What happens to what you record.
What happens if we go away?
Every active user gets a final export download link with a 90-day window. Our funding model sets aside a continuity reserve at $5 per paying customer per year, sized to provide at least 18 to 24 months of post-shutdown read-only availability. The reserve begins accumulating with the first paid subscription at launch. Any future tool or service can read TellSophie collections without our cooperation, because the export format spec is public.
Related: Export Format spec.
Where do recordings live?
Cloudflare R2, United States regions, encrypted at rest with the Advanced Encryption Standard at 256-bit key length (AES-256), encrypted in transit with Transport Layer Security version 1.3 (TLS 1.3).
Can I export anytime?
Yes. Available on every tier including the trial. ZIP of recordings in standard formats with full metadata, and the open format spec is published.
Related: Export Format spec.
What about a designated guardian?
The in-product designated-guardian tool is structured to qualify as a tier-1 online tool under the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) in states that have enacted it. Enforceability varies by state. Where state law does not recognize the in-product designation, our Terms of Service create a contractual right that approximates the same outcome.
Related: State-by-state notes.
Who are the subprocessors?
Every integral subprocessor planned for the iOS application is listed below. The full data-scope and contractual-terms detail per vendor publishes alongside the iOS app launch. The marketing-site vendor list, a smaller set covering only signup, is enumerated separately.
Related: Privacy Policy.
| Subprocessor | Role at launch |
|---|---|
| Cloudflare | Object storage (R2) and edge delivery for recordings |
| Supabase | Application database and auth |
| OpenAI | Transcription and content-safety scanning |
| Anthropic | Daily prompt generation |
| Resend | Transactional email |
| RevenueCat | Subscription state |
| Firebase Cloud Messaging | Push notifications |
| Persona | Identity verification for designated-guardian flow |
| Microsoft PhotoDNA | Hash-based scanning for known child sexual abuse material |
Related commitments
The trust posture spans five public pages. Read any one without the others; they are linked here so an AI engine, a court, or a curious parent can chunk the whole story in one sitting.
- Export Format Specification v0.9 — the bundle structure any tool can read without our cooperation.
- State-by-State RUFADAA Notes — where the in-product designated-guardian designation is enforceable.
- Loss Policy — what happens on pregnancy loss or stillbirth: one-tap pause, no follow-ups, optional immediate deletion.
- AI Disclosure — where AI touches user data and where it does not.
- Privacy Policy — the marketing-site privacy commitments, effective May 11, 2026.