Privacy policy

Last updated: June 29, 2026

Soniox Inc. (“Soniox,” “we,” “us,” or “our”) provides voice AI services, including speech-to-text, text-to-speech, speech translation, speech generation, voice cloning, speech understanding, APIs, SDKs, documentation, Soniox Console, and related products and services.

This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you use our websites, Soniox Console, APIs, SDKs, documentation, products, and related services (collectively, the “Services”).

This Privacy Policy applies to Soniox’s public website, Soniox Console, self-service accounts, API services, support, billing, and related business interactions. If you use Soniox under a separate written agreement, master services agreement, data processing agreement, business associate agreement, order form, or other written contract, that agreement may contain additional or different privacy and data protection terms. If there is a conflict between this Privacy Policy and a signed written agreement between you and Soniox, the signed written agreement controls to the extent of the conflict.

1. Key privacy commitments

Soniox is built for business and developer use cases where privacy, security, and control over customer data matter.

Our core commitments are:

  • Soniox does not sell Customer Content.
  • Soniox does not sell personal information.
  • Soniox does not use Customer Content to train, fine-tune, evaluate, benchmark, or improve Soniox models or services.
  • Soniox does not store audio, transcripts, input text, generated speech, generated audio, or other Customer Content processed by the Services unless storage is explicitly requested or configured by you, required to provide a requested product feature, or otherwise agreed in writing.
  • Real-time API requests are processed transiently.
  • Soniox performs minimal content-free operational logging for service reliability, billing, debugging, abuse prevention, security, compliance, and service operation.
  • Soniox logs contain only operational metadata such as request IDs, organization IDs, project IDs, timestamps, duration, token counts, status codes, model identifiers, region, feature configuration, latency, usage statistics, error information, and similar technical data.
  • Soniox logs do not contain Customer Content, raw audio, transcripts, translations, text inputs, prompts, context, generated speech, generated audio, or other model inputs or outputs.
  • Customer Content is encrypted in transit.
  • Customer Content stored by supported Services, such as asynchronous API processing where storage is enabled or required, is encrypted at rest.
  • Where regional processing and storage are enabled for a project, Customer Content for that project is processed and stored in the selected region as described in our data residency documentation.

2. Information we collect

We collect different categories of information depending on how you interact with Soniox.

2.1 Account information

When you create or manage a Soniox account, organization, project, or Console profile, we may collect:

  • Name
  • Email address
  • Company or organization name
  • Role or job title
  • Login credentials or authentication information
  • Organization and project settings
  • API key metadata
  • User preferences
  • Account activity and administrative actions
  • Communications with Soniox

2.2 Billing and payment information

When you purchase Services, add a payment method, receive invoices, or interact with billing, we may collect:

  • Billing name
  • Billing address
  • Billing email
  • Company information
  • Tax information
  • Payment status
  • Invoice history
  • Usage and pricing information
  • Transaction metadata

Payment card and bank payment information may be processed by our payment processors. Soniox does not need to store full payment card numbers where payment information is handled by a payment processor.

2.3 Customer Content

“Customer Content” means content that you or your users submit to or generate through the Services, including:

  • Audio
  • Speech
  • Uploaded files
  • Transcripts
  • Translations
  • Text submitted for text-to-speech
  • Generated speech
  • Generated audio
  • Prompts
  • Scripts
  • Context, vocabulary, terms, names, glossaries, domain information, translation preferences, and other custom instructions
  • Speaker labels
  • Language labels
  • Timestamps
  • Voice samples
  • Voice cloning inputs
  • Voice cloning outputs
  • AI-generated outputs
  • Other content submitted to or produced by the Services

Soniox processes Customer Content to provide the Services you request.

Soniox does not use Customer Content to train, fine-tune, evaluate, benchmark, or improve Soniox models or services.

