Skip to content
Sound Safari Sound Safari

What happens in Sound Safari stays with you.

Student names, recordings, notes, and progress live on your device and in your own private iCloud — never on our servers. We can’t see them, and we never sell them. Privacy isn’t a setting here. It’s how the app is built.

Encrypted on your device On-device AI No ads, no data sold

The short version

Where your data lives — and where it doesn’t

Read the full details below. Here’s the whole story in three boxes.

On your device

Everything you create — students, sessions, recordings, SOAP notes, IEP goals — is stored and encrypted right here on your iPhone or iPad.

In your private iCloud

Turn on sync and your data travels only to your own Apple iCloud account — encrypted in transit and at rest. It’s your iCloud, not ours.

Never collected or sold

We don’t sell your data, run ads, track your child across apps, or use anything you create to train AI. Not now, not ever.

How it works

Six ways your data stays protected

The same protections, explained in your language.

We can’t see your data — by design

Your child’s information is stored in your own private iCloud, locked to your Apple ID — and Sound Safari has no key to it. When we say we can’t see it, that’s not a promise we’re choosing to keep. It’s something the app simply can’t do.

Clinical records sync through your private CloudKit database, scoped to your Apple ID. Sound Safari operates no server that receives this data and has no administrative access to your iCloud. “We can’t see it” is an architecture statement, not a policy promise.

Locked down on the device

Everything is encrypted on your device. Audio recordings get the strongest protection Apple offers — they’re unreadable when your device is locked, and they’re never copied into your regular backups.

Data is encrypted at rest via iOS Data Protection. The store uses Complete-Until-First-Authentication; audio uses the Complete class and is excluded from device backups. In transit and at rest in iCloud, data is encrypted by Apple’s CloudKit.

Built to forget the right things

Recordings are saved under random codes — never your child’s name. Reports don’t carry your child’s name in their hidden file details. And when you delete a student, it’s gone for good: the encryption keys are destroyed, so it can’t be recovered.

Audio files are UUID-named; generated PDFs carry generic document metadata (no student name in title/author fields); deletion is a cryptographic erase with an on-device disposal receipt. Identifiers are minimized from every artifact that could leave the app.

The smart features run on your device

When Sound Safari helps draft a therapy note, that happens entirely on your device. Nothing about your child is sent off to the cloud to make the AI work.

AI SOAP drafting and on-device generation run on Apple’s Foundation Models, fully on-device. No clinical data, audio, or transcripts ever leave your device to power them.

Funded by you, not by your data

Sound Safari is paid for by subscriptions — not by selling data. There’s no hidden business model here: no ads, no data deals. We have no reason to track your child, and we never will.

Revenue is subscription-based (App Store, via RevenueCat). We run no advertising or behavioral-analytics SDKs. Optional product analytics are de-identified, carry no PHI or identifiers, and can be switched off in one tap.

You’re in control

Export everything or delete everything, anytime, right from Settings. Anything that would ever leave your device is strictly opt-in — and off by default.

Full data export (CSV/PDF) and per-student or complete deletion are available in-app. Every off-device contribution (e.g., anonymous word suggestions) is opt-in and defaults off. You decide what’s stored and what’s shared.

No fine print

What we don’t do

Sell your data — not even anonymized Run ads Track your child across apps Train AI on your students’ data Put names in recordings or homework links Share clinical data with any third party

This is our promise — and it isn’t just policy. Your data never reaches our servers, so there’s nothing for us to sell, hand over, or change our minds about later.

For clinicians & schools

The HIPAA & FERPA question, answered straight

Sound Safari is a clinical practice tool — not a HIPAA-compliant platform — and we don’t offer Business Associate Agreements (BAAs). Here’s the why, not just the what: your students’ data lives on your device and in your own iCloud, never on our servers on your behalf. Under HIPAA, the covered entity is you or your organization — not Sound Safari. Because the app never holds or processes your data for you, it never becomes a business associate, so there’s no BAA to sign.

In a school, that same data may also be part of a student’s education record under FERPA — which is your institution’s responsibility, not something an app can grant. None of this lowers the bar. It’s exactly why we built the protections on this page: on-device and private-iCloud storage, strong encryption, name-minimized records, on-device AI, and one-tap deletion. Treat Sound Safari like any tool on a secured device — keep a passcode on, and we recommend student initials over full names.

No security is ever absolute, and we won’t pretend otherwise. If your district or clinic requires a signed BAA before any student information goes into an app, check with your compliance officer first — we’d rather tell you that up front than bury it in fine print.

Full transparency

Who helps run the app

A few trusted providers run core functions. Each receives only what it needs — never your clinical or student data.

Apple iCloud (CloudKit)

Stores your data in your own iCloud account, if you turn on sync. Governed by Apple’s privacy policy.

Clerk

Sign-in. Receives your account email and name — never any clinical or student data.

RevenueCat

Subscriptions. Receives your App Store purchase history and an app-specific ID. No clinical data.

Sentry

Crash reports. Receives technical diagnostics only; we strip names, identifiers, and screenshots.

We’ll update this list before adding anyone new.

Need to clear it with your district?

Download our security & privacy one-pager. It answers the standard vendor questionnaire — data storage, encryption, sub-processors, COPPA & FERPA posture, and deletion — on a single page your IT or special-education team can sign off on.

Quick answers

Common questions

Can Sound Safari staff read my notes or hear my recordings? +

No. Your notes and recordings live in your private iCloud, which we have no access to. We can’t read them, and neither can anyone else.

Is my data sold or used for advertising? +

Never — not even anonymized. Sound Safari is funded by subscriptions, so we have no reason to.

Is Sound Safari HIPAA compliant? +

No, and we don’t offer a Business Associate Agreement. Your data lives on your device and in your iCloud, not on our servers — so the clinician or their organization, not the app, is the covered entity. See the HIPAA & FERPA section above for the full explanation.

What happens when I delete a student? +

It’s permanently erased — the encryption keys are destroyed, so it can’t be recovered. If sync is on, the deletion applies across all your devices.

Does the AI send my data anywhere? +

No. The AI that helps draft notes runs entirely on your device using Apple’s on-device models. Nothing about your students is sent to the cloud to power it.

I’m a parent — can anyone else see my child’s progress? +

Only you, on your own devices signed into your iCloud. Your child’s data isn’t visible to us or to anyone else.

Found a security issue? Email security@soundsafari.app.

Try Sound Safari free for 14 days

Download on the App Store Tap on iPhone or iPad