Privacy

A practical privacy map, not legal fine print.

Privacy principles

This page describes the current product and website behavior in plain language: what stays local, what may leave the device when you choose networked features, and what the public docs site handles.

Local

Audio and transcripts start on your device

The normal Sona workflow is built around local transcription, local editing, and user-controlled export.

Optional

Network features are action-based

AI provider calls, model downloads, updates, backups, and WebDAV sync are tied to features you configure or trigger.

Website

The docs site has limited dynamic surfaces

The site checks GitHub release data for downloads and can offer a protected guide assistant when configured.

Data Flow

What moves where

This table separates Sona desktop actions from public docs-site behavior, so optional network paths are visible before you use them.

Feature	Trigger	Data	Destination	Control
Local transcription	Record or import audio and run local recognition.	Audio or video input, transcript segments, and timestamps.	Your device and the local model runtime.	Keep recognition local; export or share files only when you choose.
Local editing/export	Edit a transcript or export SRT, VTT, TXT, or other files.	Transcript text, timestamps, and any summary or metadata included in the export.	The local workspace and the save location you select.	You choose the export format, save location, and any later sharing.
Model downloads	Download or install speech models.	Model request metadata and network request details.	The configured model or release host.	Manually triggered; downloading models does not require sending audio.
App release downloads/update checks	Open download UI, download a build, or check for updates.	Release metadata requests, plus app, platform, or version information during update checks.	GitHub Releases or the configured update source.	Triggered by download or update actions; you choose whether to install.
LLM polish	Run Polish with a configured provider.	Selected transcript text and task prompt/context.	Your configured LLM provider or local endpoint.	Optional; it stays inactive until you configure and run a provider-backed action.
Translate	Run Translate with a configured provider or service.	Transcript text and language settings.	Your configured translation or LLM provider, or a local endpoint.	Optional; the provider you choose determines the data boundary.
AI summary	Generate a summary.	Transcript text and summary template/context.	Your configured LLM provider or local endpoint.	Optional; generated summaries can be edited or cleared in the app.
Automation	Enable folder watches, presets, or automation runs.	Watched or imported files, transcript text, and workflow export outputs.	The local workspace plus any configured provider or export destination used by the workflow.	Off unless configured; review preset actions and export mode before running.
Backup/restore archive	Export a backup archive or import one back into Sona.	Config, workspace, light history transcripts, summaries, automation state, and dashboard LLM usage. Audio files, onboarding, current project, and recovery state are excluded.	The local archive path you choose.	You choose when to export, where to save, and whether to import an archive later.
WebDAV Cloud Sync	Configure sync and run backup, restore, or sync actions.	Backup archives and sync metadata.	Your configured WebDAV server.	Optional; controlled by your server URL, credentials, and sync actions.
Docs download API	Open the downloads UI or request latest release links.	Public request metadata, request IDs, limited diagnostic logs, and GitHub release lookup results.	The Sona docs API and GitHub Releases.	Used only for download choices and operational diagnostics; no audio, transcript data, cookies, tokens, or full IP addresses are logged.
User guide assistant	Ask the guide assistant after it is enabled.	Your question, short conversation history, locale, current guide page context, and anti-abuse cookie or Turnstile status.	The Sona docs API, Gemini, and Cloudflare Turnstile when challenged.	Optional site feature; server diagnostic logs do not store question text, chat history, cookies, tokens, or full IP addresses.
External GitHub links	Click GitHub, release, or source-code links.	Browser request details such as referrer and IP, handled by GitHub and your browser.	GitHub.	Only happens when you follow the link; GitHub policies apply.

Local transcription

Trigger: Record or import audio and run local recognition.
Data: Audio or video input, transcript segments, and timestamps.
Destination: Your device and the local model runtime.
Control: Keep recognition local; export or share files only when you choose.

Local editing/export

Trigger: Edit a transcript or export SRT, VTT, TXT, or other files.
Data: Transcript text, timestamps, and any summary or metadata included in the export.
Destination: The local workspace and the save location you select.
Control: You choose the export format, save location, and any later sharing.

Model downloads

Trigger: Download or install speech models.
Data: Model request metadata and network request details.
Destination: The configured model or release host.
Control: Manually triggered; downloading models does not require sending audio.

App release downloads/update checks

Trigger: Open download UI, download a build, or check for updates.
Data: Release metadata requests, plus app, platform, or version information during update checks.
Destination: GitHub Releases or the configured update source.
Control: Triggered by download or update actions; you choose whether to install.

