Privacy Policy

Updated as of 05/24/2026

Introduction

Sonoti is committed to protecting your privacy and handling your data lawfully and transparently. This Privacy Policy applies to our website, dashboard, proxy, API, command-line tools, and IDE integrations (collectively, the “Services”). We encourage you to read this Privacy Policy carefully before using any of the Services.

By using Sonoti you agree to the collection, use, and processing of information in accordance with this policy.

Interpretation and Definitions

Interpretation

Words with capitalized initial letters have defined meanings under the following conditions. These definitions have the same meaning regardless of whether they appear in singular or plural forms.

Definitions

For the purposes of this Privacy Policy:

  • Sonoti(referred to as either “We”, “Us”, or “Our” in this Agreement) refers to Sonoti, Inc., located at [registered address].
  • Account means a unique account created for you to access the Services.
  • Workspacemeans the tenant boundary under which your team's configuration, usage, billing, and data are scoped. Everything you send through Sonoti is isolated by Workspace.
  • Affiliatemeans an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.
  • Cookies are small files placed on your device (computer, mobile device, or any other device) by a website, containing details of your browsing history on that website.
  • Country refers to the United States.
  • Customer Data means the prompts, inputs, parameters, and provider responses that you or your applications send through the Sonoti proxy, together with the associated request metadata.
  • Device means any device that can access the service such as a computer, cellphone, or digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the website, dashboard, proxy, API, and integrations.
  • Sub-processor means any natural or legal person who processes data on behalf of Sonoti to help deliver the Services, such as large language model providers, cloud infrastructure, authentication, analytics, and payment processing.
  • Usage Data refers to data collected automatically, generated by the use of the service or from the service infrastructure (e.g., request and token counts, latency, cost, cache hit or miss, routing decisions, and the duration of a page visit).
  • Website refers to sonoti.com, accessible from https://www.sonoti.com.
  • You means the individual accessing or using the service, or the company, or other legal entity on behalf of which such individual is accessing or using the service.

Data Collection and Usage

Personal Data

While using Our Service, We may ask you to provide Us with certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to:

  • Email address
  • First and last name
  • Company or organization and Workspace details
  • Billing and payment information (processed by our payment provider)
  • Usage data
  • Information on how you heard about us

Usage Data

Usage data is collected automatically when using the Service. This may include information such as your device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.

When you route requests through the Sonoti proxy, we also record operational metadata for each request — such as the model requested, token counts, latency, estimated and actual cost, cache hit or miss, and routing decisions — scoped to your Workspace. This metadata powers the optimization and observability features and your billing.

We do not make automated decisions that produce legal or similarly significant effects about you, and we do not use profiling for such purposes.

Customer Data

To provide prompt compression, semantic caching, model routing, and observability, Sonoti processes the requests your applications send to large language model providers and the responses returned. We handle Customer Data as follows:

  • We do not use Customer Data to train, fine-tune, or improve any machine learning model.
  • We do not sell Customer Data or share it for advertising.
  • We do not log the full text of your prompts or completions to our observability pipeline. We record only operational metadata such as token counts, latency, and cost.
  • Where semantic caching is enabled, request and response payloads are stored encrypted, isolated by Workspace, and subject to a configurable time-to-live. They are used only to serve cache hits within that same Workspace.
  • We treat Customer Data as potentially containing personal or sensitive information and protect it with encryption and strict access controls. You are responsible for ensuring you have the rights to send any data through the Services.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies on our website to operate the site, remember your preferences, and analyze traffic. These technologies help us collect information and improve and analyze our Service.

Authentication

Sonoti uses WorkOS AuthKit to authenticate users and manage sessions. When you sign in — by email, single sign-on, or another supported method — we receive basic profile information such as your name and email address. We use this to create and secure your account, associate you with your Workspace, and communicate with you about the Services. We never receive or store your identity provider password.

You may provide your consent to data collection during the account creation process or within your account settings. You can also opt-out or withdraw your consent at any time through your account settings. If you choose not to provide certain types of personal data, you may be unable to access some functionalities of the service.

Analytics

We use privacy-conscious web analytics on our marketing website to understand aggregate traffic and improve the site. Where required, we anonymize IP addresses and honor browser-level opt-out signals.

  • Opt-Out: You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of the Service.
  • Aggregate only: Analytics data is used in aggregate to evaluate site activity and is not used to build advertising profiles of you.

