Privacy Policy

This Privacy Policy applies to information we collect when you access or use Sontairo, including our website, user dashboards, workspaces, AI agents, integrations, APIs, and related support or communications channels (collectively, the "Service").

If you use Sontairo on behalf of a company or workspace, information associated with that workspace may be visible to authorized workspace administrators and members based on the permissions and roles configured in the Service.

Depending on how you use the Service, we may collect the following categories of information:

• account and profile information, such as your name, email address, profile image, password hash, and email verification status;
• workspace, project, and team information, such as workspace names, project names, membership roles, permissions, and related configuration data;
• billing and subscription information, such as plan selection, subscription status, billing period details, and payment-related identifiers from our payment processor;
• prompts, chat messages, instructions, memories, workflow content, tool calls, tool results, approvals, artifacts, and other inputs or outputs you create or generate through the Service;
• connector and integration information, such as connected provider names, scopes, metadata, and encrypted credentials or tokens needed to maintain integrations;
• usage, device, and log data, such as timestamps, IP address where available, session information, security events, audit logs, and operational telemetry needed to run and protect the Service;
• communications and support data, including messages you send to us and, where voice or call-related features are used, call metadata or transcripts processed through those features.

We use information we collect to:

• provide, operate, secure, and maintain the Service;
• authenticate users and manage workspaces, projects, permissions, and subscriptions;
• process prompts, run AI workflows, execute automations, and fulfill your instructions to connected providers and tools;
• prevent fraud, abuse, unauthorized access, and other security issues;
• troubleshoot problems, monitor performance, and improve reliability, safety, and usability;
• communicate with you about your account, billing, product updates, support issues, and legal or policy changes;
• comply with legal obligations, enforce our agreements, and protect our rights, users, and third parties.

We may disclose information in the following circumstances:

• with service providers and subprocessors that help us run the Service, such as authentication, database, hosting, payment, queuing, voice, integration, or infrastructure providers;
• with AI model providers and connector or integration partners when you instruct the Service to send data to them or when that transfer is necessary to complete your request;
• with workspace owners, admins, members, or other authorized users according to your workspace configuration and access controls;
• when required by law, legal process, or a valid governmental request, or when we believe disclosure is necessary to protect rights, safety, property, or security;
• in connection with a merger, financing, acquisition, reorganization, asset sale, or similar corporate transaction, subject to customary confidentiality protections.

We do not disclose your personal information to unrelated third parties for their independent advertising use merely because you use the Service.

The current Service stack may use third-party providers for authentication, billing, model access, connectors, voice features, database hosting, job processing, and operational infrastructure. These may include providers such as Neon Auth, Stripe, Vercel AI Gateway and other model providers you configure or we support, Composio for integrations, Redis/BullMQ infrastructure, and voice-related providers used for receptionist or call features.

If you connect your own external services or provide your own API keys, requests and data you send through Sontairo may be transmitted to those providers according to your instructions and their respective terms and privacy policies.

We use cookies, session mechanisms, and similar local storage technologies to keep you signed in, maintain security, remember workspace or interface preferences, and support product functionality. If you disable cookies or similar storage, some features may not function properly.

We retain information for as long as reasonably necessary to provide the Service, maintain account history, support operations, comply with legal obligations, resolve disputes, enforce agreements, and protect against fraud or abuse. Different categories of data may be retained for different periods depending on their purpose and legal or operational requirements.

Even after deletion requests or account closure, we may keep limited information in backups, logs, or archival systems for a reasonable period where required for security, fraud prevention, compliance, or legitimate operational needs.

We use administrative, technical, and organizational measures designed to protect information we process. For example, certain secrets, connector credentials, and provider tokens are encrypted at rest. However, no method of transmission over the internet or method of storage is completely secure, and we cannot guarantee absolute security.

You may be able to update certain account information directly in the Service. You may also disconnect integrations, remove team members, or close workspaces according to the features available in your account.

If you need assistance with access, correction, deletion, or other privacy-related requests, contact us at legal@sontairo.com. We may need to verify your identity and evaluate the request in light of applicable law, technical limitations, security obligations, and the rights of other users or workspace owners.

Sontairo may be accessed from jurisdictions outside the United States, and data may be processed in the United States or other countries where we or our providers operate. By using the Service, you understand that data protection laws in those jurisdictions may differ from those in your own location.

The Service is not directed to children, and we do not knowingly collect personal information from children in a manner intended to be covered by child-specific privacy laws. If you believe a child has provided us personal information inappropriately, contact us and we will review the request.

We may update this Privacy Policy from time to time to reflect changes in the Service, our practices, legal requirements, or provider relationships. When we do, we will update the "Last updated" date above, and we may provide additional notice where appropriate.

If you have questions about this Privacy Policy or our privacy practices, contact Menchist Holdings at legal@sontairo.com.