LLM polish

Trigger: Run Polish with a configured provider.
Data: Selected transcript text and task prompt/context.
Destination: Your configured LLM provider or local endpoint.
Control: Optional; it stays inactive until you configure and run a provider-backed action.

Translate

Trigger: Run Translate with a configured provider or service.
Data: Transcript text and language settings.
Destination: Your configured translation or LLM provider, or a local endpoint.
Control: Optional; the provider you choose determines the data boundary.

AI summary

Trigger: Generate a summary.
Data: Transcript text and summary template/context.
Destination: Your configured LLM provider or local endpoint.
Control: Optional; generated summaries can be edited or cleared in the app.

Automation

Trigger: Enable folder watches, presets, or automation runs.
Data: Watched or imported files, transcript text, and workflow export outputs.
Destination: The local workspace plus any configured provider or export destination used by the workflow.
Control: Off unless configured; review preset actions and export mode before running.

Backup/restore archive

Trigger: Export a backup archive or import one back into Sona.
Data: Config, workspace, light history transcripts, summaries, automation state, and dashboard LLM usage. Audio files, onboarding, current project, and recovery state are excluded.
Destination: The local archive path you choose.
Control: You choose when to export, where to save, and whether to import an archive later.

WebDAV Cloud Sync

Trigger: Configure sync and run backup, restore, or sync actions.
Data: Backup archives and sync metadata.
Destination: Your configured WebDAV server.
Control: Optional; controlled by your server URL, credentials, and sync actions.

Docs download API

Trigger: Open the downloads UI or request latest release links.
Data: Public request metadata, request IDs, limited diagnostic logs, and GitHub release lookup results.
Destination: The Sona docs API and GitHub Releases.
Control: Used only for download choices and operational diagnostics; no audio, transcript data, cookies, tokens, or full IP addresses are logged.

User guide assistant

Trigger: Ask the guide assistant after it is enabled.
Data: Your question, short conversation history, locale, current guide page context, and anti-abuse cookie or Turnstile status.
Destination: The Sona docs API, Gemini, and Cloudflare Turnstile when challenged.
Control: Optional site feature; server diagnostic logs do not store question text, chat history, cookies, tokens, or full IP addresses.

External GitHub links

Trigger: Click GitHub, release, or source-code links.
Data: Browser request details such as referrer and IP, handled by GitHub and your browser.
Destination: GitHub.
Control: Only happens when you follow the link; GitHub policies apply.

Desktop app data

What stays local by design

Sona is intended for people who want transcript work to happen on their own machine by default. Recording, importing, local recognition, timestamp review, editing, and export are desktop workflows.

Local transcription uses installed models and does not need a Sona cloud transcription account.
Workspace records, light history transcripts, summaries, settings, and backups are managed by the desktop app.
Exported files go where you choose to save or share them.

User-selected sharing

When data may leave your device

Some features are useful because they connect to another service. In those cases, the destination is determined by the feature and provider you chose.

LLM polish, translation, and summary actions may send transcript text to your configured provider.
Model downloads, update checks, and release downloads contact their relevant hosting services.
WebDAV cloud sync uploads or restores backup archives through the server you configure.

Website behavior

What this public site handles

The Sona docs site is separate from the desktop transcript workflow. It serves pages, checks GitHub release metadata for download options, and may enable an AI guide assistant for documentation questions.

The download UI calls `/api/github-release`, which fetches public release metadata from GitHub and returns structured build links.
The guide assistant sends your question, short conversation history, locale, and current guide page context to Gemini when the feature is configured.
The assistant route uses signed anonymous anti-abuse cookies and may show Cloudflare Turnstile after usage thresholds.
Server API logs are structured diagnostics for security events, upstream errors, and slow requests, not client analytics.

Limits

What this page is not claiming

This is a practical product explanation, not a lawyer-reviewed privacy policy or compliance statement. It reflects the current repository shape and should be updated when product behavior changes.

It does not claim that every third-party provider follows the same privacy practices.
It does not replace reading the policies of GitHub, Gemini, Cloudflare, your LLM provider, or your WebDAV host.
It does not add client analytics, persistent user tracking, or a new user-data collection flow.

Prefer the trust summary?

The trust page gives the higher-level view of Sona’s local-first product boundary and site safeguards.

Read Trust Open User Guide