← Back to Sotto

Privacy & refunds

Last updated 5 July 2026

Sotto is a privacy-first product, so this page is short by design: there's almost nothing to collect, because there's no server to collect it with.

What Sotto (the app) collects

Nothing. There is no Sotto server, no account, and no telemetry.

The app runs entirely on your Mac. Your audio, your screen, and your interview transcripts are processed locally and never uploaded anywhere. There is no analytics SDK, no crash reporter phoning home, and no "usage data" being sent back to me — by architecture, not by policy, because there's nowhere for it to go.

Your Anthropic API key and the one request that leaves

Sotto generates answers by sending a single HTTPS request from your Mac straight to Anthropic's API (api.anthropic.com), authenticated with your own key or Claude subscription token. That request contains the question and the context needed to answer it — it does not route through any server of mine, because none exists.

Your key is stored locally on your Mac and used only to talk to Anthropic. What Anthropic does with an API request is governed by Anthropic's own privacy policy. The only other network activity Sotto ever makes is a one-time, checksummed download of the open-source Whisper speech model on first launch.

What this website collects

This landing page is a static site. If privacy-friendly, cookieless visitor analytics are enabled by the host (Vercel), they record aggregate page views without tracking you across sites or building a profile. No advertising trackers, no third-party cookies.

Refunds

Sotto comes with a 14-day money-back guarantee. If it doesn't earn its keep, email within 14 days of purchase and you'll get a full refund — no interrogation. Refunds are handled through the checkout provider (Gumroad), whose own terms also apply to the transaction.

Contact

Questions about any of this, or a refund request: support@getsotto.co.