Sonogram - Privacy Policy

PRIVACY POLICY

Sonogram OPC Private Limited
Effective Date: August 1, 2025
Last Updated: August 2025

1. INTRODUCTION

At Sonogram (A Venture of Sonogram OPC Private Limited, hereinafter referred to as "Sonogram," "we," "us," or "our"), we hold your privacy in the highest regard and are committed to protecting your personal information with the same diligence you would protect your most valuable assets.

This Privacy Policy ("Policy") applies to Sonogram.in, our mobile applications, and all related services, products, and materials (collectively, the "Platform" or "Services") operated by Sonogram OPC Private Limited, a company registered under the laws of India with its registered office at New Delhi, India.

We understand that privacy policies can seem tedious, but we strongly encourage you to read this document thoroughly. It outlines:

What information we collect
How we use and protect your information
Your rights regarding your personal data
Our compliance with relevant laws and regulations globally

By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service.

2. DEFINITIONS

For the purposes of this Privacy Policy:

"Personal Data" or "Personal Information" means any information relating to an identified or identifiable natural person
"Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, or deletion
"Data Controller" means Sonogram OPC Private Limited, which determines the purposes and means of Processing Personal Data
"Data Subject" means you, the individual whose Personal Data is being processed
"Podcaster" means content creators who upload audio/video content to our Platform
"Listener" means users who consume content on our Platform
"DPDPA" means the Digital Personal Data Protection Act, 2023 of India
"GDPR" means the General Data Protection Regulation (EU) 2016/679
"Sensitive Personal Data" includes financial information, passwords, biometric data, and health information

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

Account Registration Information:

Full name and display name
Email address
Phone number (optional for two-factor authentication)
Username and password
Date of birth (for age verification)
Country of residence
Language preferences

Profile Information:

Profile picture/avatar
Biography/description
Social media handles
Website URLs
Professional information (for Podcasters)

Payment and Billing Information:

Credit/debit card details (processed through secure payment gateways)
UPI ID (for Indian users)
Billing address
GST/Tax identification numbers
Bank account details (for monetization features)
Transaction history

Content and Communications:

Uploaded podcast content (audio/video files)
Podcast descriptions, titles, and metadata
Comments, reviews, and ratings
Messages sent through our Platform
Support tickets and correspondence
Survey responses and feedback

3.2 Information We Collect Automatically

Device and Technical Information:

IP address and geolocation data
Device type, model, and unique device identifiers
Operating system and version
Browser type and version
Screen resolution and device settings
Mobile network information
App version and SDK version

Usage Information:

Pages visited and features used
Time spent on Platform
Listening/viewing history
Search queries
Click-through rates
Download history
Playlist creation and management
Interaction with advertisements

Analytics Data:

Performance metrics
Crash reports and error logs
A/B testing participation
Heat maps and session recordings (anonymized)
Conversion tracking

3.3 Information from Third Parties

Social Media Platforms:

Profile information when you sign in using Google, Facebook, Apple ID
Contacts (with your permission) for friend recommendations
Public profile information

Third-Party Services:

Payment verification from payment processors
Identity verification from KYC providers
Analytics data from third-party tools
Advertising identifiers from ad networks

3.4 Cookies and Tracking Technologies

We use various tracking technologies including:

Essential Cookies: Session management, Authentication tokens, Security features, Load balancing
Functional Cookies: Language preferences, Playback settings, Volume preferences, Recently played content
Analytics Cookies: Google Analytics, Firebase Analytics, Mixpanel, Custom analytics solutions
Advertising Cookies: Targeted advertising, Retargeting campaigns, Conversion tracking, Attribution modeling

4. HOW WE USE YOUR INFORMATION

4.1 Primary Purposes

Service Provision: Create and manage your account, Provide access to Platform features, Process and deliver content, Enable podcast hosting and distribution, Facilitate monetization features, Process payments and subscriptions
Communication: Send service-related notifications, Respond to inquiries and support requests, Provide customer service, Send administrative messages, Notify about Platform updates and changes
Personalization: Customize content recommendations, Tailor advertising to your interests, Provide location-based services, Personalize user interface, Create custom playlists
Safety and Security: Detect and prevent fraud, Identify and prevent spam, Enforce Terms of Service and Community Guidelines, Investigate suspicious activities, Protect intellectual property rights, Comply with legal obligations

