This is a plain-English explanation of what Somonos does with your data. No legalese. If something is unclear, email us and we'll explain it better. Your creative work is yours. We store it so the app works. We don't sell your data. We don't track you across the web. Two features send data to Google's AI for processing — we'll explain exactly when and why below.
When you sign up, we store your email address and a hashed version of your password. We never see the actual password. If you sign in with Google or Apple, we receive your email and a provider ID. We don't get your Google or Apple password, and we don't get access to your other accounts.
→ Email address
→ Hashed password
→ OAuth provider ID
Everything you create in Somonos is stored so you can access it across devices. This includes the content itself plus metadata — things like timestamps, tags, waveform data for audio visualization, and canvas positions for moodboard layouts.
→ Lyrics
→ Voice memos
→ Songs
→ Projects
→ Moodboards
→ Images & video
All of this is protected by row-level security. That means the database itself enforces that only you can read, edit, or delete your own content. Not even we can casually browse it.
Two features in Somonos use Google's Gemini API. We want to be completely transparent about this.
Auto-title for voice memos
Your device → our server → Google Gemini → title comes back
Handwriting scanner
Your device → our server → Google Gemini → extracted text comes back
These features are always triggered by you. Nothing is sent to Google in the background or without your action. Google processes this data under their API terms of service. We don't control how long Google retains it on their end. We don't store any data from these requests beyond the result — the title or the extracted text.
We use HTTP-only cookies to keep you logged in — specifically, cookies for your access token and refresh token. That's it. No tracking cookies. No third-party cookies. No cookie banners because there's nothing to consent to.
We use PostHog to understand how people use Somonos — things like which features are popular, where users get stuck, and whether people come back after signing up. This helps us build a better app.
What PostHog collects: page views, button clicks we explicitly track (like creating a lyric or recording a memo), and basic device info (browser, operating system). Events are sent through our own server — not directly to PostHog — so third-party trackers can't piggyback on them.
What PostHog does not collect: your creative content, your lyrics, your audio, your images. Analytics events only contain action names and metadata (like "lyric created" or "logged in via Google") — never the content itself.
PostHog data is hosted in the EU. We do not sell analytics data or share it with advertisers.
When you contact support, Somonos opens your email app addressed to somonossupport@gmail.com. The draft may include technical context such as your user ID, account email, app version, platform, browser, and device model so we can debug the issue. You can edit or remove that context before sending.
We use Sentry to detect and fix crashes and errors. When something goes wrong in the app, Sentry receives a report containing the error message, a stack trace (which part of the code failed), basic device info (browser, OS, app version), and your user ID so we can investigate if a bug affects your account.
Sentry does not receive your creative content — no lyrics, audio, images, or project data. Error reports contain only technical information about what went wrong. Sentry data is processed in the US under their standard data processing agreement.
✕ Location data
✕ Device fingerprints
✕ Advertising IDs
✕ Payment information
✕ Contact lists
✕ Your creative content
We will never sell your data. To anyone. Ever.
The iOS app asks for two permissions. Neither is used in the background. If you deny either, the rest of the app works fine.
Microphone
For recording voice memos. Only active when you tap record.
Camera
For scanning handwritten lyrics. Only active when you open the scanner.
→ Delete any lyric, memo, song, project, or media at any time
→ Request account deletion through support
→ Change your password or email
→ Export — not available yet, but planned
When you delete content, it's removed from our database. Audio and image files are removed from storage. Account deletion requests are handled through support so destructive account removal can be verified before it is processed.
All data is stored on Supabase, which runs on AWS infrastructure. Your text content lives in a PostgreSQL database. Audio, images, and video are in cloud storage buckets. Nothing is stored on your device beyond the session cookie.
If our data practices change, we'll update this page. For major changes — like adding analytics or a new third-party service — we'll note the date and what changed.
If anything here is unclear or you have concerns about your data, reach out: somonossupport@gmail.com
Last updated April 6, 2026