Privacy Policy

Last updated: April 2, 2026

This Privacy Policy explains how Max Beato, doing business as Tonos ("we", "us", "our"), collects, uses, and protects your information when you use our voice profile service ("Service"). This policy applies to all users of the Tonos web application, REST API, and MCP protocol endpoints.

1. Information We Collect

Account information

When you register with email and password, we collect your email address and store a cryptographically hashed version of your password. We never store passwords in plain text. If you sign in via Google or GitHub, we receive your name and email from the OAuth provider. We do not receive or store your OAuth provider password.

Writing samples

You provide writing samples (messages, emails, chat logs) to build your voice profile. Samples are ephemeral. Raw text is processed to extract your voice profile and is deleted immediately after extraction is complete. We do not store, archive, or back up your original writing samples.

Voice profiles

We store the structured voice profile generated from your samples. This includes style dimensions (formality, warmth, directness, etc.), detected patterns, common phrases, and platform-specific modes. Voice profiles are derived abstractions — they do not contain your original messages and cannot be used to reconstruct them.

Generated content

Messages drafted through the Service are streamed directly to your device and are not stored on our servers after delivery.

Payment information

Payments are processed entirely by Stripe. Your credit card number and payment details are sent directly to Stripe and never touch our servers. We retain only your Stripe customer ID and subscription status for billing management.

Usage data

We collect basic usage metrics: API request counts, credit consumption, endpoint paths, and timestamps. We use this for billing, rate limiting, abuse prevention, and service improvement. We do not track your browsing behavior across other websites.

2. Legal Basis for Processing

We process your data under the following legal bases:

  • Contractual necessity: Account data, voice profiles, and payment data are processed to deliver the Service you signed up for.
  • Legitimate interest: Usage data and logs are processed for security, abuse prevention, and service improvement.
  • Consent: Writing samples are provided voluntarily by you for voice extraction. You may withdraw consent by deleting your profile.

3. How We Use Your Information

  • To create and maintain your account
  • To build and store your voice profile
  • To generate messages in your voice
  • To process payments and manage subscriptions
  • To enforce rate limits and prevent abuse
  • To communicate service updates or billing issues
  • To comply with legal obligations

We do not use your data for advertising, marketing profiling, or any purpose unrelated to delivering the Service.

4. Third-Party Services (Sub-Processors)

We share limited data with the following third parties to operate the Service:

  • Anthropic (Claude API) — Writing samples and drafting prompts are sent to Anthropic's API for voice extraction and message generation. Anthropic does not retain API inputs or outputs and does not use API data for model training. See Anthropic's Privacy Policy.
  • Stripe — Handles payment processing. Stripe receives your payment method details directly. See Stripe's Privacy Policy.
  • Railway — Hosts the application and database infrastructure. See Railway's Privacy Policy.
  • Google / GitHub — If you use OAuth sign-in, these providers facilitate authentication. They receive only the authentication request; we do not share your Tonos data with them.

We do not sell, rent, or trade your personal data to any third party. We do not use your data for advertising.

5. Data Location and International Transfers

Your data is processed and stored on servers located in the United States. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the US. For users in the European Economic Area (EEA), United Kingdom, or Switzerland, these transfers are conducted under Standard Contractual Clauses or other appropriate safeguards as required by applicable data protection laws.

6. Data Retention

  • Writing samples: Deleted immediately after voice extraction completes
  • Voice profiles: Retained while your account is active; deleted within 30 days of account deletion
  • Account data: Deleted within 30 days of account deletion
  • Usage logs: Retained for 90 days, then automatically purged
  • Payment records: Retained as required by tax and financial regulations (typically 7 years for transaction records)

7. Your Rights

Regardless of your location, you can:

  • Access your voice profile data through the web app or API
  • Delete your voice profile at any time from your settings
  • Delete your account and all associated data from your settings
  • Export your voice profile data via the API
  • Revoke API keys at any time from your settings
  • Withdraw consent for data processing by deleting your account

For European Economic Area (EEA) residents

Under the GDPR, you also have the right to:

  • Request rectification of inaccurate personal data
  • Request restriction of processing in certain circumstances
  • Object to processing based on legitimate interest
  • Data portability — receive your data in a structured, machine-readable format
  • Lodge a complaint with your local data protection authority (supervisory authority) if you believe your rights have been violated

For California residents

Under the California Consumer Privacy Act (CCPA), you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the "sale" of personal information — we do not sell personal information as defined by the CCPA
  • Non-discrimination — we will not treat you differently for exercising your CCPA rights

To exercise any of these rights, contact us at max@tonos.fyi. We will respond to verified requests within 30 days.

8. Data Security

We use industry-standard security measures including encrypted connections (TLS in transit), hashed passwords (argon2id), hashed API keys (SHA-256), and secure session management. Database connections are encrypted. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users within 72 hours of confirming the breach. We will also notify relevant supervisory authorities as required by applicable law. Notification will include the nature of the breach, data affected, steps we are taking, and steps you can take to protect yourself.

10. Cookies

We use a single session cookie to keep you signed in. This is a strictly necessary functional cookie required for the Service to operate. It contains no tracking data and expires when you sign out. We do not use tracking cookies, analytics cookies, advertising cookies, or any third-party cookies.

11. Children

The Service is not intended for users under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal data, contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a prominent notice within the Service at least 14 days before the changes take effect. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact

Questions about your privacy or data? Reach us at max@tonos.fyi.

For matters related to these Terms of Service, the same contact applies.