4.2 Secondary Purposes

Analytics and Improvement: Analyze usage patterns, Improve Platform performance, Develop new features, Conduct A/B testing, Generate aggregated insights, Benchmark performance metrics
Marketing: Send promotional communications (with consent), Inform about new features, Share industry news and updates, Conduct market research, Create marketing campaigns
Legal and Compliance: Comply with applicable laws, Respond to legal requests, Establish, exercise, or defend legal claims, Prevent illegal activities, Fulfil tax obligations, Meet regulatory requirements

5. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Economic Area (EEA), UK, and other applicable jurisdictions, we process Personal Data based on:

Consent: Marketing communications, Cookie placement (non-essential), Behavioral advertising, Location services
Contract Performance: Account creation and management, Service delivery, Payment processing, Customer support
Legitimate Interests: Platform security and fraud prevention, Analytics and service improvement, Direct marketing (where applicable), Network and information security
Legal Obligations: Tax reporting, Court orders and legal requests, Regulatory compliance, Age verification
Vital Interests: Emergency situations affecting life or health

6. SHARING YOUR INFORMATION

6.1 We Do Not Sell Personal Information

Sonogram does not sell, rent, or lease your Personal Information to third parties for their independent use.

6.2 Authorized Sharing

We may share your information with:

Service Providers: Cloud hosting providers (AWS, Google Cloud), Payment processors (Razorpay, PayPal, Stripe), Email service providers, Analytics providers, Content delivery networks (CDN), Customer support tools, Security and fraud prevention services
Business Partners: Advertising networks (with consent), Podcast directories and aggregators, Social media platforms (for sharing features), Integration partners
Legal and Compliance: Law enforcement agencies (when legally required), Courts and tribunals, Regulatory authorities, Tax authorities, Legal advisors
Business Transfers: In connection with mergers, acquisitions, or asset sales, During bankruptcy or dissolution proceedings, To potential investors (under confidentiality agreements)
With Your Consent: When you explicitly authorize sharing, Public profile information, Content you choose to make public

7. DATA RETENTION

7.1 Retention Periods

We retain Personal Data for as long as necessary to:

Provide Services to you
Comply with legal obligations
Resolve disputes
Enforce agreements

Specific Retention Periods:

Account information: Duration of account plus 3 years
Payment records: 7 years (tax requirements)
Content: Until deletion requested or account closure
Communications: 2 years from last interaction
Analytics data: 24 months
Marketing preferences: Until withdrawal of consent
Legal holds: As required by authorities

7.2 Deletion Procedures

Upon account deletion:

Personal Data deleted within 30 days
Backups purged within 90 days
Some data retained for legal compliance
Anonymized data may be retained for analytics

8. YOUR RIGHTS

8.1 Rights Under DPDPA (India)

Indian users have the right to:

Access Personal Data we hold
Correct inaccurate Personal Data
Request deletion of Personal Data
Withdraw consent
Nominate a representative
File complaints with Data Protection Board

8.2 Rights Under GDPR (EEA/UK)

European users have the right to:

Access: Obtain copies of your Personal Data
Rectification: Correct inaccurate data
Erasure: Request deletion ("right to be forgotten")
Portability: Receive data in machine-readable format
Restriction: Limit processing in certain circumstances
Object: Oppose processing for direct marketing
Automated Decision-Making: Not be subject to solely automated decisions
Withdraw Consent: Revoke previously given consent

8.3 Rights Under CCPA/CPRA (California)

California residents have the right to:

Know what Personal Information is collected
Know whether Personal Information is sold or disclosed
Say no to the sale of Personal Information
Access Personal Information
Request deletion
Non-discrimination for exercising rights
Correct inaccurate information
Limit use of sensitive personal information

8.4 Exercising Your Rights

To exercise any of these rights:

Email: privacy@sonogram.in
In-app: Settings > Privacy > My Rights
Phone: +91-11-XXXX-XXXX
Mail: Data Protection Officer, Sonogram OPC Private Limited, [Address], New Delhi, India

