We don’t sell
your data.

Sonar does not sell or share your personal information for monetary or other valuable consideration, and we never have. There is nothing to opt out of with respect to sale or sharing.

You can still exercise your other CCPA rights (access, deletion, correction, limit-use-of-sensitive-info) at /me or by emailing privacy@sonarwork.com.

Under California Civil Code §1798.140, “sell” means to disclose personal information to a third party for monetary or other valuable consideration. “Share” refers specifically to disclosure for cross-context behavioral advertising.

We don’t do either. Sonar is a B2B SaaS product paid for by the customer organization that subscribes; we have no ad business and no data-monetization business.

We share personal information with the four subprocessors listed at /trust (Anthropic, Resend, Stripe, PostHog, Slack/GitHub/Google, Vercel; plus Deepgram and Cloudflare R2 when an organization opts into the meeting bot) for the sole purpose of operating the Sonar service on your organization’s behalf. These are service providers under §1798.140(ag) — they handle the data only to perform the contracted service, are contractually prohibited from using it for their own purposes, and operate under written agreements that meet CCPA service-provider requirements.

Integrations you connect (such as Slack, GitHub, or Google Calendar) are data sources — Sonar reads from them, nothing is sent back. They are not subprocessors and not covered by this notice.

Service-provider transfers are excluded from the CCPA definition of “sale”. They are not opt-outable because they are necessary for the service to function.

California residents have the right to:

• Know what personal information we have collected about you in the last 12 months — request via /me’s data export.
• Delete personal information — request via /me. 30-day grace period; cancellable.
• Correct inaccurate information — your profile is editable; signal-level disputes go through /me/disputes.
• Limit use of sensitive personal information — Sonar collects no “sensitive personal information” as defined by §1798.140(ae) (no SSN, no precise geolocation, no biometrics, no health data, no race/ethnicity/religion). Nothing to limit.
• Non-discrimination — we will never deny service, charge differently, or provide a different level of quality based on your exercising any of these rights.

You may use an authorized agent to submit a request on your behalf. We will require the agent to provide written authorization signed by you and may verify your identity directly. Email privacy@sonarwork.com to start.

To prevent unauthorized access, we will verify your identity before fulfilling deletion or access requests. For users with an active Sonar account, signing in via the standard auth flow is sufficient. For users without an active account, we may require additional verification (e.g. confirmation of an email address that matches data we hold).

California-specific privacy questions, requests, or complaints: privacy@sonarwork.com. We will acknowledge within 10 business days and substantively respond within 45 days as required by CCPA.