SoundHound Privacy Policy for Third-Party Voice Services, Products and Applications

SoundHound, Inc. and its affiliates (“SoundHound,” “we,” “us,” or “our”), are committed to protecting your privacy. It is SoundHound’s mission to empower third-party services, products and applications across the globe with a voice interface and conversational intelligence to give end-users the ability to interact with such services, products and applications using their voice or text interactions.  This is achieved by incorporating SoundHound’s Voice AI  (“Voice Services”) into the third-party services, products and applications (“Voice-Enabled Solutions”). Examples of Voice-Enabled Solutions that SoundHound is empowering include voice-enabled automobiles, voice-enabled IoT products, voice-enabled drive-thru, voice-enabled ordering and voice-enabled smart answering.

For most Voice-Enabled Solutions, SoundHound (“Service Provider”) is the service provider or processor of end-user information. As the processor, SoundHound processes end-user information according to the instructions of the third-party provider (“Third Party Controller”) of the Voice-Enabled Solution. For clarification, the Third Party Controller is the company or merchant from whom you are obtaining the Voice-Enabled Solution. The Third Party Controller could be for example an automotive company, IoT provider, restaurant or other merchant.  For Voice Services, the end-users should refer to (i) the Third Party Controller’s privacy policy and other relevant documentation to understand how the Third Party Controller of any Voice-Enabled Solution manages end-user information, and/or (ii) this policy when the Third Party Controller has adopted or refers to this policy as the privacy policy for their Voice-Enabled Solution.

This policy does not apply to information that a Third Party Controller may collect from you outside of the Voice Services. To understand how a Third Party Controller manages your personal information for their own purposes, please refer to the Third Party Controller’s privacy policy or contact the Third Party Controller directly.

I. Information That May Be Collected

According to the instructions of the Third Party Controller, Service Provider may collect information from or about the end-users or their devices from various sources described below.

If the end-users do not provide their information when requested, the end-users may not be able to use the Voice Services if that information is necessary to provide the end-users with the Voice Services or if the Third Party Controller is legally required to collect it.  Omitting information can also lead to degraded end-user experiences.  Where applicable, Third Party Controller should indicate whether and why the end-users must provide it with their information, as well as the consequences of failing to do so.

Information Provided by End Users of the Voice-Enabled Solution

The information that End-Users provide to the Voice-Enabled Solution depends on the Voice-Enabled Solution that you are using. Contact the Third Party Controller to determine which information is collected.

• Registration Information. If the Voice-Enabled Solution end-users register to use the Voice Services, sign up for notifications or updates on the Services, or participate in surveys, Service Provider may collect their name, email address, postal code, and any other information that the end-users provide.
• Voice and Audio Information. When the end-users ask to perform a search with their voice or an audio recording, or when the end-users use their voice to control or interact with the Voice Services, Service Provider may collect voice or audio interactions.  Service Provider may also share the end-users’ voice or audio interactions with Service Provider’s contractors for quality control purposes. These contractors are under a duty of confidentiality, and, in such cases, Service Provider uses technology to morph the audio. Service Provider also uses major cloud service providers, such as Amazon Web Services, Oracle Cloud Infrastructure, and Microsoft Azure for processing of your voice or audio.
• Text Queries. When the end-users ask to perform a search with their text interactions, or when the end-users use text to control or interact with the Voice Services, Service Provider may collect the text which may contain personal information.
• Phone Number. When the end-users interact with the Voice Services using their phone, Service Provider may collect the phone number.
• Information Maintained on Your Device. When the end-users use the Voice Services, and when the end-users have enabled such collection in their device or App settings, Service Provider  may collect certain information maintained on the end-users device to help Service Provider tailor the Voice Services to the end-user, such as the location of the end user, the contact information in the end-user device’s address book, or calendars stored on the end-user’s device.

Information Derived from End-User Interactions with the Voice Services

The information that is obtained from End-Users depends on the Voice-Enabled Solution you are using. Contact the Third Party Controller to determine which information is collected.

• Usage Information. When the end-users use the Voice Services, Service Provider’s servers may automatically collect information about how the end-users use the Voice Services, such as what the end-users searched for, requested, ordered and/or what the end-users interacted with.
• Device Information. When the end-users use the Voice Services, Service Provider’s servers may automatically collect information about the device and software the end-users use to access the Voice Services, such as the operating system, hardware model, application or browser version, and unique identifiers associated with their device, such as their device’s advertising identifiers. Third Party Controller should only provide Service Provider with pseudonymized or anonymized identifiers.
• Location Information. When the end-users use the Voice Services, and when the end-users have enabled such collection in their device or App settings, Service Provider may collect location information that the end-users’ mobile device or browser provides. Depending on how the end-users access the Voice Services, Service Provider may receive precise geolocation information from GPS, WiFi, or cell tower location, or rough location information.
• Log Information. When the end-users use the Voice Services, Third-Party Controllers may instruct Service Provider’s servers to automatically collect system logs or similar information about the end-users’ interaction with the Voice Services from their browser. This may include information such as IP address, browser language, date and time of access, browser type or the domain from which the end-users are visiting, web-pages they visit, search terms used, features clicked on and cookie information.

