GDPR Compliance

Your privacy matters to us. Learn how Sonetz collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR).

Introduction to GDPR and Our Commitment

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives EU individuals control over their personal data. At Sonetz, we're committed to protecting your privacy and ensuring full compliance with GDPR requirements.

As a provider of AI-powered business automation tools for small and medium-sized businesses, we process personal data responsibly and transparently. This page explains how we handle your data, your rights, and how to exercise them.

What Data We Collect

We collect and process the following types of personal data:

Account Information

  • Name and contact details (email address, phone number)
  • Company information and job title
  • Account credentials and authentication data
  • Billing and payment information

Usage Data

  • Chat conversations and interaction history
  • AI agent configurations and automation workflows
  • Analytics data (page views, feature usage, performance metrics)
  • Device and browser information

Integration Data

  • Data from connected third-party services (HubSpot, Google, WhatsApp)
  • Customer and lead information processed through our AI agents
  • Marketing and sales automation data

Purpose of Data Processing

We process your personal data for the following purposes:

  • Service Provision: To provide and maintain our AI automation platform
  • Account Management: To create and manage your user account
  • Customer Support: To respond to inquiries and provide technical assistance
  • AI Training: To improve our AI agents and automation capabilities
  • Analytics: To understand usage patterns and improve our services
  • Security: To protect against fraud, abuse, and security threats
  • Legal Compliance: To comply with applicable laws and regulations
  • Marketing: To send relevant updates and promotional content (with consent)

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services under our Terms of Service
  • Legitimate Interest: For analytics, security, and service improvement purposes
  • Consent: For marketing communications and non-essential features
  • Legal Obligation: To comply with applicable laws and regulations

Data Storage and Third-Party Processors

Your data is stored securely using industry-standard practices:

Data Storage

  • Data is stored in secure cloud infrastructure with encryption at rest and in transit
  • EU data is stored within the EU or in countries with adequate data protection
  • We maintain data backups for business continuity and disaster recovery

Third-Party Processors

We work with carefully vetted third-party processors, including:

  • Cloud Infrastructure: AWS, Google Cloud (with appropriate data processing agreements)
  • Payment Processing: Stripe (for secure payment handling)
  • Analytics: Google Analytics (with privacy controls enabled)
  • Customer Support: Intercom (for chat and support ticketing)

Your Rights Under GDPR

As an EU data subject, you have the following rights:

Right of Access

Request copies of your personal data and information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data under certain circumstances.

Right to Restrict Processing

Request limitation of how we process your personal data.

Right to Data Portability

Request transfer of your data to another service provider in a machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Data Security Measures

We implement comprehensive security measures to protect your personal data:

  • Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and monitoring systems
  • Regular Audits: Security assessments and vulnerability testing
  • Staff Training: Regular privacy and security training for all employees
  • Incident Response: Procedures for detecting and responding to data breaches

Data Breach Notification: In the unlikely event of a data breach affecting your personal data, we will notify you and relevant authorities within 72 hours as required by GDPR.

Cookie Usage

We use cookies and similar technologies to enhance your experience on our platform. These include:

  • Essential Cookies: Required for basic platform functionality
  • Analytics Cookies: To understand how you use our services
  • Preference Cookies: To remember your settings and preferences

For detailed information about our cookie usage, please see our Cookie Policy.

Contact Us

For any questions about this GDPR policy or to exercise your rights, please contact us:

Data Protection Officer

Email: privacy@sonetz.com
Subject: GDPR Request

General Contact

Sonetz
Email: support@sonetz.com
Response time: Within 30 days

Supervisory Authority: If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

Policy Updates

We may update this GDPR policy periodically to reflect changes in our practices or applicable law. When we make significant changes, we will:

  • Notify you via email if you have an account with us
  • Post a notice on our website
  • Update the "Last Updated" date below

Last Updated: July 11, 2025