Effective Date: May 1, 2026
Last Updated: May 1, 2026
Hey Wrist ("we," "us," or "our") builds Sona — an AI chat companion for Apple Watch and iPhone. This Privacy Policy explains what information Sona accesses, how it is processed, who it is shared with, and what controls you have over your data.
In short:Sona does not require an account and never sees your name or email. Your messages are sent to Microsoft Azure OpenAI to generate AI responses. We use Mixpanel for anonymous, opt-out usage analytics, and our own bug-reporting service for crash diagnostics. Conversations, persona memory, streaks, and starred messages are stored only on your device. Apple processes any in-app purchases — we never receive your payment information.
1. Information Sona Accesses on Your Device
1.1 Microphone (Optional)
Sona requests microphone access only when you tap the voice button. Audio is converted to text using Apple's on-device SFSpeechRecognizer framework. On supported devices and locales recognition runs fully on-device; on devices that do not support on-device recognition for your locale, Apple may transmit a short audio snippet to its speech servers (this is governed by Apple's Speech and Keyboard privacy notice). We never receive a copy of the audio. You can revoke microphone access at any time from iOS Settings → Sona.
1.2 Camera and Photo Library (Optional)
On iPhone, Sona requests Camera and Photo Library access only when you tap the image-attach button to share a photo with the AI for vision analysis. The image you attach is sent to Microsoft Azure OpenAI (see Section 2) so the model can describe it. We do not access photos in the background and we do not scan your library.
1.3 Notifications (Optional)
Sona schedules localnotifications for the daily prompt. These run entirely on your device through Apple'sUNUserNotificationCenter. We do not operate a push server; nothing is transmitted to receive a daily prompt.
1.4 Information Sona Does NOT Access
- Your name, email address, phone number, or any account credentials
- Location data
- Contacts, calendar, or health data
- Browsing history or activity outside the app
- Advertising identifiers (we do not use IDFA)
2. AI Processing — Microsoft Azure OpenAI
Sona's AI personas are powered by Microsoft Azure OpenAI Service, hosted in Microsoft Azure cloud regions operated by Microsoft Corporation.
When you send a message, Sona transmits the following to Azure:
- The text of your message
- An attached image, if you chose to attach one
- Recent messages from the same conversation, used as context
- The selected persona's system prompt
- A small set of facts you have explicitly saved as Memory in the app
We do notattach your name, email, device identifier, IP address (beyond what any standard HTTPS request contains), or any account information — we have none of those.
How Azure OpenAI uses this data: per Microsoft's Azure OpenAI data, privacy, and security policy:
- Your prompts and completions are not used to train OpenAI's or Microsoft's foundation models.
- Microsoft may retain prompts and completions for up to 30 days for abuse and misuse monitoring, accessible only to authorized Microsoft personnel under strict access controls. After 30 days they are deleted.
- Data is processed in regions specified by Microsoft for the deployment.
Web access is restricted.Sona's Azure deployment does not give the AI tools the ability to freely browse the open internet. The AI cannot fetch arbitrary URLs, sign into services, or reach out to third-party APIs on your behalf. A small set of personas optionally use Microsoft's curated web grounding to cite up-to-date facts; that grounding is provided by Microsoft and governed by the same Azure terms.
3. Analytics — Mixpanel
Sona uses Mixpanel to understand how the app is used and where to invest engineering effort. The data we send is intentionally minimal:
- An anonymous device identifier derived from Apple's
identifierForVendor(resets when you delete the app from all your devices) - App version, build number, iOS/watchOS version, and device model
- Event names — e.g. "conversation created", "voice opened", "paywall shown", "purchase completed"
- Coarse event properties — persona name, message length (count only, not content), source screen
We never send the content of your messages, AI replies, persona memories, or any personally identifiable information to Mixpanel.
Opt out:Open Sona → Settings → Privacy → turn off "Share anonymous usage". We will stop sending events immediately and Mixpanel will discard your existing anonymous profile.
4. Crash and Bug Reporting — Hey Wrist Bug Reporter
Sona includes our internal bug-reporting SDK that sends crash diagnostics to bug.heywrist.com, a service we operate. In the App Store build it transmits only:
- Crash type and stack trace
- App version and build number
- iOS/watchOS version and device model
- An anonymous installation identifier
Production builds do not capture screenshots, do not capture network logs, and do not associate any tester email with the report. Diagnostic data is retained for up to 90 days and then deleted.
