Sona

Privacy Policy

Last updated: January 2026

Overview

Sona ("we," "our," or "us") operates the Sona mobile application and this website. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

Information We Collect

When you use Sona, we may collect the following information:

  • Account information — your name, email address, username, and profile photo when you create an account via Sign in with Apple or other authentication methods.
  • Discovery data — information about songs you identify using the app, including song title, artist, and album.
  • Location data — with your permission, we collect your location when you make a discovery. This includes GPS coordinates and nearby venue information. You can choose to skip adding a location to any discovery.
  • User content — notes you add to discoveries, profile information, and any other content you create within the app.
  • Social data — your follow/follower relationships and interactions (likes) with other users' discoveries.
  • Device information — device type, operating system version, and app version for debugging and compatibility purposes.
  • Email address — if you sign up for our waitlist or notifications via our website.

Audio Data

Sona uses Apple's ShazamKit to identify songs playing in your environment. Audio is processed on-device and through Apple's recognition service. We do not store, record, or transmit raw audio data to our servers. Only the identified song metadata (title, artist, album) is saved to your account.

Location Data

Location is a core feature of Sona. When you make a discovery, we use your location to identify nearby venues and provide context for your discovery. Location data is:

  • Only collected when you actively use the discovery feature
  • Pre-filled for convenience but can be changed or removed
  • Stored with your discovery if you choose to include it
  • Used to power location-based features like the Discover map

You can deny location permissions at any time through your device settings. The app will continue to function without location access, though some features will be limited.

How We Use Your Information

  • Provide and improve the Sona app experience
  • Display your discoveries to your followers and on your profile
  • Power location-based discovery features
  • Send push notifications about likes, follows, and other activity
  • Communicate important updates about the service
  • Analyze usage patterns to improve the product (aggregated, not individual)

We will not sell, rent, or share your personal information with third parties for marketing purposes.

Third-Party Services

We use the following third-party services:

  • Apple (ShazamKit) — for audio recognition
  • Apple (Sign in with Apple) — for authentication
  • Supabase — for database and authentication services
  • Songlink/Odesli — for streaming service links
  • Apple MapKit — for map and location services
  • Vercel — for website hosting and analytics

Each of these services has their own privacy policies governing their use of your data.

Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL). We implement appropriate technical measures to protect your data from unauthorized access, alteration, or destruction. All data is transmitted over encrypted connections (HTTPS/TLS).

Your Rights

You have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — delete your account and all associated data from within the app settings
  • Data portability — request your data in a portable format
  • Opt out — disable push notifications or location access at any time

To exercise any of these rights, use the settings within the app or contact us at mark@sonafm.com.

Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data — including your profile, discoveries, social connections, likes, and uploaded photos — is permanently removed from our servers within 30 days.

Aggregated, anonymized data (such as total discovery counts at a venue) may be retained after account deletion, as it cannot be linked back to you.

Account Deletion

You can delete your account at any time from within the app (Settings → Delete Account). This will permanently remove your profile, all discoveries, social connections, and associated data from our servers within 30 days of your request.

Children's Privacy

Sona is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Continued use of Sona after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, please contact us at mark@sonafm.com.