II. How Information May Be Used

Service Provider may use information from or about the end-users or their devices for the following purposes:

• To provide and improve the Voice Services and to improve the relevance of information provided to the end-users by the Voice Services, such as by personalizing their user experience.
• To communicate with the end-users and to respond to end-user questions or commands. 
• To facilitate and process orders and payment information.
• To refine and improve Service Provider’s audio recognition capabilities, and to respond to requests, searches, or commands the end-users speak into the Voice Services. 
• To enforce legal rights and to comply with the law.
• To comply with an order from a government entity or other competent authority.
• To prevent or address potential or actual injury or interference with Service Provider’s rights, property, operations, customers or others who may be harmed or may suffer loss or damage.
• To protect Service Provider’s rights, prevent fraud and/or comply with any judicial proceeding, court order, or legal process served on SoundHound.
  • For other purposes above which Service Provider and/or Third Party Controller provides specific notice at the time of the collection of the information.

You should refer to the Third Party Controller’s privacy policy to determine other ways the Third Party Controller may use your information.

III. How Information May Be Shared

Service Provider does not share or otherwise disclose information it collects from or about the end-users, except as instructed by the Third-Party Controller, described below or otherwise disclosed to the end-users at the time of the collection.  Service Provider may share the information it collects from or about the end-users with:

• Third-Party Controller to help it provide or improve their Voice-Enabled Solutions or products.
• Service Provider’s affiliates.
• Third party service providers performing services on Service Provider’s behalf (e.g. Domain Partners requiring end-users’ location to look up local weather info, Site hosting providers and other parties who assist Service Provider in conducting its business, or serving its customers). 
• AI vendors such as OpenAI as a service provider. (In addition to this Policy and our Terms of Service, your use of our AI-enhanced products and services are subject to the AI vendors’ terms of use and privacy policy, such as OpenAI’s Terms of Use, Privacy Policy and Data Processing Addendum. Please refer to these documents for more information about how OpenAI may use your information.)
• Third-party contractors for quality control purposes. These contractors are under a duty of confidentiality and, in such cases, Service Provider uses technology to morph the audio.
• Major cloud service providers, such as Amazon Web Services, Oracle Cloud Infrastructure, and Microsoft Azure for processing of your voice.
• Third parties, such as law enforcement entities, lawyers, professional advisors, or parties involved in a corporate transaction (i) if Service Provider is required to do so by law or in response to legal process, (ii) to enforce Service Provider’s policies, (iii) to protect Service Provider’s or others’ rights, property, or safety or (iv) in the event Service Provider is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy or liquidation where the business will not continue as a going concern, receivership, sale of assets, or transition of Service Provider’s Voice Services to another provider; in any of the above cases, any information Service Provider collected may be sold or transferred as part of such a transaction as permitted by law and/or contract.

IV. Your Rights and Choices

The information that is obtained from End-Users depends on the Voice-Enabled Solution you are using. You should contact the Third Party Controller to determine which information is collected. You may limit some of the information we collect as follows:

• Location Information. You may stop the collection of location information in the Voice-Enabled Solution by managing the settings or turning off location services in your Voice-Enabled Solution (if applicable).
• Contacts. You may enable or disable the sharing of contacts information to improve voice recognition in the Voice-Enabled Solution by managing the Contacts settings on your Voice-Enabled Solution (if applicable). 
• Marketing Communications. Any marketing emails we send you will contain instructions for how to unsubscribe from receiving future marketing communications. Please note, however, that you may still receive administrative announcements, such as service disruptions, via email even if you unsubscribe from marketing communications.

If you choose not to provide us with information we collect, some features of the Voice Services may not work as intended without access to these sorts of information. For example, navigation features in our Apps need access to your location to work properly and responses to voice queries that involve contacts’ information will not work as well without knowing the spelling of your contacts.

In some countries, and in particular if you are located in the EU, you may have the right to:

• Request access to and receive information about the information we maintain about you, to update and correct inaccuracies in your information, to restrict or to object to the processing of your information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your information to another company.
• Withdraw any consent you previously provided to us regarding the processing of your information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
• In addition, you may also have the right to lodge a GDPR complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Those rights may be limited in some circumstances by local law requirements. If you reside in an applicable jurisdiction and would like to exercise your rights in relation to information from or about you, you should contact the Third Party Controller (defined above). You may also contact Service Provider at [email protected] and include identification of the Third Party Controller from whom you received the Voice Solution. We may first need to request additional information from you to confirm your identity. We will respond to any requests as soon as possible and within thirty (30) days of verifying your identity.

In your request, please make clear which information your request relates to and provide your name, address, email address, and telephone number so that we can attempt to find your information and contact you regarding your request. We may also need to verify your identity before implementing your request.

Please note that we may need to retain certain information for recordkeeping or legal compliance purposes and/or to complete any transactions that you began prior to requesting such change or deletion.