Sharing of Your Data

We may share your information in the following situations:

  • With Sub-processors: To deliver, secure, and analyze the Services and to contact you. We work only with Sub-processors that commit to appropriate data-protection obligations.
    • Large language model providers: when you route a request through Sonoti, we transmit the necessary request data to the provider you have selected, or that our routing logic selects on your behalf, so the request can be fulfilled. Use of your data by those providers is governed by their terms; we configure provider integrations to disable training on your data and to use zero- or limited-retention modes where available.
    • Cloud infrastructure: we host the Services on Amazon Web Services in the United States.
    • Authentication and billing: WorkOS for sign-in and session management, and our payment provider for billing.
  • For Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • With Affiliates: Information may be shared within our family of companies.
  • For Legal Reasons: To comply with applicable law, enforce our terms, or protect the rights, property, and safety of Sonoti, our users, and the public.
  • With Your Consent: We may disclose your personal information for any other purpose with your consent.

Data Retention

We retain your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy. The retention period varies based on the type of data and the purpose for which it is processed. Below is a breakdown of various scenarios and their corresponding data retention periods:

  • Account and Workspace data: retained while your account is active and as needed to provide the Services. After your account is closed, we delete or anonymize it within a reasonable period, unless we are legally required to retain it longer.
  • Request metadata: operational metadata that powers observability, analytics, and billing is retained while your account is active. We may retain aggregated or anonymized metrics for longer.
  • Customer Data payloads: we do not persistently store the full text of prompts or completions in our observability pipeline. Cached payloads are retained only for their configured time-to-live and are then evicted.
  • API keys and secrets: Sonoti credentials are stored only as salted hashes. We never store your provider API keys or Sonoti secret keys in plain text.
  • Inquiries and support: data related to user support inquiries or feedback is kept for a period of 2 years to ensure adequate follow-up and service improvement.
  • Legal requirements: where we are legally required to retain data for a longer period, such as for compliance with tax laws or other legal obligations, we will retain the data for the duration required by law.
  • Storage locations: Personal Data is stored on secure infrastructure located in the United States. We ensure that our storage solutions comply with relevant data protection regulations.
  • Security measures: we implement industry-standard security measures including encryption, access control, and regular security reviews to protect your personal data.

Right to Request Deletion

You have the right to request the deletion of your personal data at any time. Upon your request, we will delete your data unless we are legally required to retain it. You can follow the below procedure to request your data deletion:

  1. Request Submission: Users can request data deletion through their account settings or by contacting our Data Protection Officer at privacy@sonoti.com.
  2. Verification: We will verify the identity of the requester to ensure the legitimacy of the deletion request.
  3. Processing:Upon verification, we will delete the user's personal data from our active databases within 30 days. Data stored in backups will be deleted within 90 days.
  4. Confirmation: A confirmation email will be sent to the user once their data has been successfully deleted.

Data Security

The security of your Personal Data is important to us. We protect it with encryption in transit and at rest, Workspace isolation, least-privilege access controls, and regular security reviews. However, remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure.

We ensure that adequate technical, physical, electronic, and organizational security measures are in place to protect your personal data from unauthorized access. We follow industry-accepted standards to protect personal information sent to us, both during transmission and once we receive it.

Compliance with Local and International Laws

This Privacy Policy is designed to comply with local data protection laws in the United States, including applicable state laws such as the California Consumer Privacy Act, and the European Union's General Data Protection Regulation (GDPR) for our European users. You have the right to be informed about the processing of your personal data (e.g., for what purposes, what type of data, to whom it is communicated, retention periods, and any third-party sources from which it was obtained). We undertake to respect the confidentiality of your Personal Data and to guarantee your rights. You may exercise your rights by contacting us.

As per the applicable data protection laws, Sonoti, Inc. is the data controller responsible for your personal data. You can contact our Data Protection Officer (DPO) at privacy@sonoti.com.

Children's Privacy

Sonoti is a business product and is not directed to children. Our Services are not intended for individuals under the age of 18, and we do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and become aware that your child under the age of 13 has provided us with Personal Data, please contact us.

Links to Other Websites

While we try to include only links to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites. A link does not constitute an endorsement of their website.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Updated as of” date. If significant, updates to our Privacy Policy will be communicated through a direct notification to users via email.

Contact Us

For general inquiries about this Privacy Policy, please contact us at privacy@sonoti.com. For specific queries related to your personal data or to exercise your rights, please contact our Data Protection Officer at the same address.

You can also reach us at our registered address: Sonoti, Inc., 11414 W Nadine Way, Peoria, AZ, 85383.