What we collect.
Why. Your rights.

Sonar (“Sonar”, “we”, “us”) operates the Sonar workplace observability platform that helps managers see where their teams need attention. The data controller for customer-workspace data is the customer organization that installed Sonar; Sonar acts as data processor on the customer’s behalf.

Contact for privacy questions: privacy@sonarwork.com

Sonar collects collaboration metadata from the integrations your workspace connects. The examples below cover the most common ones — new integrations follow the same rule: metadata in, message text never. Specifically:

• Slack (and similar messaging tools): message timestamps, channel ids (hashed), reaction events, message length and presence of thread/question marks. Never message text or attachments.
• Google Calendar (and similar calendar tools): meeting count, duration, attendee emails. Never event titles, descriptions, or attachments by default.
• GitHub (and similar code platforms): pull-request open / merge / review events, file-count + line-count totals, CI workflow status. Never diff contents, commit messages, or issue body.
• Meeting bot (opt-in only): when an admin enables it and a meeting host invites the Sonar bot, the audio is sent to Deepgram for transcription and the transcript + meeting title is sent to Anthropic Claude for the meeting summary. Off by default; never silent.

We also collect account profile data (your name, email, role within the workspace, OAuth tokens for the connected services) and product analytics (page views, feature usage, click events) to improve the product.

The legal basis under GDPR is legitimate interest (helping managers run their teams effectively) for collaboration metadata, and consent for product analytics. You can withdraw consent for analytics at any time without affecting the core service.

• Generate signals + briefs: the metadata is transformed by signal evaluators (deterministic code) and an LLM (Anthropic Claude) into a brief that lands in the manager’s inbox each weekday morning (configurable per workspace).
• Detect bias: we monitor signal precision per cohort (role, tenure) to ensure no group is systematically mis-served.
• Improve the product: aggregate (non-identifying) metrics inform our roadmap.

We do not sell your data, do not use it for advertising, and do not share it with third parties beyond the subprocessors listed at /trust.

We use the following infrastructure providers to operate Sonar: Anthropic (LLM), Resend (email), Stripe (billing), PostHog (analytics), Vercel (hosting), and the data sources you connect (Slack, GitHub, Google). When you opt into the meeting bot we additionally use Deepgram (speech-to-text) and Cloudflare R2 (encrypted audio storage). The full list, including each provider’s purpose and data location, is at /trust.

Integrations you connect — Slack, GitHub, Google Calendar, and any others — are data sources. Sonar reads from them; nothing is sent back. They are not subprocessors. We notify customers 30 days before any subprocessor is added or changed.

Default retention windows (configurable per workspace):

• Activity events (raw metadata): 90 days
• Signal events: 365 days (cleared/dormant signals); surfaced + rated signals retained as audit trail
• Meeting transcripts (when meeting bot is enabled): 90 days
• Briefs: indefinite (the manager’s historical record)

On account deletion (see Section 7), we hard-delete all of your data within 30 days of the request, preceded by a 30-day grace period during which you can cancel.

Sonar’s primary infrastructure is hosted in the United States. If you are accessing Sonar from the EEA or UK, your personal data will be transferred to the US under the EU-US Data Privacy Framework. Our four subprocessors (Anthropic, Resend, Stripe, and PostHog) are all either certified under the framework or rely on Standard Contractual Clauses. A Data Processing Agreement is available on request.

Whether under GDPR, CCPA, or similar laws, you have the right to:

• Access the data we hold about you — at /me you can see everything in real time.
• Export your data in a portable JSON/CSV format — request from /me; delivered within 72 hours.
• Correct inaccurate data — your profile fields are editable; signal-level disputes go through /me/disputes.
• Delete your data — at /me you can request hard deletion. 30-day grace; cancellable.
• Pause processing — temporarily stop new data collection without deletion.
• Object to processing — opt out per source (Slack, GitHub, or Calendar) without affecting the others.
• Lodge a complaint with your data protection authority — for EU residents, contact your country’s supervisory authority.

For California residents specifically: see our Do Not Sell or Share page. Sonar does not sell personal information.

We encrypt data in transit (TLS 1.3) and at rest. Sensitive fields and OAuth tokens are sealed with AES-256-GCM at the application layer. Access is restricted to authenticated employees with role-based permissions; every admin action is logged in an append-only audit trail with chained hashes. An internal red-team operates today; the first external penetration test is scheduled for Q3 2026 alongside our SOC 2 Type I audit. Full security practices at /trust.

Sonar is a workplace tool intended for use by adults aged 18 and older. We do not knowingly collect data about anyone under 16. If we learn we have collected such data, we will delete it.

We will notify customers 30 days before any material change to this policy via email and an in-app banner. The full version history lives in our public git repository.

Privacy questions, data-subject requests, or complaints: privacy@sonarwork.com. For EU residents we will respond within 30 days as required by GDPR Art. 12(3).