2.4 Usage data and technical metadata

When you use the Services, we may collect content-free operational metadata, including:

  • Request IDs
  • Organization IDs
  • Project IDs
  • API key metadata
  • Model names and model versions
  • Region
  • Feature configuration
  • Processing duration
  • Audio duration
  • Token counts
  • Usage volume
  • Error codes
  • Status codes
  • Latency and performance metrics
  • System events
  • Diagnostic metadata
  • Console activity
  • Login events
  • Security events
  • Billing and quota information

Usage data and technical metadata help us operate, secure, debug, support, monitor, bill for, and improve the reliability of the Services.

Operational logs do not contain Customer Content, raw audio, transcripts, translations, text inputs, prompts, context, generated speech, generated audio, or other model inputs or outputs.

2.5 Website and marketing information

When you visit our website, read documentation, contact us, sign up for updates, or interact with Soniox marketing pages, we may collect:

  • Contact information you provide
  • Company information
  • Website usage information
  • Browser and device information
  • Referring pages
  • Pages viewed
  • Approximate location derived from IP address
  • Cookie and similar technology information
  • Marketing communication preferences

3. How we use information

We use information for the following purposes:

  • To provide, operate, maintain, and secure the Services
  • To process audio, text, transcripts, translations, generated speech, generated audio, voice cloning requests, and other Customer Content as requested by you
  • To create and manage accounts, organizations, projects, API keys, and Console settings
  • To authenticate users and prevent unauthorized access
  • To provide support and respond to requests
  • To process payments, invoices, taxes, usage, credits, and billing
  • To monitor usage, quotas, capacity, performance, reliability, and availability
  • To debug errors and troubleshoot service issues
  • To detect, prevent, and investigate abuse, fraud, security incidents, policy violations, and unlawful activity
  • To comply with law, legal process, and regulatory obligations
  • To enforce our agreements and policies
  • To communicate with you about the Services
  • To provide product, security, administrative, and billing notices
  • To improve the usability, reliability, and security of the Services, without using Customer Content for model training, fine-tuning, evaluation, benchmarking, or model improvement
  • To analyze aggregated or de-identified operational usage trends
  • To send marketing communications where permitted by law and subject to your communication preferences

4. Customer Content and model training

Soniox does not use Customer Content to train, fine-tune, evaluate, benchmark, or improve Soniox models or services.

This applies to audio, transcripts, input text, generated speech, generated audio, translations, prompts, scripts, context, custom vocabulary, glossary terms, speaker labels, language labels, voice samples, voice cloning inputs, voice cloning outputs, and other Customer Content.

Soniox may use content-free operational metadata, aggregated usage statistics, diagnostic information, and de-identified technical data to operate, secure, debug, monitor, bill for, and improve the reliability, safety, and performance of the Services. This operational data does not include Customer Content, raw audio, transcripts, translations, text inputs, prompts, context, generated speech, generated audio, voice samples, voice cloning inputs, voice cloning outputs, or other model inputs or outputs.

5. Retention and deletion

Soniox does not store Customer Content processed by the Services unless storage is explicitly requested or configured by you, required to provide a requested product feature, or otherwise agreed in writing.

Real-time API requests are processed transiently and are not stored by Soniox.

For asynchronous APIs and other Services where storage is enabled or required to provide the requested feature, Customer Content may be stored for the applicable processing, retrieval, retention, and deletion period described in the Services, documentation, Console, or applicable agreement.

Customer Content stored by supported Services is encrypted at rest.

You may delete stored Customer Content through Soniox Console or API where deletion functionality is available. When Customer Content is deleted, it is removed from active systems in accordance with the applicable product functionality and documentation.

Soniox retains content-free operational metadata, usage data, technical metadata, security logs, support communications, billing records, and legal records for as long as reasonably necessary for billing, tax, accounting, security, compliance, dispute resolution, enforcement, debugging, abuse prevention, and service operation.

Backup copies, if any, may be retained for a limited period according to our backup, security, and disaster recovery practices. Backup copies are not used for ordinary processing and are overwritten or deleted according to applicable retention schedules.

