Privacy Policy
Last updated: January 2026
1. Introduction
Mental Audio AS ("we", "us", or "our") operates Surraura, an audio processing application for macOS. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Application and website. We are committed to protecting your privacy and handling your data responsibly.
2. Audio Data - What We Do NOT Collect
Your Audio Stays Private
Surraura processes all audio locally on your device. We never transmit, store, or have access to the audio content you listen to or process through the Application. Your music, podcasts, conversations, and any other audio remain completely private.
The Application does not:
- Record or store your audio
- Transmit audio content to any server
- Analyze audio content for advertising or profiling
- Access files on your computer beyond application resources
3. Information We Collect
3.1 Account Information
When you create an account, we collect:
- Email address (required for account creation and communication)
- Name (optional, for personalization)
- Password (stored securely using industry-standard hashing)
3.2 Payment Information
Payment processing is handled by Paddle.com, our merchant of record. We do not directly collect or store your credit card numbers or bank account details. Paddle may share with us:
- Transaction IDs and subscription status
- Billing country (for tax purposes)
- Last four digits of your payment method (for your reference)
Please review Paddle's Privacy Policy for details on how they handle payment data.
3.3 Device Information
For licensing and technical support purposes, we may collect:
- Device identifier (anonymized hardware ID for license activation)
- macOS version (to ensure compatibility)
- Application version
3.4 Usage Telemetry (Opt-In, Off by Default)
Telemetry is off unless you turn it on in the Application settings, and you can turn it off again at any time. When enabled, the Application sends daily event counters tied to a random install identifier — a UUID generated on your device that is never connected to your account, your email, or your IP address (we do not store IP addresses with telemetry). Counters are kept for 90 days, with one-day granularity.
Telemetry observes the application, never your audio. This is the complete list of events the Application can report — our server rejects anything else:
app_installed— first launch of a new installationdriver_installed— the audio driver finished installingrouting_configured— audio routing was set upfirst_audio— the Application processed audio for the first timesession— the Application was launchedenvironment_session— an environment was used (environment name and a duration bucket)settings_touched— settings were adjusted (not which ones, or to what)engine_restart— the audio engine restartedrouting_lost— audio routing was interrupteddriver_version_mismatch— the installed driver version did not match the Applicationunderrun— an audio buffer underrun occurred
Separately and with the same consent, the Application can send anonymous crash diagnostics (Apple MetricKit reports, which contain no personal data and no audio).
4. How We Use Your Information
We use the information we collect to:
- Provide and maintain the Application
- Process your subscription and payments
- Send transactional emails (receipts, subscription updates)
- Provide customer support
- Improve the Application based on usage patterns
- Detect and prevent fraud or abuse
- Comply with legal obligations
5. Data Sharing and Third Parties
We do not sell your personal information. We may share data with:
- Paddle.com: Payment processing and subscription management
- Analytics providers: Anonymous usage data (with your consent)
- Legal authorities: When required by law or to protect our rights
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit (TLS/SSL)
- Secure password hashing
- Regular security audits
- Limited employee access to personal data
However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
7. Your Rights (GDPR)
As a Norwegian company, we comply with the General Data Protection Regulation (GDPR). You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing of your personal data
- Restriction: Request limited processing of your data
- Withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at privacy@surraura.com.
8. Data Retention
We retain your personal data only for as long as necessary to provide our services and fulfill the purposes described in this policy. Account data is retained while your account is active and for a reasonable period afterward for legal and business purposes. You may request deletion of your account and associated data at any time.
9. Cookies and Website Tracking
Our website uses essential cookies for authentication and session management. We may use analytics cookies (with your consent) to understand how visitors interact with our website. You can control cookie preferences through your browser settings.
10. Children's Privacy
Our Application and services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
12. Contact Us
For questions about this Privacy Policy or our data practices, please contact us:
Mental Audio AS
Data Protection Officer
Email: privacy@surraura.com