Response Timeline:

Acknowledgment: Within 48 hours
Resolution: Within 30 days (may extend to 60 days for complex requests)

9. DATA SECURITY

9.1 Security Measures

We implement industry-standard security measures including:

Technical Safeguards: 256-bit SSL/TLS encryption for data in transit, AES-256 encryption for data at rest, Multi-factor authentication options, Regular security audits and penetration testing, Intrusion detection and prevention systems, DDoS protection, Web Application Firewall (WAF)
Organizational Measures: Strict access controls and role-based permissions, Employee training on data protection, Confidentiality agreements with staff, Regular security awareness programs, Incident response procedures, Business continuity planning
Physical Security: Secure data centers with 24/7 monitoring, Biometric access controls, Environmental controls, Redundant power and cooling systems

9.2 Data Breach Notification

In the event of a data breach:

Affected users notified within 72 hours
Regulatory authorities informed as required
Public disclosure if warranted
Remediation measures implemented
Post-incident review conducted

9.3 Your Security Responsibilities

You are responsible for:

Maintaining password confidentiality
Using strong, unique passwords
Enabling two-factor authentication
Reporting suspicious activities
Keeping devices and software updated

10. INTERNATIONAL DATA TRANSFERS

10.1 Cross-Border Transfers

As we expand globally, your data may be transferred to countries outside India, including:

United States (primary servers)
European Union (backup servers)
Singapore (CDN nodes)
Other countries where we operate

10.2 Transfer Safeguards

We ensure appropriate safeguards through:

Standard Contractual Clauses (SCCs)
Adequacy decisions where applicable
Binding Corporate Rules (BCRs)
Privacy Shield principles (where valid)
Consent for specific transfers

10.3 Data Localization

For Indian users:

Sensitive Personal Data stored in India
Payment data processed through local gateways
Government access requests handled per Indian law

11. CHILDREN'S PRIVACY

11.1 Age Restrictions

Platform intended for users 13 years and older

Users under 18 require parental consent in certain jurisdictions

Special restrictions for users 13-16 in the EEA

11.2 Parental Controls

Parents/guardians can:

Request access to child's information
Request deletion of child's account
Withdraw consent for data processing
Set content restrictions

11.3 Protection Measures

Age verification during registration
Content filtering for younger users
Restricted advertising for minors
No behavioral advertising for users under 16
Enhanced privacy defaults for minors

12. THIRD-PARTY SERVICES

12.1 Third-Party Links

Our Platform may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing Personal Information.

12.2 Integrated Services

Analytics Partners:

Google Analytics (privacy policy: analytics.google.com/privacy)
Firebase (privacy policy: firebase.google.com/support/privacy)
Mixpanel (privacy policy: mixpanel.com/legal/privacy-policy)

Advertising Partners:

Google AdMob
Facebook Audience Network
Amazon Advertising

Payment Partners:

Razorpay (Indian payments)
PayPal (International payments)
Stripe (Card processing)

12.3 Social Media Features

When you use social media features:

Information may be shared with social networks
Social networks' privacy policies apply
We may receive information from social networks

13. COOKIES AND TRACKING

13.1 Cookie Management

You can manage cookies through:

Browser settings
Platform cookie preferences
Third-party opt-out tools
Mobile device settings

13.2 Do Not Track

We currently respond to Do Not Track (DNT) signals by:

Limiting tracking for DNT users
Disabling non-essential cookies
Providing alternative privacy controls

13.3 Interest-Based Advertising

To opt-out of interest-based advertising:

Use platform ad preferences
Visit optout.aboutads.info
Use mobile device ad settings
Email privacy@sonogram.in

14. COMMUNICATION PREFERENCES

14.1 Marketing Communications

You can manage marketing preferences:

During registration
In account settings
Via unsubscribe links in emails
By contacting support

14.2 Operational Communications

Certain communications cannot be opted out of:

Account security alerts
Legal notices
Service disruption notifications
Payment confirmations

14.3 Push Notifications

Mobile app notifications can be managed:

In app settings
Through device settings
By notification category

15. DATA PROTECTION OFFICER

mailto:privacy@sonogram.in

Contact Information:

