SonderingSondering

Privacy

Sondering is a small AI-led interview tool. This page says, plainly, what we collect, who sees it, and how to make it go away.

Who we are

Sondering is operated by Mithras R&D AS, a Norwegian company. We're the data controller under the EU General Data Protection Regulation (GDPR) for everything described on this page.

Contact for privacy questions and data-subject requests: contact@sondering.fyi.

Two roles, two sets of data

Sondering has two kinds of people using it, and we treat their data differently.

  • Hosts design an interview by chatting with our AI, then share a link.
  • Respondents open that link and answer the questions in a short AI-led chat.

Hosts have a private admin link tied to the interview they created. Respondents have no account, no login, and are anonymous to the host by design — we don't collect names, emails, IP-derived identifiers, or fingerprints from them.

What we collect from hosts

  • The messages exchanged with the design AI while drafting the interview.
  • The finalised plan: title, objective, audience, questions, tone, estimated length, and — if you choose to add them — your name, role, organisation, reply-to email, and a short personal note. These are shown to your respondents on the invitation.
  • Your language preference, stored in a single cookie (sondering_locale).
  • Server-side request metadata (timestamps, response IDs, the admin token URL you hold).

If you use our outbound email features, we also store the email addresses you enter for self-copy and for invitations, just long enough to deliver the message.

What we collect from respondents

  • The chat messages you write while answering.
  • The HTTP Referer header at the moment you open the share link. We use it only to give the host a "where they came from" breakdown — bucketed as direct link, email, social/chat, or other. We don't store browsing history.
  • Your language preference (the same sondering_locale cookie).

We don't ask for and don't store your name, email, IP address, or anything else that would identify you to the host.

What we don't collect

No user accounts. No tracking cookies. No advertising pixels. No third-party analytics scripts that follow you around the web.

How we use it

  • To run the interview: show your AI partner the conversation so far so it can ask the next question.
  • To show the host their own plan, their own respondents' answers, and AI-generated summaries and themes drawn only from those responses.
  • To count anonymous events (how many interviews are started, how many responses are completed) so we can understand whether Sondering is working.

We do not sell your data, share it with advertisers, or use it to build profiles about you.

Who else processes your data (sub-processors)

To run Sondering we use a small number of carefully chosen vendors:

  • OpenRouter (United States) — routes our calls to the language model. Inputs and outputs pass through their service in transit.
  • Anthropic (United States) — runs the Claude model that generates the AI's side of every chat. Per Anthropic's commercial terms, customer inputs and outputs are not used to train their models.
  • Resend (United States / European Union) — sends the admin self-copy email and any invitations you dispatch from Sondering. Recipient email addresses and message contents pass through Resend in order to be delivered.
  • Plausible (self-hosted by us`) — page analytics. Cookie-free, no personal data, no cross-site tracking.

International transfers

OpenRouter, Anthropic, and parts of Resend involve processing in the United States. Where applicable we rely on the EU‑US Data Privacy Framework; where it isn't, we rely on Standard Contractual Clauses.

How long we keep it

Honest answer: we currently keep interview plans and responses indefinitely, unless you ask us to delete them. Hosts can manually disable an interview at any time, and interviews may carry an expiry — but disabling and expiry stop new responses arriving; they don't erase existing rows.

If you want your data deleted, email contact@sondering.fyi:

  • Hosts: include your admin link so we can find your interview.
  • Respondents: include the share link of the interview you took, and roughly when you answered.

We'll confirm deletion in writing and follow up with the host where appropriate.

Cookies

One cookie: sondering_locale. It holds your language choice (English or Norwegian) so the site comes back in the right language next time. That's it.

Your rights under GDPR

You have the right to:

  • access the personal data we hold about you,
  • ask us to correct it if it's wrong,
  • ask us to delete it,
  • receive a copy in a portable format,
  • restrict or object to certain processing,
  • and to complain to Datatilsynet (the Norwegian Data Protection Authority) if you think we've handled your data badly.

To exercise any of these rights, email contact@sondering.fyi. We'll respond within 30 days.

Children

Sondering is for people aged 16 and over. We don't knowingly collect data from anyone younger. If you believe a child has used Sondering, please tell us.

Security

We use TLS for everything in transit. Your share link and admin link are URL-secrets: anyone who has the admin link can read every response on that interview. Treat the admin link like a password — don't paste it into public places, and don't share it with people you don't trust.

Beta

Sondering is in early beta. The service, the underlying model, and the list of sub-processors can change. We'll update this page when they do, and we'll announce material changes.

Changes to this page

Material changes will be flagged at the top of the page and announced on the site. The "last updated" date below changes any time we edit this document.

Last updated: 16 May 2026.