Somar

Legal

Privacy Policy

Version 2026-07-12 · Last updated 12 July 2026 · Terms of Service · Cookie Policy

The short version. We collect your account details and the content you create so Somar can work and sync across your devices. Your content is sent to our AI provider only to generate the responses you ask for — never to train their models. We never sell your data. Anything you publish as a site is public; anything you share is visible to the people you share it with. You can delete your account, and everything with it, at any time from Settings.

1. Who we are

Somar ("Somar", "we", "us", "our") provides an AI-powered connected workspace — apps, agents, publishing tools and the websites trysomar.com and sites.trysomar.com (together, the "Service"). This policy explains what personal information we collect, why, who can see it, and the choices you have. By creating an account you acknowledge this policy; using the Service is also subject to our Terms of Service.

Contact for anything privacy-related: [email protected].

2. Information we collect

Account information

  • Identity — your email address and name, received from Sign in with Apple or Google when you create your account, plus the display name you choose during onboarding and an optional avatar.
  • Plan and settings — your subscription plan, language, and preferences.
  • Consent record — the version of the Terms and this policy you accepted, and when, so we can prove your agreement and tell you when they change.

Your content

  • Workspace content — pages, notebooks, tasks, chats and messages, comments, reminders, and the structure of your workspaces and teamspaces.
  • Files and media — documents, images, PDFs and audio you upload or import (including via the share extension), text we extract from them so search and AI features work, and audio/video the Service generates for you.
  • Published sites — the pages you choose to publish, their settings, and aggregate view counts.

Usage and device information

  • Ticket metering — how many AI "tickets" you use, so plans and limits work and you can see your own usage history.
  • Push token — a device token so we can deliver notifications you've asked for (reminders, comments, agent results).
  • Product analytics — a small set of app events (such as app opened, signed in, subscription purchased) tied to your account ID. We use no advertising identifiers and no cross-app tracking. Analytics may be switched off entirely in some builds.

Optional data you can switch on

  • Location — only if you enable a Maps connector, we capture your approximate position once per request to give the agent local context. Deny or revoke location permission at any time in iOS Settings.
  • Camera, microphone and photos — only when you attach a photo or record audio; recordings are transcribed to text to be used in your workspace.
  • Connected services — if you connect Gmail, Google Drive, Google Calendar, Outlook, Dropbox, SharePoint, Microsoft Teams or a custom MCP connector, Somar reads that data only when you ask it to and only to complete your request. Connector sign-in tokens are stored on your device, not on our servers.

3. How we use information

  • Provide, secure and sync the Service across your devices.
  • Generate the AI responses, creations and agent work you request (see section 4).
  • Meter usage, operate subscriptions, and prevent abuse of plan limits.
  • Send notifications you've asked for and important service or legal notices.
  • Understand, at an aggregate level, which features are used so we can improve them.
  • Comply with law and enforce our Terms.

We never sell your personal information, and we never share it with third parties for their own advertising.

Emails and how to stop them. We send two kinds of email. Service emails — things like security alerts, receipts and important account or policy notices — are part of the Service and we can't switch them off while you have an account. Product and marketing emails — tips, new features and offers — are optional: you can turn them off any time in the app under Settings → Notifications, or with the unsubscribe link at the bottom of every such email. When you opt out, we suppress your address so those emails genuinely stop. We use Resend to send email.

4. How AI processing works — and its limits

When you send Somar a message, run an agent, or scheduled work runs for you, the relevant content (your message, thread history, the workspace pages and sources involved, and — if you invoked one — content fetched from a connector) is sent from our servers to our AI provider, OpenAI, to generate the response. Audio you record is transcribed by Groq. API requests are made server-side; AI provider keys are never embedded in the app on your device.

  • Our AI providers process this data to return results to you. Under our API arrangements with them, your content is not used to train their models.
  • AI output can be wrong. Somar's responses are generated by AI and may be inaccurate, incomplete or out of date, even when they sound confident. Always verify important information yourself — especially anything medical, legal, financial or safety-related. AI output is not professional advice.

