Privacy Policy

1. INTRODUCTION

Sona respects your privacy. This Privacy Policy explains how Sona Pets LLC, an Illinois limited liability company (doing business as Sona) ("Sona," "we," "us," or "our") collects, uses, and safeguards your information when you visit sonatags.com, use our Android mobile application, when a physical Sona tag is tapped, or when you interact with optional website features such as iOS interest feedback.

The Services are intended primarily for users in the United States and Canada. If you access Sona from the European Economic Area, United Kingdom, or other regions with comprehensive privacy laws, you do so at your own initiative. We do not currently market the Services to EU/UK residents or represent that we meet all GDPR or UK GDPR requirements (such as EU representative appointment or standardized data-portability workflows). Contact us before using owner features if you need region-specific rights addressed.

2. INFORMATION WE COLLECT

• Account & Profile Information: When you register (including via email/password or third-party sign-in such as Google), we collect your email address, authentication identifiers, optional phone numbers, and pet information you choose to store (names, breeds, weight, medical notes, recovery messages, and photos).
• Fulfillment Data: We collect shipping addresses and order contact email for hardware fulfillment. Payment processing is handled by Stripe; we do not store full credit card numbers.
• Scan, Alert & Location Data: When a tag is tapped, we may record tap events (timestamp, tag reference, and connection metadata). If a finder affirmatively shares location during that tap session and their browser or app grants permission, we may receive geographic coordinates. Those coordinates can be precise (for example, from HTML5 geolocation on a phone), depending on the device and permission granted—not merely a coarse region. If you opt into neighborhood lost-pet alerts, we may store a home-area location you provide to match nearby lost-pet reports.
• Push Notifications: If you enable scan alerts in the app, we store an Expo push token on your profile to deliver notifications to your device.
• Website Feedback (iOS interest): If you submit optional iOS interest feedback on our marketing site, we record your vote (interested or not), a truncated client IP address for duplicate prevention (one vote per IP per 24 hours), and a timestamp. We display aggregated vote counts only—not individual IPs—to other visitors.
• Mobile biometric sign-in (optional): If you turn on biometric sign-in in the Sona mobile app Account settings, your device may use Face ID, Touch ID, or fingerprint to unlock a locally stored sign-in token so you can return after sign-out without retyping your password. Sona does not collect, store, or receive your biometric data— verification happens entirely on your phone through Apple or Google's operating system. You can enable or disable this feature anytime in Account; we store only an encrypted session token on the device, not your password or biometric templates.
• Connection & Anti-Abuse Metadata: We log IP addresses, user-agent strings, and related connection metadata for security, rate limiting, SMS/push routing, and fraud prevention.

How finder location is used. Sona tags have no GPS hardware and we do not continuously track finders, pets, or owners. Location is captured only when a finder chooses to share it during a tap to help reunite a pet—typically a single reading at that moment, not background tracking. We store discrete scan records (including coordinates when shared) so we can notify you and show a map link; we do not build movement trails or sell location history. A finder who scans at home may share coordinates near that address; only share location if you are comfortable the pet owner seeing where you are at scan time.

4. FINDER DISCLOSURE (TAG SCANS)

Sona is designed to facilitate pet recovery. By linking a tag to a pet profile, you acknowledge and agree that when a third party taps your Sona tag, they will be presented with a public webpage displaying only specific information you have authorized: your pet's name, photo, recovery notes intended for finders, and your chosen contact methods. Full, structured medical records remain private and are not displayed on the public finder page. You control what appears on the finder view through in-app settings; Sona is not responsible for information you choose to make public.

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal data. We share data only with trusted service providers under contractual privacy obligations necessary to operate Sona:

• Supabase (secure database and backend hosting)
• Stripe (secure payment processing)
• Google (optional sign-in authentication)
• Expo / Apple / Google push infrastructure (device notifications)
• Twilio (SMS alerts when configured and when finder location is available)
• Resend (transactional email such as shipping notices)
• Vercel and related hosting/CDN providers (website delivery and edge logs)
• Google Maps (links generated for scan locations may route through Google)

Business transfers. If Sona Pets LLC undergoes a merger, acquisition, corporate reorganization, bankruptcy, or sale of all or part of its assets, personal information may be transferred to the acquiring or successor entity as part of the business assets, subject to confidentiality obligations and continued protection consistent with this Policy. We will notify account holders via email or a prominent in-app or website notice before personal information becomes subject to a materially different privacy policy.

6. COOKIES & LOCAL STORAGE

We use strictly necessary cookies and similar technologies to maintain secure sessions (including admin access), remember that you submitted iOS interest feedback (has_voted_ios, HTTP-only, 24 hours), and facilitate Stripe checkout. We do not use invasive third-party advertising cookies. You can control cookies through your browser; disabling them may limit checkout or feedback features.

8. YOUR CHOICES & REGIONAL NOTICES

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of personal information we hold about you, and to object to or restrict certain processing where applicable law provides those rights. Submit requests to the contact email below; we may need to verify your identity before responding. We will not discriminate against you for exercising applicable privacy rights. Because Sona does not sell personal information, we do not offer a separate "Do Not Sell or Share" mechanism.

California (CCPA/CPRA). California residents may request disclosure of categories collected, deletion, and correction as described above. We do not sell or share personal information for cross-context behavioral advertising.

Illinois. Sona Pets LLC is formed in Illinois. Illinois residents receive the same contact and deletion process described above.

EU/UK. As noted in Section 1, we do not currently target the EEA or UK and have not appointed an EU or UK representative. If you believe GDPR or UK GDPR applies to your use, contact us before relying on owner features; we will respond in good faith but may decline requests that are incompatible with our U.S.-focused operations until we formally expand compliance.

9. CHILDREN'S PRIVACY & MINIMUM AGE

Sona owner accounts are for users 18 years of age or older. The Services are not directed at children under 13, and we do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.

Public finder pages (opened by tapping a tag) do not require a Sona account. Care links and owner features remain adult-only. Where app-store laws require age verification or parental consent before a minor downloads an app, those obligations are handled by the marketplace (Google Play or Apple App Store) in addition to our in-app age checks at registration.

10. CONTACT US

For privacy inquiries, contact Sona Pets LLC (d/b/a Sona): support@sonatags.com