GDPR Compliance
Your privacy matters to us. Learn how Sonetz collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR).
Introduction to GDPR and Our Commitment
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives EU individuals control over their personal data. At Sonetz, we're committed to protecting your privacy and ensuring full compliance with GDPR requirements.
As a provider of AI-powered business automation tools for small and medium-sized businesses, we process personal data responsibly and transparently. This page explains how we handle your data, your rights, and how to exercise them.
What Data We Collect
We collect and process the following types of personal data:
Account Information
- Name and contact details (email address, phone number)
- Company information and job title
- Account credentials and authentication data
- Billing and payment information
Usage Data
- Chat conversations and interaction history
- AI agent configurations and automation workflows
- Analytics data (page views, feature usage, performance metrics)
- Device and browser information
Integration Data
- Data from connected third-party services (HubSpot, Google, WhatsApp)
- Customer and lead information processed through our AI agents
- Marketing and sales automation data
Purpose of Data Processing
We process your personal data for the following purposes:
- Service Provision: To provide and maintain our AI automation platform
- Account Management: To create and manage your user account
- Customer Support: To respond to inquiries and provide technical assistance
- AI Training: To improve our AI agents and automation capabilities
- Analytics: To understand usage patterns and improve our services
- Security: To protect against fraud, abuse, and security threats
- Legal Compliance: To comply with applicable laws and regulations
- Marketing: To send relevant updates and promotional content (with consent)
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our services under our Terms of Service
- Legitimate Interest: For analytics, security, and service improvement purposes
- Consent: For marketing communications and non-essential features
- Legal Obligation: To comply with applicable laws and regulations
Data Storage and Third-Party Processors
Your data is stored securely using industry-standard practices:
Data Storage
- Data is stored in secure cloud infrastructure with encryption at rest and in transit
- EU data is stored within the EU or in countries with adequate data protection
- We maintain data backups for business continuity and disaster recovery
Third-Party Processors
We work with carefully vetted third-party processors, including:
- Cloud Infrastructure: AWS, Google Cloud (with appropriate data processing agreements)
- Payment Processing: Stripe (for secure payment handling)
- Analytics: Google Analytics (with privacy controls enabled)
- Customer Support: Intercom (for chat and support ticketing)
Your Rights Under GDPR
As an EU data subject, you have the following rights:
Right of Access
Request copies of your personal data and information about how we process it.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data under certain circumstances.
Right to Restrict Processing
Request limitation of how we process your personal data.
Right to Data Portability
Request transfer of your data to another service provider in a machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
Data Security Measures
We implement comprehensive security measures to protect your personal data:
- Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
- Access Controls: Role-based access with multi-factor authentication
- Network Security: Firewalls, intrusion detection, and monitoring systems
- Regular Audits: Security assessments and vulnerability testing
- Staff Training: Regular privacy and security training for all employees
- Incident Response: Procedures for detecting and responding to data breaches
Data Breach Notification: In the unlikely event of a data breach affecting your personal data, we will notify you and relevant authorities within 72 hours as required by GDPR.
Cookie Usage
We use cookies and similar technologies to enhance your experience on our platform. These include:
- Essential Cookies: Required for basic platform functionality
- Analytics Cookies: To understand how you use our services
- Preference Cookies: To remember your settings and preferences
For detailed information about our cookie usage, please see our Cookie Policy.
Contact Us
For any questions about this GDPR policy or to exercise your rights, please contact us:
Data Protection Officer
Email: privacy@sonetz.com
Subject: GDPR Request
General Contact
Sonetz
Email: support@sonetz.com
Response time: Within 30 days
Supervisory Authority: If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority.
Policy Updates
We may update this GDPR policy periodically to reflect changes in our practices or applicable law. When we make significant changes, we will:
- Notify you via email if you have an account with us
- Post a notice on our website
- Update the "Last Updated" date below
Last Updated: July 11, 2025