Security
by architecture, not by policy.
A privacy promise is a commitment. An architecture is a constraint. SoundSense is designed so that the risky thing, uploading your audio, is not something the app is even capable of. This page explains what stays on your device, what gets backed up, and what the app never does.
What is on your device.
Everything that matters.
The machine learning classifier runs entirely on your iPhone. It ships bundled with the app: no download of model weights after install, no cloud round-trip for inference. That is true on the first launch, the hundredth launch, and forever.
Audio is never written to disk. We capture short buffers in volatile memory, feed them to the classifier, read the result, and release the memory. Even crash reports, if you opt in to them, do not include audio. The audio buffer is gone by the time the process can be snapshotted.
Sound fingerprints you train, your specific doorbell, your specific smoke detector, are stored in the iOS secure sandbox for this app. Other apps cannot read them. We cannot read them. If you uninstall SoundSense, they are gone.
The small things
that travel with your account.
Sound names and settings
Your account securely backs up the names you gave your sounds ("Front doorbell," "Upstairs smoke alarm") and their urgency settings, so you do not lose your setup if you switch phones. That is all.
Never the audio
Your recordings, the acoustic patterns that let the app recognize your specific sounds, never leave your device. Not to your account, not to us, not anywhere.
In transit and at rest.
Your audio is processed on your device and never transmitted anywhere. For the small amount of account data that does sync (your email and the names and settings of the sounds you configure), everything is encrypted in transit and stored with strong access controls.
We do not sell your data. We do not show ads. We do not share it with marketing partners. You can delete your account and everything tied to it any time.
What SoundSense asks for
and why.
Without it, the app cannot listen, which is the app's entire purpose. Used only while the app is running.
Alerts have to reach you. Notifications are how the app delivers visual alerts outside of the foreground. Recommended for full functionality.
If you enable context mode, your location lets the app tell "home" apart from "in the city" and adjust urgency accordingly.
No contacts, no photos, no calendar, no health, no tracking identifiers. If iOS ever shows you a permission dialog we do not list here, do not grant it. Tell us.
Found something?
Tell us, and we will thank you.
Send vulnerabilities to security@soundsense.app. Please give us a reasonable window to fix before public disclosure. 90 days is a good default, less for trivial issues, more if the fix requires coordination with Apple.
- ✓We acknowledge within 48 hours.
- ✓We give you an honest time estimate for a fix.
- ✓If you consent, we credit you in the release notes.
- ✓We do not take legal action against good-faith researchers.
A short list
you can hold us to.
Not to us, not to any partner, not in crash reports. Your microphone is listening for you, not for anyone else.
We do not sell, rent, or share your personal data with advertisers, data brokers, or marketing partners. We have none.
If you choose to help us improve the app, anonymized technical and usage data can be shared. No audio, no content, no personal identifiers. You can turn it off any time.
Email privacy@soundsense.app and we will remove your account and everything tied to it. On-device data goes when you uninstall.
For the full list of services we rely on (app store, authentication, hosting), see our privacy policy. If anything changes in a way that affects your data, we will update the policy and let you know.