6. Data residency

Soniox may offer regional processing and storage options for supported Services.

When data residency is enabled for a project and you use the correct regional API keys and regional API endpoints, Customer Content for that project is processed and stored in the selected region, as described in our data residency documentation.

Data residency applies to Customer Content for the selected project. It may not apply to system data such as account information, organization and project metadata, usage statistics, billing data, security logs, support communications, or other operational metadata, which may be processed outside the selected region.

Available regions, capabilities, endpoints, and requirements may change over time. You are responsible for using the correct regional API keys, project settings, and endpoints for your intended region.

7. Compliance documentation

Soniox makes compliance documentation available through Soniox Console for eligible customers and users, including documentation such as security materials, data processing terms, subprocessors information, and other compliance resources as applicable.

Additional compliance terms, including data processing agreements, business associate agreements, regional terms, security commitments, or enterprise terms, may apply only if separately agreed in writing or made available and accepted through Soniox Console.

8. How we disclose information

We may disclose information in the following circumstances.

8.1 Service providers and subprocessors

We may disclose information to service providers, subprocessors, vendors, and contractors that help us provide, secure, support, operate, bill for, and improve the Services. These may include infrastructure providers, hosting providers, payment processors, analytics providers, email providers, support tools, security tools, and business operations providers.

These providers are authorized to use information only as necessary to provide services to Soniox or as otherwise permitted by applicable law and agreement.

8.2 Customer administrators and organization users

If your account is part of a Soniox organization, information about your account, usage, projects, API keys, roles, settings, logs, billing, or activity may be visible to organization administrators or authorized users.

8.3 Legal compliance and protection

We may disclose information if we believe disclosure is reasonably necessary to:

  • Comply with applicable law, regulation, legal process, or governmental request
  • Enforce our agreements or policies
  • Protect the rights, property, or safety of Soniox, our customers, users, or others
  • Detect, prevent, or investigate fraud, abuse, security incidents, or unlawful activity
  • Respond to emergencies

8.4 Business transfers

If Soniox is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, information may be disclosed or transferred as part of that transaction, subject to appropriate protections.

8.5 With your direction or consent

We may disclose information when you direct us to do so, consent to the disclosure, integrate the Services with a third-party service, or otherwise make information available to third parties through your use of the Services.

9. We do not sell personal information

Soniox does not sell personal information.

Soniox does not sell Customer Content.

Soniox does not sell personal information, sell Customer Content, or share personal information for cross-context behavioral advertising.

10. Cookies and similar technologies

We may use cookies and similar technologies on our website and Console to:

  • Operate the website and Console
  • Authenticate users
  • Maintain sessions
  • Remember preferences
  • Improve usability
  • Understand website usage
  • Protect against fraud and abuse
  • Support analytics and marketing where permitted

You can control cookies through your browser settings. Some features may not work properly if cookies are disabled.

11. Security

Soniox uses technical, organizational, and administrative safeguards designed to protect information from unauthorized access, disclosure, alteration, and destruction.

These safeguards may include:

  • Encryption in transit
  • Encryption at rest for stored Customer Content
  • Access controls
  • Account and project isolation
  • API key-based access controls
  • Logging and monitoring
  • Security reviews
  • Least-privilege access practices
  • Operational controls
  • Incident response procedures

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

You are responsible for securing your own systems, applications, API keys, credentials, devices, networks, prompts, inputs, outputs, users, and integrations.

12. Customer responsibility for end-user data

You are responsible for your applications, products, workflows, and use of the Services.

You are responsible for obtaining all notices, rights, consents, permissions, and legal bases required to submit Customer Content to Soniox and to use outputs generated by the Services.

This includes responsibility for any audio recordings, microphone capture, call recordings, transcripts, translations, generated audio, synthetic speech, voice cloning, automated agents, voice interfaces, end-user disclosures, consent flows, and regulated use cases.