We may transfer information from or about you or your devices to countries other than the country where you are located (including the United States), which may not have the same data protection laws as your jurisdiction. For more information regarding our compliance with the Data Privacy Framework to authorize data transfers from the EU, UK, or Switzerland, please refer to the SoundHound’s Data Privacy Framework policy. In addition, where appropriate, we may enter into Standard Contractual Clauses issued by the European Commission with our business partners.

Additional Privacy Rights & Disclosures for Certain U.S. Residents

Several jurisdictions in the United States grant state residents certain rights and disclosures. We provide the following information to further help you understand your potential privacy rights. If you reside in an applicable jurisdiction and would like to exercise your rights in relation to information from or about you, you should contact the Third Party Controller (defined above).  You may also contact Service Provider at [email protected] and include identification of the Third Party Controller from whom you received the Voice Solution.

Request for Information and Deletion. Residents of certain U.S. states have the right to know whether we are processing your personal information, and in some instances, you have the right to request, up to twice in a 12-month period, that we disclose to you the categories listed below for the preceding 12 months. In responding to this right, we may provide to you:

1. The categories of personal information it has collected about that consumer.
2. The categories of sources from which the personal information is collected.
3. The business or commercial purpose for collecting or selling personal information.
4. The categories of third parties with whom the business shares personal information.
5. The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold.
6. The categories of personal information that the business disclosed about the consumer for a business purpose.
7. The specific pieces of personal information it has collected about that consumer.

Request for Correction. Residents of certain U.S. states have the right to request the correction or rectification of inaccurate information in the resident’s personal information.

Request for Portable Data. Residents of certain U.S. states have the right to receive, in certain circumstances, a portable format of their personal information that allows the information to be transmitted to another entity.

Information about Selling/Sharing Personal Information. Service Provider does not sell end-user’s personal information or share end-user’s personal information for targeted advertising as defined by certain state privacy laws.  Refer to section III for information on how Service Provider may share information. 

Limiting the Use of Sensitive Personal Information. Residents of California have the right to direct us to use or disclose sensitive personal information only for providing goods or services, or as otherwise minimally permitted under applicable law. However, we do not use or disclose sensitive personal information for any purpose other than providing our goods and services to Third Party Controllers, or as otherwise minimally permitted under applicable law.

Automated Processing & Profiling. Residents of certain U.S. states have the right to opt out of the processing of personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

Right to Equal Service & Price. Residents of certain U.S. states have the right to receive equal service and price, even if you exercise a privacy right.

Verification Process for Exercising Rights. To protect your privacy, we verify privacy rights requests to ensure that only you (or your authorized agent) can exercise rights pertaining to your personal information. As part of our verification process, we may request you to submit additional information.

If you are an authorized agent wishing to exercise rights on behalf of a state resident, please contact us using the information above and provide us with a copy of the consumer’s written authorization designating you as their agent. We may need to verify your identity and place of residence before completing the rights request.

Appeal Process. If we do not decide to act in response to your request to exercise a right, we will provide a timely response detailing the reasons for not taking action and, depending on your jurisdiction, any rights you may have to appeal our decision.

V. Security and Data Retention

Service Provider maintains an information security program designed to safeguard the systems that collect, process, and store the information it collects from or about the end-users or their devices, including against threats of compromise, theft, or destruction. Unfortunately, no information storage system can be guaranteed to be 100% secure, and Service Provider cannot ensure or warrant against all forms of attack or compromise caused by unintentional errors, omissions, or malicious actors.

Service Provider retains information from or about the end-users or their devices for so long as necessary to fulfill the purposes outlined by the Third-Party Controller. When the information is no longer necessary for these purposes, Service Provider deletes it or anonymizes it to place it in a form that removes all identifiable information about the end-users, unless Service Provider is required by law to keep this information for a longer period. When determining the retention period, Service Provider takes into account various criteria, such as the type of products and services requested by or provided to the end-users, the nature and length of the relationship with the end-users, possible re-enrollment with products or services, the impact on the Voice Services provided to the end-users if information from or about the end-users is deleted, mandatory retention periods provided by law and any applicable statutes of limitations.

VI. Children 13 and Under

The Voice Services are not meant for children under age 13.  For our Voice-Enabled Solutions, Service Provider may collect personal information from individuals under the age of 13 on the behalf of Third Party Controllers.  Parents have a right to review the information collected about their children, and to delete it, and stop its use. To exercise these rights, parents may contact the appropriate Third-Party Controller who will instruct Service Provider. 

VII. Changes to this Policy

We may revise this Privacy Policy from time to time, without prior notice. When we do, we will post the changed policy on this page, and we will revise the Effective Date listed below. At our discretion, we or the Third Party Controller will make reasonable efforts to notify you of material changes, by email to any address you may have provided to us or the Third Party Controller, through a pop-up window on the Voice-Enabled Solution, or other similar mechanism as appropriate under the circumstances. By continuing to use the Voice-Enabled Solution after we post the revised Privacy Policy you signify your acceptance of the revised policy. We encourage you to periodically review this Privacy Policy so you know how we are collecting, using, and sharing your information.