5. What others can see

Somar is a collaborative and publishing product, so some visibility is the point — but you should always know exactly what is exposed and to whom:

  • Published sites are public. When you publish a page as a site at sites.trysomar.com, anyone with the link can view it, and search engines can index it (indexing can be toggled). Unpublish at any time to take it down.
  • Shared workspaces. Members of a workspace or teamspace can see the pages, sites and content shared into it, according to the roles and permissions set. Comments and workspace inbox items are visible to the people they involve.
  • Workspace administrators. On Team and Enterprise plans, workspace admins can see member lists, workspace analytics, and (Enterprise) audit logs of workspace activity. If you use a workspace owned by your employer, your employer controls that workspace's content and settings.
  • People you invite. Invitations expose your name and workspace name to the invitee.

6. Service providers we use

To run Somar we rely on a small set of trusted providers. Each one only ever receives the specific data it needs to do its job for us, under a contract that requires it to protect that data and use it only on our instructions. We do not sell your data or share it with anyone for their own advertising. The providers are:

  • Supabase — our cloud database, sign-in and file storage; it holds your account and workspace content behind per-account security.
  • OpenAI — generates the AI responses, agents, search and research from the requests you make. Your content is not used to train its models.
  • Groq — transcribes audio you record into text.
  • Cloudflare — stores uploaded media and serves the sites you publish.
  • Apple and Google — sign you in, and (Apple) handle App Store purchases; they also power any connector you choose to enable.
  • Microsoft and Dropbox — only if you connect them, to fetch the data you ask Somar to use.
  • Stripe — processes payments for subscriptions bought on the web. We never see your full card number.
  • Resend — delivers our email: sign-in verification codes, receipts and important notices, and — only if you opt in — product updates.
  • PostHog — aggregate product analytics, where enabled.

If you're carrying out a security or vendor review, we're happy to provide our data processing terms — email [email protected].

If you connect an analytics tag (Google Analytics, Plausible or Fathom) to a site you publish, that tag runs on your site under your own agreement with that provider — you are responsible for your site's compliance with visitors.

7. Retention and deletion

  • Your content is kept for as long as your account exists, so it can keep syncing.
  • Delete your account at any time from Settings → Account → Data Controls. This permanently deletes your account, workspaces you own, content, files and usage records. Residual copies in encrypted backups roll off on the backup schedule of our infrastructure providers.
  • Unpublishing a site removes it from public serving; cached copies at the edge expire within minutes, though search engines may retain snapshots temporarily.
  • We keep the minimal records the law requires us to keep (for example, billing records).

8. Security

  • All traffic between your device and our servers uses TLS (HTTPS); the app enforces Apple's App Transport Security with no exceptions.
  • Sign-in tokens are stored in the device Keychain, excluded from backups, and never synced to other devices. Sign in with Apple uses one-time replay protection; connector sign-ins use PKCE.
  • Database access is protected by row-level security scoped to your account; published sites expose only rows you have explicitly published.
  • AI provider keys live only on our servers, never in the app.

No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and the relevant regulator as required by law.

9. International transfers

Our infrastructure providers may store and process data in countries other than yours, including the United States. Where required, we rely on appropriate safeguards such as standard contractual clauses offered by these providers.

10. Your rights

Depending on where you live (including under the Australian Privacy Act, the EU/UK GDPR and US state privacy laws such as the CCPA), you may have the right to access, correct, delete, export or restrict the processing of your personal information, and to object to certain processing. Many of these you can do yourself in the app — edit your profile, disconnect connectors, delete content, or delete your whole account. For anything else, email [email protected] and we will respond within the timeframe your local law requires. You also have the right to complain to your data protection authority (in Australia, the OAIC; in the EU/UK, your supervisory authority or the ICO).

11. Children

Somar is not directed at children under 13 (or the higher minimum age in your country), and we do not knowingly collect their data. If you believe a child has created an account, contact us and we will delete it.

12. Changes to this policy

When we make material changes, we will update the version and date above and ask you to review and accept the new version in the app before you continue. Non-material clarifications take effect when posted.

13. Contact

Privacy questions and rights requests: [email protected]
General support: [email protected]

© Somar
Home Privacy Terms Cookies