What happens to what you record.
What happens if we go away?
Every active user gets a final export download link with a 90-day window. Our funding model sets aside a continuity reserve at $5 per paying customer per year, sized to provide at least 18 to 24 months of post-shutdown read-only availability. The reserve begins accumulating with the first paid subscription at launch. The export format spec is public, and any future tool or service can read TellSophie collections without our cooperation.
Related: Export Format spec.
Where do recordings live?
Cloudflare R2, United States regions, encrypted at rest with the Advanced Encryption Standard at 256-bit key length (AES-256), encrypted in transit with Transport Layer Security version 1.3 (TLS 1.3).
Can I export anytime?
Yes. Available on every tier including the trial. ZIP of recordings in standard formats with full metadata. Open format spec published.
Related: Export Format spec.
What about a designated guardian?
The in-product designated-guardian tool is structured to qualify as a tier-1 “online tool” under the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) in states that have enacted it. Enforceability varies by state. Where state law does not recognize the in-product designation, our Terms of Service create a contractual right that approximates the same outcome.
Related: State-by-state notes.
Who are the subprocessors?
Every integral subprocessor planned for the iOS application is listed below. The full data-scope and contractual-terms detail per vendor publishes alongside the iOS app launch. The marketing-site vendor list (a smaller set covering only signup) is enumerated separately.
Related: Privacy Policy.
| Subprocessor | Role at launch | |---|---| | Cloudflare | Object storage (R2) and edge delivery for recordings | | Supabase | Application database and auth | | OpenAI | Transcription and content-safety scanning | | Anthropic | Daily prompt generation | | Resend | Transactional email | | RevenueCat | Subscription state | | Firebase Cloud Messaging | Push notifications | | Persona | Identity verification for designated-guardian flow | | Microsoft PhotoDNA | Hash-based scanning for known child sexual abuse material |