Privacy Policy
1. Overview
This Privacy Policy explains how Sotto ("we," "us," or "our") collects, uses, and protects information when you use the Sotto desktop application and related services. We believe in minimal data collection — we only collect what is necessary to provide the Service.
2. Information We Collect
| Data type | What it is | Why we collect it |
|---|---|---|
| Account info | Name and email address from your Google account | Identity verification and account management |
| Screenshots | Compressed images captured by you within the app | Sent to a third-party AI provider for analysis; not stored on Sotto servers |
| Audio | Microphone input during transcription sessions | Streamed to a third-party transcription provider; not retained |
| Subscription data | Billing status, subscription tier, renewal dates | Subscription management and access control |
| Usage analytics | Anonymized page-view data via a web analytics provider | Understanding how the website is used; no cross-site tracking |
We do not collect payment card numbers directly. Payment processing is handled by our payment provider, and we receive only billing status and transaction metadata.
3. How We Use Your Information
- To provide, operate, and improve the Service
- To manage your account and subscription
- To communicate with you about your account, billing, or support requests
- To detect and prevent fraud or abuse
- To comply with legal obligations
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
4. Third-Party Processors
Sotto shares data with the following third-party service providers solely to deliver the Service:
- Google — Authentication via OAuth 2.0. Governed by Google's Privacy Policy.
- AI analysis provider — Screenshot data is sent to a third-party AI service for analysis and is subject to that provider's data handling policies.
- Speech transcription provider — Audio streams are sent to a third-party transcription service and are subject to that provider's data handling policies.
- Web analytics provider — Anonymized page-view data is collected to understand how the website is used; no cross-site tracking or fingerprinting is performed.
- Payment processor — Subscription billing. We share your email address and billing metadata; card details are handled directly by the processor.
We require all processors to protect your data in accordance with applicable privacy laws and their own published policies.
5. Data Retention
Screenshots are transmitted to our AI analysis provider and are not stored on Sotto servers. Retention is governed by that provider's data handling policies.
Audio is streamed to our speech transcription provider and is not retained by Sotto. Retention is governed by that provider's policies.
Account information is retained for as long as your account is active. After account deletion, we may retain limited data for up to 90 days for legal, fraud prevention, or backup purposes, then permanently delete it.
6. Data Security
We use industry-standard measures to protect your information, including encrypted storage for credentials (via macOS Keychain) and HTTPS for all data in transit. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
7. Children's Privacy
Sotto is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us and we will promptly delete it.
8. Your Rights
Depending on where you live, you may have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — request that we correct inaccurate information
- Deletion — request that we delete your personal information
- Portability — receive your data in a structured, machine-readable format
- Opt-out of sale — we do not sell personal information, so no opt-out is needed
To exercise any of these rights, email sottosupport@gmail.com. We will respond within 30 days.
9. California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, and the right to non-discrimination for exercising these rights. To submit a CCPA request, contact us at sottosupport@gmail.com.
We do not sell personal information as defined under the CCPA.
10. International Users
Sotto is operated from the United States. If you access the Service from outside the US, your information may be transferred to and processed in the US, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer.
If you are in the European Economic Area (EEA) or UK, our legal basis for processing your personal data is typically contract performance (to provide the Service you signed up for) or your explicit consent. You have the right to lodge a complaint with your local data protection authority.
11. Changes to This Policy
We may update this Privacy Policy periodically. When we do, we will update the "Last updated" date above. For material changes, we will notify you by email or by a notice within the app. Continued use after the effective date constitutes your acceptance of the updated policy.
12. Contact
Questions about this Privacy Policy or your data? Contact us at sottosupport@gmail.com.