Privacy Policy
Version 1.0 - January 5, 2025
- 1. Data Controller
- 2. Personal Data Collected
- 3. Purposes of Processing
- 4. Legal Basis
- 5. Data Recipients
- 6. Hosting and Transfers
- 7. Retention Period
- 8. Data Security
- 9. User Rights
- 10. Complaint to Authority
- 11. Cookies
- 12. Policy Changes
- 13. Contact
The purpose of this privacy policy is to inform users of the Sonova service about the collection, use, and protection of their personal data, in accordance with Regulation (EU) 2016/679 regarding data protection (GDPR) and applicable French legislation.
1. Data Controller
The controller of personal data processing is:
- Project Name: Sonova
- Legal Status: Structure under creation
- Headquarters Address: To be completed
- Contact: via the form available at Contact Form
Full legal information will be updated upon registration of the structure.
2. Personal Data Collected
As part of using the Sonova service, the following data may be collected:
2.1 Identification Data
- Name, first name (if applicable)
- Email address
- Account credentials
2.2 Technical Data
- IP Address
- Connection logs
- Browser and device information
- Security and audit data
2.3 User Content
- Audio projects
- Associated files (DAW sessions, stems, presets, metadata)
- Comments, annotations, and project-related exchanges
3. Purposes of Processing
Personal data is collected and processed for the following purposes:
- Provide, operate, and improve the Sonova service
- Enable user account creation and management
- Ensure storage, synchronization, and collaboration on projects
- Guarantee security, integrity, and availability of the service
- Prevent abuse, fraudulent use, or illegal behavior
- Comply with legal and regulatory obligations
4. Legal Basis
Data processing is based on the following legal grounds:
- Performance of the contract (Terms) binding the user to Sonova
- User consent (especially for non-essential cookies)
- Compliance with legal obligations
- Legitimate interest of Sonova (security, abuse prevention, service improvement)
5. Data Recipients
Personal data is intended for:
- Authorized members of the Sonova team
- Technical service providers necessary for service operation (hosting, cloud infrastructure, security)
Data is neither sold nor transferred to third parties for commercial purposes.
5.1 Sub-processors (Service Providers)
To provide the service, we use service providers acting as sub-processors (under GDPR), including:
- Hosting / Cloud: OVH – 2 RUE KELLERMANN, 59100 ROUBAIX – Purpose: application server hosting
- Data Storage: AMAZON WEB SERVICES EMEA SARL - 38 AV JOHN F KENNEDY L 1855, 99137 LUXEMBOURG - Purpose: user data hosting encrypted with E2EE
The list may evolve; the up-to-date version is available on the site.
6. Hosting and Transfers
Data is hosted in France at OVH.
If certain providers process data outside the EU (e.g., USA), Sonova implements appropriate guarantees:
- Standard Contractual Clauses (SCC)
- Supplementary measures if necessary (e.g., encryption, access limitation)
The countries concerned and corresponding providers are listed in section 5.1.
7. Retention Period
Personal data is kept only for the duration necessary for the purposes for which it was collected:
- Account data: as long as the account is active
- User content: during the use of the service
- After account deletion: possible recovery for 2 months, then permanent deletion after this period, unless legal obligation requires otherwise
8. Data Security
Sonova implements appropriate technical and organizational measures to protect personal data, including:
- Data encryption
- Access controls
- Regular backups
- Surveillance and intrusion prevention measures
Despite these measures, no absolute security can be guaranteed.
9. User Rights
In accordance with GDPR, every user has the following rights:
- Right of access
- Right to rectification
- Right to erasure
- Right to object
- Right to restriction of processing
- Right to data portability
Requests can be addressed via the contact form: Contact Form
10. Complaint to Authority
In case of unresolved difficulty, the user has the right to lodge a complaint with the competent supervisory authority, notably the CNIL (Commission Nationale de l’Informatique et des Libertés): https://www.cnil.fr
11. Cookies
The Sonova site may use cookies or trackers to:
- Ensure proper service functioning
- Measure audience
- Improve user experience
Upon first visit, a consent banner allows the user to accept, refuse, or configure cookie usage, in accordance with current regulations.
12. Policy Changes
Sonova reserves the right to modify this privacy policy at any time.
Users will be informed of any substantial modification.
13. Contact
For any question regarding this privacy policy or personal data: Contact Form