Sonder | Privacy Policy

1. DATA CONTROLLER

SONDER INNOVATIONS d.o.o. (“Sonder”, “we”, “us”, “our”), with its registered office at Petrovaradinska ulica 52, Zagreb, Croatia, registered in the court register of the Commercial Court in Zagreb under number (MBS): 081636184, Croatian personal identification number (OIB): 95631264068, acts as the data controller in respect of personal data processed under this Policy. This means Sonder decides on the purposes and means of collecting and using your personal data.

If you have any questions or concerns regarding your personal data, you can contact us at any time at privacy@sonder-ai.com.

For users outside the European Union, additional jurisdiction-specific provisions are set out in Section 14 (Region-Specific Provisions).

2. INTRODUCTION

Welcome to Sonder - a personal connection system that helps you connect with the right people, mentors, peers, communities and opportunities based on the profile and context you build with us. The Service includes profile creation, user-to-user connections and chat, Sonder AI Chat, AI-assisted matching, goal creation, personalized tasks and steps, and an in-app feed where users can create posts and events.

To deliver this experience, we collect, protect and use your personal data in accordance with applicable privacy and data protection laws, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) („GDPR“), the UK GDPR and Data Protection Act 2018, the Swiss Federal Act on Data Protection (FADP), Canadian privacy laws including PIPEDA and Quebec Law 25, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable laws.

In this Policy, the “Service” refers to the Sonder mobile application, platform, website (sonder-ai.com), and all related features we provide.

2.1. AGE REQUIREMENTS

The Service is intended only for individuals who are at least 16 years old, or the minimum age required by the laws of their country of residence. We do not knowingly allow individuals under the applicable minimum age to create or maintain an account.

If we become aware that an account was created or used in violation of applicable age requirements, we may suspend or terminate the account and delete associated personal data in accordance with this Policy and applicable law.

If we introduce features for younger users in the future, additional parental or guardian consent, age-assurance and child-protection measures will apply.

3. PERSONAL DATA WE COLLECT

We collect different categories of personal data depending on how you use the Service. This section explains what information we collect, how we collect it, and for what general purposes.

3.1. Data you provide directly to us

You provide personal data to us when you create or update your account, build and update your user profile, set goals, communicate with other users, post content, create events, use Sonder AI Chat, or contact our support team. This includes:

Account and profile information - such as your name, username, profile photo, age or date of birth, gender, location (city or country), and any biographical information you choose to include.
Authentication data - we use Google Firebase Authentication to enable Google Sign-In, Apple Sign-In and phone number verification using one-time SMS codes. We receive limited identifiers and basic profile data from these providers, such as name, email, profile picture where provided, verified phone number and authentication status.
Contact information - such as your email address, phone number, or links to other profiles if you choose to share them.
Profile data (inputs) - all information, text, images, voice input, video, goals, interests, qualities, preferences, personality descriptions, opinions, lifestyle details, skills, aspirations or other information you voluntarily provide to build or update your profile and AI context.
Social and communication data - messages you send to other users, posts or comments you publish within the app, or participation in group discussions.
Goals and personalized plans - the goals you create and the steps, tasks, milestones, progress indicators, notes and feedback generated or added to help you reach those goals.
Connections and chat data - connection requests, accepted connections, user-to-user chat content, and conversations with Sonder AI Chat, including prompts such as “connect me with someone”.
Feed content - posts, events, comments, reactions and other content you publish in the in-app feed, together with associated metadata such as timestamps and audience settings.
Feedback, support and moderation requests - messages or information you send for support, bug reports, feature requests, surveys, content reports or safety/moderation review.
Payment and subscription data - if you purchase premium features, payment processing is handled by Apple through the App Store or by Google through Google Play. We do not collect or store payment-card details, billing address or full card information. We receive only limited information needed to provision and manage your subscription, such as transaction or receipt identifiers, product, subscription status, purchase/renewal dates, refund status and storefront/country information.
Consent choices and privacy settings - your preferences regarding profile visibility, data sharing, discoverability, notifications, marketing communications and AI-related personalization.

The Service is not intended to collect special-category or sensitive personal data, such as health information, political opinions, religious beliefs, sexual orientation, etc. However, because your profile and Sonder AI interactions are based on information you choose to provide, you may voluntarily include such information. If you do, we treat it with heightened protection where required by law, and you may delete or modify it at any time in your settings.

