Privacy Policy

Last updated: May 26, 2026

Privacy Policy Details

Plain-Language Summary

Soteria is a personal safety tool. Your safety data is sensitive and we treat it that way. Here is what you need to know:

  • Audio recordings are processed on your device by default. They never touch our servers unless you enable cloud backup.
  • Cloud backup is opt-in only and end-to-end encrypted before leaving your device.
  • Emergency contact alerts are sent by email. We do not send SMS or push notifications at this time.
  • We never sell your data. We never share it with third parties. We never use it for advertising.
  • You can delete your data at any time. Auto-delete enforces your chosen retention period.
  • We use OAuth only (Google or Microsoft). We never store passwords.

What Data We Collect

Account Data

When you sign in via Google or Microsoft OAuth, we receive your name, email address, and profile picture from the identity provider. This is used solely to identify your account. We do not store passwords.

Safety Session Data (On-Device)

When you activate a Soteria session, the following data is generated and stored on your device only:

  • Audio recordings
  • Real-time transcriptions
  • GPS location coordinates
  • Session timestamps
  • Cryptographic hashes for evidence integrity

This data does not leave your device unless you explicitly enable cloud backup.

Safety Session Data (Cloud Backup, Opt-In)

If you enable cloud backup (available on Personal tier and above), your session data is encrypted end-to-end on your device before transmission. We cannot read your recordings or transcripts. Cloud backups follow your chosen retention period and are automatically deleted when that period expires.

Emergency Contact Notifications

When Soteria sends alerts to your emergency contacts, the alert is delivered by email. The email includes your current GPS location, alert type, an excerpt of the live transcript (when available), and an authentication link the recipient can use to verify the alert is real. The email is transmitted over TLS and is not retained by Lonia AI after delivery.

Usage Analytics

We may collect anonymized, aggregated usage analytics in the future to improve Soteria. If implemented, this data will contain no personally identifiable information and will not be linkable to individual users or sessions.

What We Do Not Collect

  • Passwords (OAuth-only authentication)
  • Audio content on our servers (unless cloud backup enabled)
  • Contacts list beyond your designated emergency contacts
  • Browsing history
  • Data from other apps on your device

Recording Consent Laws

Soteria is aware of recording consent laws across jurisdictions. In one-party consent states, Full Recording mode is available. In the fourteen all-party consent states, Soteria defaults to Silent Alert mode (GPS tracking and emergency email alerts only, no audio recording). You maintain control over which mode is active at all times.

Duress Protection

If you enable duress protection, you set a secret phrase known only to you. If someone forces you to delete evidence, you can enter the duress phrase. The session will appear deleted to anyone watching, but is preserved in a hidden recovery vault accessible only through a secret URL you control. When duress protection is active, evidence is also automatically uploaded to encrypted cloud backup so it survives device destruction or seizure. This feature is designed for survivors of domestic violence, stalking victims, and anyone whose phone might be checked or controlled by someone who could harm them.

Data Retention

On-device data retention is controlled entirely by you. Cloud backup data follows your chosen retention period and is automatically purged when that period expires. Account data is retained while your account is active. Upon account deletion, all associated data is permanently removed within 30 days.

Your Rights

  • Right to access: View all data associated with your account at any time.
  • Right to deletion: Delete your data at any time. Request full account deletion and all data will be permanently removed.
  • Right to portability: Export your session data in standard formats.
  • Right to correction: Update your account information at any time.

User-Visible Audit Log

Every meaningful action on your Soteria account is logged and visible to you at any time through the audit log in your account settings. This includes session activity, evidence access, account changes, family group events, and security events. The audit log is for you — not us — and uses plain language to describe what happened, when, and from where.

Security

All data in transit is encrypted via TLS. Cloud backup data is end-to-end encrypted. Authentication uses OAuth SSO (Google and Microsoft) with no password storage. Row-level security is enforced on every database table. Audit trails log all significant actions.

Children's Privacy

Soteria is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

Changes to This Policy

We will notify you of material changes via email or in-app notification before they take effect. Continued use of Soteria after changes constitutes acceptance of the updated policy.

Contact

For privacy questions or data requests, contact us at admin@lonia.ai.