Name: [To be appointed]
Title: Data Protection Officer
Email: dpo@sonogram.in
Phone: +91-11-XXXX-XXXX
Address: Sonogram OPC Private Limited, [Full Address], New Delhi - 110001, India

Responsibilities:

Oversee data protection strategy
Ensure DPDPA and GDPR compliance
Handle data subject requests
Conduct privacy impact assessments
Liaise with regulatory authorities

16. JURISDICTION-SPECIFIC PROVISIONS

16.1 India (DPDPA 2023)

Consent required for processing
Data fiduciary obligations
Significant data fiduciary compliance (if applicable)
Rights of data principals
Cross-border transfer restrictions

16.2 European Union (GDPR)

Lawful basis for processing
Privacy by design and default
Data Protection Impact Assessments
Records of processing activities
One-stop-shop mechanism for complaints

16.3 United States

California (CCPA/CPRA):

"Do Not Sell My Personal Information" rights
Financial incentives disclosure
Sensitive personal information controls

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA):

Similar rights to GDPR
Opt-out of targeted advertising
Profiling restrictions

16.4 Other Jurisdictions

Brazil (LGPD): Similar to GDPR with local nuances
Canada (PIPEDA): Consent and purpose limitation
Australia (Privacy Act): APP compliance
Singapore (PDPA): Consent and notification requirements

17. COMPLIANCE AND AUDITS

17.1 Certifications

We maintain compliance with:

ISO 27001 (Information Security)
SOC 2 Type II
PCI DSS (for payment processing)
Privacy Shield Principles

17.2 Regular Audits

Annual third-party security audits

Quarterly internal compliance reviews

Ongoing vulnerability assessments

Privacy impact assessments for new features

18. CHANGES TO THIS PRIVACY POLICY

18.1 Update Procedures

We may update this Privacy Policy to reflect:

Changes in legal requirements
New features or services
Business practice modifications
User feedback

18.2 Notification Methods

We will notify you of material changes via:

Email to registered address
In-app notifications
Platform banner announcements
Blog posts for significant changes

18.3 Effective Date

Changes effective 30 days after posting

Immediate effect for legal compliance changes

Continued use constitutes acceptance

19. DISPUTE RESOLUTION

19.1 Internal Resolution

First attempt resolution through:

Customer support team
Data Protection Officer
Senior management escalation

19.2 Alternative Dispute Resolution

If internal resolution fails:

Mediation through recognized bodies
Arbitration under Indian Arbitration Act
Online dispute resolution platforms

19.3 Regulatory Complaints

You may file complaints with:

Data Protection Board of India
European Data Protection Authorities
State Attorney Generals (US)
Other relevant authorities

20. GOVERNING LAW

This Privacy Policy is governed by:

Laws of India (primary)
Local laws where Services are provided
International data protection frameworks

Exclusive jurisdiction (subject to statutory rights): Courts of New Delhi, India

Arbitration in New Delhi under ICC rules

21. CONTACT INFORMATION

Sonogram OPC Private Limited

Registered Office: [Complete Address] New Delhi - 110001 India

Contact Details:

General Inquiries: info@sonogram.in
Privacy Concerns: privacy@sonogram.in
Data Protection Officer: dpo@sonogram.in
Legal Department: legal@sonogram.in
Support: help@sonogram.in

Phone:

India: +91-11-XXXX-XXXX (9 AM - 6 PM IST)
International: +91-88003-54883

Online:

Website: www.sonogram.in
Support Portal: support.sonogram.in
Privacy Center: privacy.sonogram.in

22. ACCESSIBILITY

This Privacy Policy is available in:

English (Primary)
Hindi
Other regional languages upon request
Accessible formats for persons with disabilities

23. SEVERABILITY

If any provision of this Privacy Policy is found unenforceable, the remaining provisions shall continue in full force and effect.

24. ENTIRE AGREEMENT

This Privacy Policy, together with our Terms of Service and Cookie Policy, constitutes the entire agreement regarding privacy practices.

Acknowledgment: By using Sonogram's Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Last Review Date: August 2025

Next Review Date: February 2026

Version: 2.0

Sonogram Privacy Policy