Effective: May 5, 2026
Sonder is a personal place-logging app. We built this policy to be readable. It explains what data Sonder collects, how it's used, who it's shared with, and your rights.
If you have questions, contact us at michaelsong4@gmail.com.
Account information. When you sign up, we collect your phone number (for SMS one-time-password authentication), the username you choose, your first name, an optional bio, and an optional profile photo. Email is optional.
Content you create. Logs (the place, your rating, optional photos, note, tags, visit date, and trip association), trips (name, description, dates, cover photo, collaborators), comments, bookmarks, and saved lists.
Photos. Photos you choose to upload — to your logs, your profile, your trip covers, and share cards — are stored on Cloudflare R2, scoped to your user account. When you grant photo library access, Sonder reads location and date metadata from your camera roll to suggest relevant photos for a place. Sonder does not upload any photos you do not select.
Location. With your permission, Sonder uses your location while you're using the app to center the map and tag your logs. With "Always" permission (which you enable separately and only if you turn on proximity alerts), Sonder uses geofencing to notify you when you're near a place from your Want to Go list. Location data is sent to our servers only when attached to a log you save, never as a continuous stream.
Contacts. If you grant Contacts access, Sonder hashes each phone number (SHA-256) on-device and asks our servers whether any of those hashes match other Sonder users. Raw phone numbers from your contacts are never sent off your device or stored on our servers.
Push notification tokens. When you enable notifications, we receive an Apple Push Notification token used to deliver pushes to your device.
Diagnostics. Sonder uses PostHog to collect anonymized usage events (which screens you visit, which features you use, errors). On a small number of sessions or sessions where errors occur, PostHog records anonymized session replays. All text input (notes, comments, search queries, phone numbers, OTP codes) and all photos are masked from these recordings. You can turn off Diagnostics anytime in Settings → Privacy → Share Diagnostics.
Bug reports. If you submit a bug report through Settings → Support, we collect the description you wrote, your device model, OS version, app version, and account ID.
We don't sell your data. We don't use it for advertising. We don't share it with data brokers.
| Supabase | Account data, content, follow graph (backend database, authentication, storage) |
| Cloudflare R2 | Photos (storage with JWT-validated, per-user-scoped uploads) |
| Google Places | Place lookups (place names, addresses, photos) |
| PostHog | Anonymized event names and error context — no content, no photos. Opt-out in Settings. |
| Apple APNs | Push tokens (notification delivery) |
| Apple MapKit | Map tiles, search queries (map rendering, point-of-interest search) |
Delete your account. Settings → Account → Delete Account. This permanently removes your profile, logs, photos, trips, comments, follows, and bookmarks.
Opt out of diagnostics. Settings → Privacy → Share Diagnostics → off. Stops all PostHog event collection.
Block users. Settings → Blocked Users, or "Block" from any user profile or comment.
Report content. "Report" action on any log, comment, or user profile. We review reports within 24 hours.
Edit your profile. Settings → Edit Profile.
Disable proximity notifications. Settings → Notifications → Nearby Place Alerts.
Sonder is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has signed up, contact us and we will delete the account.
Sonder is operated from the United States. By using Sonder, you consent to your data being processed in the United States.
If we change this policy in a way that materially affects your rights, we will notify you in-app or by push notification. Continued use after the change means you accept it.