If you process personal information, sensitive information, protected health information, biometric information, children’s information, or other regulated data through the Services, you are responsible for ensuring that your use complies with applicable laws and that you have entered into any required agreements with Soniox.

13. Voice cloning and voice rights

The Services may include voice cloning, synthetic speech, generated voices, generated audio, voice styles, and related capabilities.

You are responsible for ensuring that you have all required rights, permissions, consents, and legal authority to submit, clone, synthesize, imitate, generate, or use any person’s voice, likeness, identity, performance, recording, speech, or other personal attribute.

You may not use the Services to clone, imitate, synthesize, or generate the voice of any person without authorization.

You are responsible for providing any notices, disclosures, labels, and consent mechanisms required by applicable law when end users interact with synthetic speech, cloned voices, generated audio, automated agents, or AI-generated voice systems.

Soniox does not verify that you have obtained the rights, permissions, consents, or legal authority required for your use of voice cloning, synthetic speech, generated audio, voice styles, or submitted recordings.

14. International data transfers

Soniox is based in the United States and may process information in the United States and other countries where Soniox, its affiliates, service providers, or subprocessors operate.

If you use regional processing or storage features, Customer Content for the applicable project is handled according to the selected region and our data residency documentation.

Where required, international transfers of personal information are protected by appropriate safeguards, which may include contractual protections, data processing terms, or other legally recognized transfer mechanisms.

15. GDPR and EEA/UK privacy rights

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have certain rights under applicable data protection laws.

Depending on the circumstances, these rights may include the right to:

  • Access your personal information
  • Correct inaccurate personal information
  • Delete personal information
  • Restrict processing
  • Object to processing
  • Port personal information
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

For account, billing, website, security, and business-contact data, Soniox may act as a controller.

For Customer Content processed through the Services on behalf of a customer, Soniox generally acts as a processor or service provider under the customer’s instructions, unless otherwise stated in a separate agreement. If you are an end user of a Soniox customer, you should contact that customer directly to exercise rights relating to Customer Content.

16. California privacy rights

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

Depending on the circumstances, these rights may include the right to:

  • Know what personal information we collect, use, disclose, or share
  • Access personal information
  • Delete personal information
  • Correct inaccurate personal information
  • Opt out of sale or sharing of personal information
  • Limit use of sensitive personal information where applicable
  • Not be discriminated against for exercising privacy rights

Soniox does not sell personal information and does not sell Customer Content.

To exercise rights, contact us using the information below. We may need to verify your request before responding.

If personal information is processed by Soniox on behalf of a customer, we may direct your request to that customer.

17. Children

The Services are not directed to anyone under the age of 18, and Soniox does not knowingly collect personal information directly from anyone under 18.

Soniox accounts and self-service API access are intended strictly for business users and individuals who are at least 18 years old and legally able to enter into contracts.

If a customer uses the Services to process audio, transcripts, generated audio, voice cloning, or other data involving minors, the customer is solely responsible for obtaining all required consents, notices, permissions, and legal bases.

18. Marketing communications

We may send you administrative, transactional, service, security, and billing communications.

We may also send marketing communications where permitted by law. You can opt out of marketing emails by using the unsubscribe link or contacting us. Even if you opt out of marketing communications, we may still send non-marketing messages related to your account, security, billing, or use of the Services.

19. Third-party services and integrations

The Services may allow you to connect to third-party services, use third-party integrations, or send outputs to external systems. Third-party services are not controlled by Soniox and are governed by their own terms and privacy policies.

You are responsible for reviewing and configuring third-party integrations and for ensuring that any data sharing with third parties complies with applicable law.

20. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice as required by law, which may include posting the updated policy on our website, updating the “Last updated” date, notifying users through Soniox Console, or sending an email.

Your continued use of the Services after an updated Privacy Policy becomes effective means you accept the updated Privacy Policy to the extent permitted by law.

21. Contact us

Soniox Inc. 1045 Helm Lane Foster City, CA 94404 United States

Email: support@soniox.com