Privacy Policy

SonderSpot OÜ ("we", "us", "our") operates the Sidekick mobile application ("Sidekick" or the "Service"). This policy describes how we collect, use, and protect your information when you use Sidekick.

1. Information We Collect

• Account information: If you create an account, we receive your name and email address as provided by your sign-in method. Guest use does not collect personal account information.
• Conversations and prompts: Text you enter in chats, prompts for image generation, voice transcriptions, scanned document text, and web search queries are transmitted to third-party AI providers to produce responses. Conversation history is stored locally on your device.
• Usage data: Basic event data (feature usage, screen views, session duration) collected through analytics SDKs to help us improve Sidekick.
• Subscription data: If you purchase a subscription, your anonymous user identifier is passed to RevenueCat for entitlement management. We do not receive or store payment details.

2. How We Use Your Information

• To provide and deliver Sidekick's AI-powered features (chat, image generation, voice mode, OCR, web search, writing tools).
• To manage accounts, subscriptions, and entitlements.
• To monitor service health, diagnose issues, and improve the app.

3. AI-Powered Features and Your Consent

Before any data is sent to a third-party AI provider, Sidekick shows an in-app consent sheet that explains what will be sent and who will receive it. Data is only transmitted after you explicitly grant permission, and you can revoke that permission at any time from the app's Settings.

Data Sent to AI Providers

• Chat messages — text you type in conversations
• Image generation prompts — text descriptions you provide to create images
• Voice transcriptions — text converted from voice input
• Document and photo text — text extracted from scanned documents or photos via OCR
• Web search queries — search terms you enter

Third-Party AI Providers

Sidekick uses the following providers to deliver AI features. The provider that processes a given request depends on the model you select in the app:

• OpenAI — GPT models, image generation, voice transcription (subject to OpenAI's Privacy Policy)
• Anthropic — Claude models (subject to Anthropic's Privacy Policy)
• Tavily — web search results for the web search feature

Your data is not used to train AI models. All provider traffic is routed server-side through a Cloudflare Worker proxy we operate, so API credentials are never exposed to the app.

4. Data Storage and Retention

Conversations and message history are stored locally on your device in an on-device database. You can delete individual conversations or clear all data at any time from within the app.

Third-party AI providers may retain transmitted data in accordance with their own retention policies. OpenAI's API data retention policy, for example, holds API data for up to 30 days for abuse monitoring before deletion.

5. Analytics

We use PostHog to capture anonymous usage data — screen views, feature interactions, and session metadata — to understand how Sidekick is used and to improve it. PostHog data does not include the content of your conversations or prompts.

6. Service Providers

We rely on the following third parties to operate Sidekick. Each is contractually required to protect your data and use it only to deliver their portion of the Service:

• OpenAI, Anthropic, Tavily — AI and search providers (see Section 3)
• RevenueCat — subscription management
• PostHog — product analytics
• Cloudflare — secure API proxy and edge delivery
• Apple — App Store, authentication, and platform services

7. Security

All communication between Sidekick and our backend uses TLS encryption. Authentication tokens are stored on-device in the iOS Keychain. While we apply commercially reasonable safeguards, no method of transmission or storage is ever 100% secure.

8. Children's Privacy

Sidekick is not directed at persons under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us and we will delete it.

9. Your Rights and Data Deletion

You can delete your conversations and locally stored data at any time from within the app. To request deletion of any other personal information associated with your account, please contact us.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of Sidekick after an update constitutes acceptance of the revised policy.

11. Governing Law

This policy is governed by the laws of the Republic of Estonia.

12. Contact Us

If you have questions about this policy, please contact us.