Privacy Policy
What we collect, why, and how long we keep it.
Last updated: 1 July 2026
Privacy at a Glance
| Feature | What happens to your data |
|---|---|
| Article / text content | Processed in memory, never stored on our servers |
| Uploaded photos & PDFs | Processed in memory to extract the text, then discarded — the original file is never stored on our servers |
| Generated audio (free) | Stored locally in your browser only |
| Generated audio (Pro) | Stored and retained on our servers for 90 days so you can listen to them again, then auto-deleted |
| YouTube URLs | Sent to Supadata to fetch the transcript |
| Account email | Stored in Supabase; used for login and billing only |
| Billing | Handled by Stripe; we never see your card number |
| Analytics | Anonymised events via Google Analytics; no article content sent |
| Advertising | None |
| Cookies | Authentication and analytics only; no advertising cookies |
Who We Are
Sornic is operated by Digiwares, based in Bangkok, Thailand. You can reach us at support@sornic.com.
What We Collect
Account information
Email address, authentication provider (magic link or Google OAuth), account creation date, and subscription status. Stored in Supabase.
Listening history
For signed-in users: article title, URL, domain, word count, estimated listen time, voice used, and timestamp. Free accounts store metadata only. Pro accounts also store the generated MP3 file for 90 days, after which it is automatically deleted by a nightly cleanup job.
Billing information
Payments are processed by Stripe. We store your Stripe customer ID, subscription status, and billing period end date. We do not store card numbers or payment details — those stay with Stripe.
Usage counters
Per-user or per-IP counters for rate limiting (e.g. audio generations today, YouTube briefings this month). Stored in Redis and reset automatically on a daily or monthly cycle. IP addresses used for anonymous rate limiting are not stored permanently.
Analytics
We use Google Analytics to understand product usage — which features are used, where users drop off, and conversion funnels. No article content or personal text is sent to GA. URLs submitted by users are anonymised to domain only before any event is logged.
Waitlist emails
If you join a coming-soon feature waitlist, we store your email and the feature you expressed interest in. Used only to notify you when that feature launches.
What We Do Not Collect
- ✓Article and text content — processed in memory, never stored on our servers
- ✓Device identifiers, fingerprints, or location data
- ✓Advertising trackers or cross-site tracking cookies
- ✓Browsing history outside of Sornic
- ✓Your data is never sold or shared with third parties for marketing
Third-Party Processors
To provide the service, your content or data passes through these processors:
OpenAI — Fallback text-to-speech audio generation when the primary voice provider fails. Privacy policy
Google Cloud — Text-to-speech voice generation and OCR processing for photo uploads. Privacy policy
Anthropic — AI summaries and article content cleanup. Privacy policy
Supadata — YouTube transcript extraction. The YouTube URL is sent to retrieve the video transcript. Privacy policy
Firecrawl — Fallback article extraction for JavaScript-heavy or protected sites. Privacy policy
Supabase — User accounts, listening history, and Pro audio file storage. Servers in the US. Privacy policy
Stripe — Payment processing for Pro subscriptions. Privacy policy
Upstash Redis — Rate limit counters. Privacy policy
Vercel — Application hosting and edge functions. Privacy policy
Google Analytics — Usage analytics and conversion events. Article content is not sent. Privacy policy
Data Retention
- —Article content: Processed in memory, discarded immediately after audio is generated
- —Rate limit counters: Reset daily or monthly automatically
- —Pro saved audio files: Deleted after 90 days via automated nightly cleanup
- —Account data and listening history: Retained while your account is active
- —Billing records: Retained as required by Stripe and applicable tax law (typically 7 years)
Chrome Extension
The Sornic Chrome extension sends a page URL to our servers only when you explicitly trigger it (clicking the icon, keyboard shortcut, or context menu). No background browsing data is collected.
- ✓Voice and speed preferences stored locally in Chrome storage, never sent to our servers
- ✓No browsing history collected or monitored
Your Rights
You can request access to, correction of, or deletion of your personal data at any time by emailing support@sornic.com. We will respond within 30 days.
To delete your account: email us and we will remove your account, listening history, and any stored audio files within 30 days. Billing records may be retained longer as required by law. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.
Data Security
All data is transmitted over HTTPS/TLS. Data at rest is encrypted by Supabase and Stripe. Access to production systems is restricted. While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure.
Data Breach Response
In the event of a data breach that poses a risk to your rights, we will notify affected users without undue delay and take steps to contain and remediate the breach.
Children's Privacy
Sornic is not intended for users under the age of 13. We do not knowingly collect personal data from children.
Changes to This Policy
We may update this policy when the product changes. Significant changes will be noted with an updated date at the top of this page. Registered users will be notified by email for material changes.
Contact
Privacy questions? Email support@sornic.com. We aim to respond within 7 business days.