3.2. Data collected automatically from your use of Sonder

Device and connection information - such as device type, operating system, app version, screen resolution, IP address, language and time zone.
Usage data - information about how you interact with the Service, including login times, features used, searches, content viewed, time spent in different sections, posts and events you engage with, and connection requests.
Log, crash and diagnostic data - event logs, error messages, crash reports and performance information that help us troubleshoot issues and keep the Service reliable and secure.
Approximate location - derived from your IP address or device settings to customize recommendations and connect you with relevant users or opportunities. You can disable relevant permissions in your device or app settings where available.
Outputs - content generated by the Service, including Sonder AI Chat responses, suggested matches, explanations, tasks, steps and other AI-assisted outputs based on your inputs.
Device permissions - where you choose to use features that require them, we may request camera, photo library, microphone, notification or location permissions. For example, these permissions may support profile photos, media in chat, posts/events, voice messages, voice input to AI chat and service notifications. We do not access these permissions unless you grant them, and you can revoke them through device settings.

Our website does not currently use cookies. We do not currently use third-party analytics, advertising or tracking services. Our mobile application uses only essential local storage and identifiers required to operate the app, authenticate you and keep your session secure (see Section 12).

3.3. Data generated by the Sonder system

To power your user profile and provide personalized matches or recommendations such as Sonder AI Chat, AI-assisted matching, personalized goal-planning and feed, our system uses Anthropic Claude models accessed through Amazon Web Services (“AWS”) Bedrock. The system may generate or infer new data about you based on information you provide and how you use the Service, including:

Interest and personality profiles - inferred traits, preferences, or compatibility scores created by analyzing your inputs and behavior.
Similarity and match data - analysis of your profile against other users’ profiles to suggest potential connections, communities or opportunities.
Personalized goal plans - steps, tasks and milestones generated and personalized based on the context of your profile.
Usage insights - aggregated or de-identified information about how profiles, goals, matches and AI features perform within the Service.

These AI-generated insights are used within the Service to personalize your experience, explain and improve recommendations, support safety and improve relevance. We do not sell them or share them for cross-context behavioral advertising.

3.4. Data we receive from third parties and other sources

We may receive personal data from the following third parties when necessary to operate the Service:

Amazon Web Services (AWS) - our cloud infrastructure provider. AWS hosts our application and databases and provides AWS Bedrock, through which we access AI models. AWS acts as our data processor under the AWS Data Processing Addendum.
Anthropic Claude via AWS Bedrock - the underlying AI model family we use through AWS Bedrock. Your inputs are processed to generate outputs through Bedrock and are not used to train Anthropic foundation models through our Service.
Google Firebase Authentication - supports Google Sign-In, Apple Sign-In and phone number verification. Firebase processes authentication identifiers, verification codes, authentication tokens and limited profile attributes needed for account access and security.
Apple App Store and Google Play - confirm in-app subscription purchases, renewals, cancellations, refunds and entitlement status. We do not receive full payment-card details from these platforms.
Other users - other users may provide information about you when they message you, send a connection request, mention you in content, invite you to an event, react to your content, or report content to us.

We do not buy or sell personal data from data brokers, and we do not currently use third-party analytics, advertising or tracking services. If we introduce optional analytics or tracking services in the future, we will update this Policy and, where required, ask for your consent.

4. HOW WE USE YOUR DATA

We process personal data for the purposes set out below. For each purpose we identify the categories of data involved, our legal basis under the GDPR (and equivalent legal grounds under other laws), and the retention period.