5. In-App Purchases — Apple StoreKit
Sona offers an optional Sona Pro subscription (monthly or yearly) and a one-time Sona Pro Lifetime purchase. All payments are processed by Apple via the App Store using Apple StoreKit.
- We never receive or store your payment-method details, billing address, or Apple ID.
- Apple sends Sona a signed transaction receipt that we use only to verify that you are entitled to Sona Pro features. The receipt is processed on your device using StoreKit 2.
- Restoring a purchase on a new device contacts Apple, not us.
- Subscriptions auto-renew until cancelled. Manage or cancel at any time in iOS Settings → your Apple ID → Subscriptions.
Apple's handling of your payment data is governed by Apple's Privacy Policy.
6. Data Stored Only on Your Device
The following data lives only on your device, in the app's sandboxed UserDefaults storage. It is never uploaded to a server we operate:
- Conversation history (your messages and AI replies)
- Persona memory (facts you ask Sona to remember)
- Streak data and starred messages
- App settings, theme choice, language preference, and notification preferences
- The free-tier daily message counter
7. Apple Watch Integration
Sona's Apple Watch app stores its own copy of conversations and memory in the Watch's sandboxed storage. Data synced between the Apple Watch and iPhone uses Apple's WatchConnectivity framework — a direct, encrypted, device-to-device channel. The Watch does not connect to Microsoft Azure independently for chat — when paired, AI requests are routed through your iPhone; when the Watch is solo (e.g. on cellular), it sends requests using the same Azure deployment described in Section 2.
The Watch does not initiate in-app purchases. If you tap a Pro feature on Watch while on the free tier, the Watch will prompt you to upgrade in Sona on iPhone.
8. No Accounts
Sona has no sign-up, no login, and no user accounts. There are no credentials to lose, reset, or breach. Your purchase entitlement is tied to your Apple ID, which Apple manages.
9. Data Sharing
We do not sell, rent, trade, or share your data with third parties for advertising or marketing purposes.
The only third parties that receive any data from Sona are:
- Microsoft (Azure OpenAI) — to generate AI responses (Section 2)
- Mixpanel — for anonymous usage analytics, opt-out available (Section 3)
- Apple — for in-app purchases and standard App Store telemetry (Section 5)
- Hey Wrist Bug Reporter (operated by us) — for crash diagnostics (Section 4)
10. Your Rights and Controls
- Delete a single conversation: swipe left on the conversation list.
- Delete everything on this device: Settings → Data → "Delete all local data". This wipes conversations, memory, streaks, and starred messages on the iPhone and pushes a wipe to the paired Apple Watch.
- Stop analytics: Settings → Privacy → turn off "Share anonymous usage".
- Cancel Sona Pro: iOS Settings → your Apple ID → Subscriptions → Sona → Cancel.
- Revoke permissions: iOS Settings → Sona → toggle off Microphone, Camera, Photos, or Notifications.
- Delete the app: uninstalling Sona deletes all on-device data permanently.
EU/UK residents have the right under GDPR/UK GDPR to access, correct, or delete personal data, and to object to processing or restrict it. Because we do not collect personally identifiable information, the practical exercise of these rights is achieved through the controls above. If you believe we hold data about you and want to exercise these rights formally, contact us at founder@heywrist.com.
California residents have the right under the CCPA to know, delete, and opt out of the "sale" of personal information. We do not sell personal information.
11. Children's Privacy
Sona is rated 12+ and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has used Sona, contact us and we will help you delete any associated on-device data (although we typically have nothing to delete from our servers because we have no account).
12. International Users
Microsoft Azure OpenAI processes prompts in the Azure region(s) that we deploy to (currently Microsoft's East US 2 region). Mixpanel is operated in the United States. By using Sona you consent to these transfers. Microsoft and Mixpanel rely on Standard Contractual Clauses for cross-border transfers from the EU/UK.
13. Security
All network requests from Sona use HTTPS with certificate validation. The Azure API key embedded in the app is obfuscated to slow casual extraction and is not the same key we use server-side for unrelated services. Apple's app sandbox prevents other apps on your device from reading Sona's on-device storage.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last Updated" date at the top, and where the change materially expands the data we collect we will surface a notice in the app the next time you open it.
15. Contact Us
Questions about this Privacy Policy? Contact us at:
Email: founder@heywrist.com
Developer: Hey Wrist