sonnrBack to home

Privacy Policy

Last updated: April 2026

1. Who We Are

Sonnr ("we", "our", "us") is a garment manufacturing operations platform operated by Kaay Apparel. This policy explains how we collect, use, and protect your data when you use our platform at app.getsonnr.com and related services.

2. Data We Collect

We collect the following categories of data:

  • Account data: Name, email address, phone number, password (hashed), and role within your factory.
  • Business data: Client/buyer information, order details, design names, quantities, pricing, employee names, machine records, and invoice details that you enter into the platform.
  • Usage data: Pages visited, features used, AI queries made, and session duration — collected to improve the product.
  • Payment data: If you subscribe to a paid plan, payment processing is handled by our payment partner (Razorpay). We do not store credit card numbers.

3. How We Use Your Data

  • To provide and operate the Sonnr platform, including order tracking, invoicing, and client portals.
  • To generate AI-powered insights (Factory Pulse, assignment suggestions) using your production data. Your data is sent to Google Gemini for processing and is not retained by Google after processing.
  • To send transactional emails (invoices, notifications) via SMTP.
  • To improve our product based on aggregated, anonymised usage patterns.

4. Data Storage & Security

  • Database: All data is stored in Supabase (PostgreSQL) hosted on AWS in Mumbai (ap-south-1). Data is encrypted at rest and in transit.
  • Tenant isolation: Each factory's data is completely isolated using Row Level Security (RLS). No factory can access another factory's data.
  • Client isolation: Within a factory, each client/buyer can only see their own orders through the client portal.
  • Authentication: Passwords are hashed by Supabase Auth. Sessions use secure, httpOnly cookies.
  • File storage: Uploaded images (designs, samples, payment proofs) are stored in Supabase Storage with access controls.

5. AI & Third-Party Services

  • Google Gemini: We use Google's Gemini API for AI features (Factory Pulse, Ask Your Factory, assignment suggestions). Your production data is sent to Gemini for processing. Google does not use this data to train its models. See Google's API Terms.
  • Supabase: Database hosting and authentication. See Supabase Privacy Policy.
  • Vercel: Application hosting. See Vercel Privacy Policy.

6. Data Retention

Your data is retained for as long as your account is active. If you cancel your subscription, your data remains accessible for 30 days, after which it may be permanently deleted. You can request data export or deletion at any time by contacting us.

7. Your Rights

Under applicable data protection laws (including India's DPDP Act 2023), you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Withdraw consent for data processing.
  • Request a copy of your data in a portable format.

8. Cookies

We use essential cookies only — specifically, Supabase authentication session cookies. These are httpOnly, secure cookies required for the platform to function. We do not use tracking cookies, advertising cookies, or analytics cookies.

9. Contact

For privacy-related questions or data requests, contact us at:
connect@kaayapparel.in