Providing and operating the Service: Account/profile data; authentication data; contact information; user profile inputs; goals and plans; connection/chat content; feed content; AI-generated outputs.
Legal basis: Performance of a contract - Art. 6(1)(b) GDPR.
Retention period: Until account deletion, then up to 2 months in active systems.
Personalization and improvement of user experience: Inputs/outputs; preferences; interests, skills, qualities; interaction data; AI-generated profiles; usage data.
Legal basis: Consent where required - Art. 6(1)(a) GDPR; legitimate interest - Art. 6(1)(f) GDPR.
Retention period: Until account deletion, then up to 2 months in active systems. Or withdrawal of consent.
Connecting users and enabling social interaction: Profile and visibility settings; match data; public/shared content; connection requests; posts; events.
Legal basis: Performance of a contract - Art. 6(1)(b) GDPR; Consent for optional public visibility - Art. 6(1)(a) GDPR.
Retention period: Immediately after account deletion, content removal, or withdrawal of consent.
Authentication and account security: Google Sign-In, Apple Sign-In, Firebase authentication identifiers, phone number verification data.
Legal basis: Performance of a contract - Art. 6(1)(b) GDPR; legal obligation/security - Art. 6(1)(c) GDPR.
Retention period: Account duration; verification/security logs up to 12 months unless legally required longer.
Technical operation, maintenance, and security: Device/connection data; IP address; app version; logs; diagnostic data; approximate location via IP/settings.
Legal basis: Legitimate interest - Art. 6(1)(f) GDPR; legal obligation/security - Art. 6(1)(c) GDPR.
Retention period: 5 years after the deletion of account; longer if needed for security, fraud prevention, disputes, or legal duties.
Customer support and communication: Contact information; support tickets; relevant message/log data.
Legal basis: Performance of a contract - Art. 6(1)(b) GDPR.
Retention period: Until resolved; up to 10 years after proceedings in case of dispute.
Subscription and billing management: Limited Apple/Google subscription identifiers, product, status, receipt/transaction data, account identifiers.
Legal basis: Performance of a contract - Art. 6(1)(b) GDPR; legal obligation/tax/accounting - Art. 6(1)(c) GDPR.
Retention period: Up to 11 years where required by Croatian tax/accounting rules.
Research, AI development, and product improvement: Aggregated or de-identified usage data; interaction and feature-use data; AI performance feedback.
Legal basis: Legitimate interest - Art. 6(1)(f) GDPR.
Retention period: Until account deletion; aggregated/de-identified data may be retained indefinitely.
Compliance with legal obligations and enforcement of rights: All relevant data categories needed to comply with law, enforce rights, or respond to lawful requests.
Legal basis: Legal obligation - Art. 6(1)(c) GDPR; legitimate interest - Art. 6(1)(f) GDPR.
Retention period: As required by applicable law or legal necessity.
Marketing and optional communications: Email/contact data; communication preferences.
Legal basis: Consent - Art. 6(1)(a) GDPR.
Retention period: Until consent is withdrawn.
Ethical and safe use of AI models: Inputs/outputs processed through Claude on AWS Bedrock; feedback on AI responses; flagged or reported content logs.
Legal basis: Legitimate interest - Art. 6(1)(f).
Retention period: Until account deletion plus a short technical retention window (2 months); longer where needed for safety or legal claims.

5. YOUR CONSENT AND CHOICES

We process personal data only where there is a valid legal basis under the GDPR and equivalent grounds under other applicable laws. Depending on the data and purpose, we rely on one or more of the following:

5.1. Consent - Article 6(1)(a) GDPR

In certain cases, we process your data only when you have given us your explicit consent. This includes situations such as:

personalizing your user profile’s behavior and recommendations beyond what is necessary to provide the Service;
making parts of your profile, posts or events visible to other users in ways controlled by your settings;
receiving marketing messages, newsletters or promotional updates;
processing sensitive personal data you deliberately choose to provide, where consent is required by applicable law.

You can withdraw consent at any time through your in-app settings or by contacting us at privacy@sonder-ai.com. Withdrawal does not affect processing carried out before withdrawal.

5.2. Performance of a contract - Article 6(1)(b) GDPR

We process personal data when it is necessary to perform our agreement with you or to take steps at your request before entering into such an agreement. This includes, for example:

creating and managing your account and profile;
enabling communication and interaction between users (matching, connections, chat, the feed, posts, events and goal-setting features);
processing inputs through Claude on AWS Bedrock to generate outputs;
provisioning and managing subscriptions purchased through Apple or Google.

5.3. Legal obligation - Article 6(1)(c) GDPR

We may process certain personal data to comply with legal obligations, including tax and accounting requirements, consumer protection rules, data protection compliance and lawful requests from courts, regulators or public authorities.

