomaly detection, and account-level checks.
• Legal compliance — tax records, anti-fraud, response to lawful requests.

3. Subprocessors

The Service relies on a small set of infrastructure providers. As of the date above:

• GPU compute — preemptible GPU containers (e.g. Salad, RunPod) processing audio under our orchestration. Audio is fetched at job start, processed in memory, and the resulting artifact is uploaded to our object store.
• Object storage — encrypted at rest. Used for audio uploads and for transcripts and artifacts.
• Stripe — payment processing. Card details never touch our servers; Stripe stores them under its own privacy policy.
• Identity providers — if you sign in with Google or GitHub, those providers receive an OAuth request. We receive only the profile fields required to identify you (email, name, profile picture URL).
• Discord — if you open a support ticket from the account UI, the ticket subject and message text are mirrored to a private Discord forum thread we use to coordinate replies. The mirror does not include audio, transcripts, or API keys.

4. Your rights

You can:

• view your account data, API keys, and billing history from the account dashboard;
• export your transcripts and speaker profiles via the API;
• correct inaccurate profile information (name, email) directly in the dashboard.

Where applicable law (e.g. GDPR, UK GDPR, CCPA/CPRA) gives you additional rights such as access, portability, restriction of processing, or filing a complaint with a supervisory authority, you may exercise them by opening a support ticket. We will respond within 30 days.

5. International transfers

Service infrastructure is currently located primarily in the United States. By using the Service you understand that data may be processed there. We rely on Standard Contractual Clauses with our subprocessors where required for international transfers.

6. Security

We use TLS for all network traffic, encrypt object storage at rest, store API keys as Argon2 hashes, and segregate production secrets via a sealed-secret pipeline. No system is perfectly secure; if we discover a breach affecting your personal data we will notify you without undue delay.

7. Children

The Service is not directed at children under 13 (or 16 where local law sets that floor). We do not knowingly collect personal data from such users.

8. Changes

We may update this Policy. Material changes will be announced through the account dashboard or by email at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

9. Contact

For privacy questions or to exercise any of the rights above, open a support ticket from your account dashboard.