SONIQMail

Privacy Policy

Last updated: 8 January 2026

SONIQ Mail is a trading style of We Are One 1 Limited, a company registered in England and Wales (Company Number: 15052885). Registered Office: 20 Wenlock Road, London, N1 7GU, United Kingdom.

1. Introduction

This Privacy Policy explains how We Are One 1 Limited, trading as SONIQ Mail ("we", "us", "our", "SONIQ Mail"), collects, uses, stores, and protects your personal data when you use our email services, website, and applications.

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

By using SONIQ Mail, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

We Are One 1 Limited
Trading as SONIQ Mail
20 Wenlock Road
London, N1 7GU
United Kingdom
Email: privacy@soniqmail.co.uk

3. Information We Collect

3.1 Information You Provide Directly

  • Account Registration Data: Full name, email address, password (stored in encrypted form), and optional profile information
  • Payment Information: When you subscribe to paid plans, we collect billing address and payment method details. Payment card details are processed securely by our payment processor (Stripe) and are not stored on our servers
  • Communications: Any correspondence you send to us, including support requests and feedback
  • User Preferences: Your settings, preferences, and customisations within the service

3.2 Email Data

  • SONIQ Mailbox: Emails sent to and from your @soniqmail.co.uk address are stored on our secure mail servers
  • Connected External Accounts: When you connect third-party email accounts (Gmail, Outlook, Yahoo), we access your emails via OAuth 2.0 authorisation. We retrieve email metadata (sender, recipient, subject, date) and content for display within our application. We do not permanently store copies of external emails on our servers beyond temporary caching for performance
  • Email Attachments: Attachments are processed for display and, where applicable, security scanning

3.3 Automatically Collected Data

  • Device Information: Device type, operating system, browser type and version, screen resolution
  • Usage Data: Pages visited, features used, actions taken, time spent on the service
  • Log Data: IP address, access times, referring URLs, error logs
  • Cookies and Similar Technologies: See Section 10 for details

3.4 Data from Third-Party Services

When you connect external email accounts via OAuth:

  • Google (Gmail): We request access to read and send emails on your behalf. We access your email address, profile information, and email content as authorised
  • Microsoft (Outlook/Office 365): We request access to read and send emails, access your profile, and maintain offline access via refresh tokens
  • Yahoo Mail: We request access to read and send emails via IMAP/SMTP protocols

4. How We Use Your Data

4.1 To Provide Our Services

  • Create and manage your SONIQ Mail account
  • Send, receive, store, and display your emails
  • Synchronise and display emails from connected external accounts
  • Process payments and manage subscriptions
  • Provide customer support

4.2 AI-Powered Features

SONIQ Mail uses artificial intelligence to enhance your email experience:

  • Scam Detection: Our AI analyses email content, sender information, and patterns to identify potential phishing, fraud, and scam emails
  • Smart Categorisation: Automatic categorisation of emails (Money, Subscriptions, Deliveries, etc.)
  • Subscription Tracking: Identification and tracking of recurring subscriptions from your emails
  • Email Summarisation: AI-generated summaries of email content

Important: AI analysis is performed to provide you with protective features. We do not sell insights derived from your emails, nor do we use your email content for advertising purposes.

4.3 To Improve Our Services

  • Analyse usage patterns to improve features and user experience
  • Train and improve our AI models using anonymised and aggregated data
  • Debug issues and ensure service reliability
  • Conduct research and development

4.4 Communications

  • Send service-related notifications (security alerts, account updates)
  • Respond to your enquiries and support requests
  • Send marketing communications (with your consent, which you can withdraw at any time)

4.5 Legal and Safety

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect the rights, safety, and property of SONIQ Mail, our users, and the public
  • Detect and prevent fraud, abuse, and security incidents

5. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

  • Contract (Article 6(1)(b)): Processing necessary to provide our services to you under our Terms of Service
  • Legitimate Interests (Article 6(1)(f)): Processing for our legitimate business interests, such as improving our services, ensuring security, and preventing fraud, where these interests are not overridden by your rights
  • Consent (Article 6(1)(a)): Where you have given explicit consent, such as for marketing communications or connecting third-party accounts
  • Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal requirements

6. Data Sharing and Disclosure

6.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our service:

  • Cloud Infrastructure: Supabase (database), Vultr (mail servers) - data stored in EU/UK data centres
  • Payment Processing: Stripe - for secure payment handling
  • AI Services: Anthropic (Claude) - for email analysis features (processed with appropriate data protection measures)
  • Analytics: Privacy-focused analytics to understand service usage

All service providers are contractually bound to protect your data and process it only as instructed by us.

6.2 Third-Party Email Providers

When you connect external accounts, we interact with Google, Microsoft, and Yahoo APIs. Your use of those services is also governed by their respective privacy policies.

6.3 Legal Requirements

We may disclose your data if required by law, court order, or government request, or if we believe disclosure is necessary to:

  • Comply with legal process
  • Protect our rights or property
  • Prevent fraud or security threats
  • Protect the safety of users or the public

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have.

6.5 What We Never Do

  • We never sell your personal data to third parties
  • We never share your email content for advertising purposes
  • We never allow third parties to access your emails for their own purposes

7. International Data Transfers

Your data is primarily stored and processed in the United Kingdom and European Economic Area. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK ICO
  • Adequacy decisions by the UK government
  • Other lawful transfer mechanisms

8. Data Security

We implement robust security measures to protect your data:

  • Encryption: All data in transit is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256
  • Authentication: Secure password hashing, optional two-factor authentication
  • Access Controls: Strict access controls and audit logging
  • OAuth Security: We use industry-standard OAuth 2.0 for third-party account connections and never store your external account passwords
  • Regular Security Reviews: Ongoing security monitoring and vulnerability assessments

While we take extensive measures to protect your data, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

9. Data Retention

  • Account Data: Retained while your account is active and for up to 30 days after deletion request
  • SONIQ Mailbox Emails: Retained until you delete them or close your account
  • External Account Data: Cached temporarily for performance; not permanently stored
  • Usage Logs: Retained for up to 12 months for security and analytical purposes
  • Payment Records: Retained for 7 years as required by UK tax law
  • Support Communications: Retained for up to 3 years after resolution

When data is no longer needed, it is securely deleted or anonymised.

10. Cookies and Tracking Technologies

10.1 Essential Cookies

Required for the service to function (authentication, security, preferences). These cannot be disabled.

10.2 Analytics Cookies

Help us understand how you use our service. You can opt out of these via your browser settings or our cookie preferences.

10.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent the service from functioning properly.

11. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that significantly affect you
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise your rights, contact us at privacy@soniqmail.co.uk. We will respond within one month as required by law.

12. Children's Privacy

SONIQ Mail is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.

For users aged 13-17, parental consent may be required depending on jurisdiction.

13. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read their privacy policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last updated" date
  • Sending you an email notification for significant changes
  • Displaying a notice within the application

Continued use of the service after changes constitutes acceptance of the updated policy.

15. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Phone: 0303 123 1113

16. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us:

We Are One 1 Limited
Trading as SONIQ Mail
20 Wenlock Road
London, N1 7GU
United Kingdom

Email: privacy@soniqmail.co.uk
General Enquiries: hello@soniqmail.co.uk