5.4. Legitimate interests - Article 6(1)(f) GDPR

We process certain personal data to pursue our legitimate business interests, while protecting your fundamental rights and freedoms. These legitimate interests include:

maintaining security and stability of the Service and our systems;
preventing misuse, fraud, abuse and harmful or illegal activity;
improving and developing our products, algorithms and AI-based features within the Service using aggregated, de-identified or minimized data where feasible;
to establish, exercise, or defend our legal rights or those of our users (e.g., in the event of a dispute, investigation, or suspected breach of our Terms of Service)
conducting internal user research without third-party analytics providers at this stage;
ensuring ethical and responsible use of AI, including monitoring AI outputs and reported/flagged content.

6. YOUR RIGHTS

Depending on where you live, you may exercise the following rights in respect of your personal data. Equivalent regional rights are described in Section 14.

Right of access - You have the right to obtain confirmation of whether we process personal data about you and, if so, to receive a copy of that data along with information about how and why it is processed.
Right to rectification - You have the right to request correction of any inaccurate or incomplete personal data that we hold about you, including AI-generated profile data, inferred traits, interest categories and compatibility scores described in Section 3.3. You can edit much of your information directly through your account settings, and you may contact us to correct or delete inferred data that cannot be edited in-app.
Right to erasure - You may request the deletion of your personal data in certain circumstances, for example: when the data is no longer necessary for the purposes for which it was collected; when you withdraw your consent (where consent was the legal basis); or when you object to processing and there are no overriding legitimate grounds. However, we may opt for pseudonymization of your data rather than erasure, for which we would ask your consent.
Right to restriction of processing - You can request that we restrict processing of your personal data in specific situations, such as when you contest its accuracy or when you believe the processing is unlawful but you prefer restriction over deletion.
Right to data portability - You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically possible.
Right to object - You may object at any time to the processing of your personal data based on our legitimate interests, including profiling. If you object, we will stop processing your data unless we can demonstrate legitimate grounds that override your interests, rights, and freedoms, or unless the processing is required for the establishment, exercise, or defence of legal claims. You may also object to the use of your data for direct marketing at any time, in which case we will immediately stop sending such communications.
Right to withdraw consent - Where we rely on your consent to process personal data, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Right to lodge a complaint - If you believe that your personal data has been processed in violation of applicable data protection laws, you have the right to lodge a complaint with your local supervisory authority. In Croatia, this is the Croatian Personal Data Protection Agency (AZOP). If you are located in the European Union, you can find contact details for all EU data protection authorities here.
Right not to be subject to automated decision-making with legal or similarly significant effects - we do not currently make such decisions solely on the basis of automated processing.

To exercise rights, contact us at privacy@sonder-ai.com. We may ask for information necessary to verify your identity and will respond within legally required time limits.

7. PERSONAL DATA PROTECTION

We take the protection of your personal data seriously and implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

7.1. Technical measures

We use a range of security technologies and controls, including:

Encryption - personal data is encrypted in transit and at rest.
Access controls - only authorized personnel can access personal data on a strict need-to-know basis, using appropriate authentication controls.
Secure AWS infrastructure - our core application infrastructure is hosted on AWS and benefits from AWS security controls and compliance programs.
Monitoring and testing - we maintain system monitoring, logging and security testing to identify and prevent vulnerabilities.
Pseudonymization - whenever possible, we pseudonymize personal data by replacing direct identifiers (such as names or emails) with artificial codes. This ensures data can no longer be linked to you without separate, securely stored information, minimizing privacy risks.
Data segmentation and backup - we separate live and backup environments, perform backups and maintain secure recovery procedures to prevent data loss.

7.2. Organizational measures

In addition to technical safeguards, we maintain strict organizational controls, including:

Confidentiality - employees and contractors handling personal data are bound by confidentiality obligations and trained in data protection.
Vendor oversight - we select and contractually bind processors, including AWS, Firebase/Google, Apple and Google, to appropriate data protection and security obligations.
Data minimization and retention controls - we collect and retain only the data necessary for specific purposes and delete, anonymize or pseudonymize it when no longer needed.
Privacy by design - privacy and security principles are embedded in product development from the start.

7.3. Personal data breach response

We maintain procedures for detecting, investigating, containing and responding to personal data breaches. Where required by law, we will notify competent authorities and affected individuals within legally required timeframes and take appropriate remedial steps.

