Trust
Local first, explicit when networked.
Product trust principles
Sona is built around a simple boundary: transcription starts on your own machine, and networked features should be visible, optional, and tied to the action you asked for.
Default
Transcription runs on-device
Speech recognition is designed around local Sherpa-onnx models instead of sending audio to a hosted transcription service by default.
Choice
AI assistance is optional
Polish, translation, and summary features depend on the provider you configure. If you do not configure them, the local transcript workflow still works.
Site
No ad tracking in this repo
The current docs site code does not include analytics or advertising trackers; server API logs are limited to security, error, and slow-request diagnostics.
01
Desktop app
The core workflow stays close to the device
Sona is a desktop transcript editor. The primary path is recording or importing audio, transcribing it with local models, reviewing timestamps, editing text, and exporting files from the app.
- Local transcription does not require a Sona-hosted speech service.
- Model downloads and app updates may contact external release or model hosts when you ask for them.
- Backups, restores, and WebDAV sync are controlled from the app and should be treated as user-selected data movement.
02
Optional AI
Provider-backed features follow your configuration
Sona can call configured LLM or translation providers for polish, translation, and summaries. Those features are separate from local transcription and depend on the provider settings you enter.
- Transcript text can be sent to the provider you choose when you run an AI action.
- Provider credentials and behavior are managed in the desktop app settings, not by the public docs site.
- If you use a local provider such as a local model server, the data boundary depends on that provider endpoint.
03
Transparency
Open source keeps the claims inspectable
Sona and this docs site are built in public. That makes the product flow, website routes, release handling, and current anti-abuse controls reviewable from the repository.
- Downloads are pulled from GitHub Releases, and the site exposes the release source instead of hiding it behind a custom installer flow.
- The docs assistant is only enabled when the required Gemini and abuse-protection environment variables are configured.
- Security headers and same-site checks are part of the current site implementation, with stronger traffic controls recommended at the edge.
Want the data-flow version?
The privacy page explains what the desktop app and this website do with data in more direct operational terms.