8. RECIPIENTS OF YOUR DATA

We do not sell or rent your personal data. We share it only when necessary to operate our services, comply with the law, or with your explicit consent. Whenever we share data, we do so under contractual safeguards and apply appropriate technical and organizational measures to protect your privacy.

8.1. Service providers and business partners

We engage trusted providers who process personal data on our behalf or act as independent controllers for their own platform/payment functions:

AWS / Amazon Bedrock: Cloud infrastructure hosting; AI-assisted prompt processing and output generation through Bedrock. (https://aws.amazon.com/privacy)
Anthropic Claude via AWS Bedrock: Underlying AI model family accessed through AWS Bedrock. (https://www.anthropic.com/legal/privacy)
Google Firebase Authentication: Google Sign-In, Apple Sign-In support, phone number verification and account security. (https://firebase.google.com/support/privacy)
Apple App Store: In-app subscription processing and entitlement information for iOS users. (https://www.apple.com/legal/privacy)
Google Play: In-app subscription processing and entitlement information for Android users. (https://policies.google.com/privacy)

8.2. Legal and regulatory requirements

We may disclose personal data to public authorities or third parties if required by law or when necessary to comply with legal obligations, respond to lawful requests, protect rights, property or safety, enforce our Terms of Service or defend legal claims.

8.3. Corporate events

In the event of a merger, acquisition, restructuring or sale of all or part of our business, personal data may be transferred as part of the transaction. We will ensure the receiving entity handles your data consistently with this Policy.

8.4. Other users and public content

When you interact within the Service - for example, by sharing profile information, accepting connection requests, messaging another user, posting in the feed, creating events, commenting or reacting - certain information will be visible to other users according to your settings and the nature of the feature. You can adjust visibility and content settings through your account preferences where available.

9. INTERNATIONAL DATA TRANSFERS

We aim to store and process personal data within the European Economic Area (EEA) where feasible. However, some trusted partners, including AWS, Google/Firebase, Apple and Google Play, may process data on servers located outside the EEA, UK or Switzerland, including in the United States.

Whenever personal data is transferred internationally, we use appropriate safeguards under Articles 44-46 GDPR and equivalent UK and Swiss rules. These may include adequacy decisions, Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, Swiss-recognized SCCs, Data Privacy Framework certifications where applicable, and supplementary technical and organizational measures such as encryption and access controls.

You may request information about relevant safeguards by contacting us at privacy@sonder-ai.com.

10. HOW LONG WE STORE YOUR DATA

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal requirements and legitimate business operations, in accordance with this Policy and the retention table in Section 4.

After the retention period expires, we delete or anonymize personal data, unless continued retention is required by law.

Account data - retained while your account is active and deleted or anonymized within a short technical window after account closure.
User profile, goals, chat and feed content - retained while your account is active or until you delete the relevant content, subject to legal exceptions.
Subscription and billing data - retained for the period required by tax and accounting laws, typically up to 11 years in Croatia.
Technical and security logs - typically retained up to 12 months, unless longer retention is needed for security, fraud prevention, legal claims or compliance.
Aggregated or anonymized data - may be retained indefinitely for statistical, research, AI-performance and product-improvement purposes.

10.1. Deletion and user requests

You may delete your account or request deletion of your personal data at any time through in-app account settings or by contacting us at privacy@sonder-ai.com. We will delete your personal data unless retention is required by law or necessary for legal claims, fraud prevention, security investigations or other legally permitted purposes. Copies may remain temporarily in encrypted backups for a limited technical recovery window before being overwritten.

11. AI AND AUTOMATED PROCESSING OF PERSONAL DATA

The Service uses artificial intelligence and algorithmic processing to personalize your experience, including building and updating your user profile, matching you with other users in Sonder AI Chat, generating personalized goals, steps and tasks, recommending posts/events/connections and improving the relevance and safety of the Service. You are clearly informed when you are interacting with AI features, including Sonder AI Chat and AI-assisted matching, in accordance with applicable AI transparency rules, including Regulation (EU) 2024/1689 (the EU AI Act) where applicable.

All AI-generated recommendations are intended to support your choices, not replace them and you remain in full control of how you use or act upon those results. We do not currently make decisions about you that produce legal or similarly significant effects solely on the basis of automated processing within the meaning of Article 22 of the GDPR or equivalent laws.

If we introduce automated decision-making with significant effects in the future, we will notify you in advance and provide clear information about the logic involved and your rights, including the right to obtain human intervention, express your point of view and contest the decision.

12. COOKIES AND SIMILAR TECHNOLOGIES

Our website does not currently use cookies. We do not use third-party analytics, advertising or tracking cookies on our website or in the Service.

Our mobile application uses only essential local storage, app identifiers and authentication/session tokens necessary for the Service to function, including keeping you signed in, maintaining session security, preventing unauthorized access and storing preferences on your device.

These technologies are strictly necessary to provide a service you request and do not require consent under applicable cookie/ePrivacy rules. If we introduce optional cookies, analytics, advertising or similar tracking technologies in the future, we will update this Policy and, where required, present you with a consent mechanism.

13. CHILDREN

The Service is not directed to children under 16. You may not use the Service if you are under 16 or under the minimum age required by the laws of your country of residence. We do not knowingly collect personal data from children under the applicable minimum age.

If you are a parent or guardian and believe a child has provided personal data to us without appropriate authorization, contact us at privacy@sonder-ai.com and we will take appropriate steps to delete the information.

14. REGION-SPECIFIC PROVISIONS

This Section provides additional information for users located in specific jurisdictions. In case of conflict between this Section and the rest of the Policy, this Section prevails for users in the relevant jurisdiction.

14.1. United Kingdom

If you are located in the United Kingdom, the UK GDPR and Data Protection Act 2018 apply. The rights set out in Section 6 also apply to you. The supervisory authority is the Information Commissioner’s Office (ICO). International transfers from the UK are made under valid UK transfer mechanisms such as the UK International Data Transfer Agreement or UK Addendum to the EU SCCs.

14.2. Switzerland

If you are located in Switzerland, the Swiss Federal Act on Data Protection (FADP) applies. References to GDPR rights and safeguards should be read as covering equivalent FADP rights and safeguards. The supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC).

14.3. Canada, including Quebec

If you are located in Canada, our processing may be subject to PIPEDA and applicable provincial laws, including Quebec Law 25. You may have rights to access, correct and withdraw consent, subject to legal or contractual restrictions. Quebec residents may also have rights relating to automated decision-making and data portability where applicable. Personal information may be processed outside Canada, including in the EEA and United States.

14.4. California (CCPA/CPRA)

If you are a California resident and the CCPA/CPRA applies, you may have rights to know, access, delete, correct, opt out of sale or sharing, limit certain sensitive personal information uses and avoid discrimination for exercising rights. In the preceding 12 months, we have collected the following categories of personal information: identifiers, account and profile information, commercial subscription information, internet and network activity, approximate geolocation, communications content, user-generated content and inferences drawn from the foregoing. We do not sell personal information or share it for cross-context behavioral advertising, and we do not knowingly sell or share personal information of users under 16.

14.5. Other U.S. states

If you reside in another U.S. state with a comprehensive privacy law, you may have rights to access, correct, delete and obtain a portable copy of personal data and to opt out of certain processing such as targeted advertising, sale or certain profiling. We do not currently engage in targeted advertising or sales of personal data.

14.6. Brazil (LGPD)

If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD) may apply. You may have rights to confirmation, access, correction, anonymization, portability, deletion, information about sharing and revocation of consent.

14.7. Australia

If you are located in Australia, the Privacy Act 1988 (Cth) and Australian Privacy Principles may apply. You may contact us with privacy requests or complaints and may complain to the Office of the Australian Information Commissioner where applicable.

14.8. How to exercise regional rights

To exercise any applicable privacy right, contact us at privacy@sonder-ai.com or use privacy/account tools made available within the Service. Where permitted or required by law, we may verify your identity, deny or limit a request where an exemption applies, and provide an appeal process where required.

15. CHANGES TO THIS POLICY

We may amend this Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. When we make material changes, we will notify you in a clear and timely manner, for example through email, in-app notifications or a notice in the Service. The date at the top indicates the most recent version. If you continue to use the Service after an updated Policy takes effect, we will consider that you have read, understood and accepted the changes.

16. CONTACT

Questions, requests or complaints regarding this Policy or our processing of personal data can be sent to privacy@sonder-ai.com or by post to:

SONDER INNOVATIONS d.o.o.
Petrovaradinska ulica 52
Zagreb, Croatia