Legal

Security

We treat security as a core feature, not an afterthought. Here's how we protect your data and your customers'.

SOC 2

Type II Certified

GDPR

Compliant

CCPA

Ready

TLS 1.3

Encryption in transit

AES-256

Encryption at rest

How we protect your data

Encryption everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. No exceptions.

Minimal data collection

We only collect what we need to provide enrichment services. No unnecessary data is stored.

Role-based access

Internal access to customer data is strictly controlled and audited. Only authorized engineers can access production data.

Regular audits

We undergo annual SOC 2 Type II audits and regular penetration testing by independent third parties.

Incident response

We have a documented incident response plan. In the event of a breach, we notify affected customers within 72 hours.

Shopify API security

We use the minimum required Shopify API scopes and never store Shopify access tokens beyond their necessity.

Responsible disclosure

Found a vulnerability?

We appreciate the work of security researchers. If you've discovered a potential security issue, please contact us privately so we can address it before public disclosure.

We commit to acknowledging reports within 24 hours and providing a fix timeline within 7 business days for confirmed vulnerabilities.

security@sonarid.co

In scope

sonarid.co and all subdomains
sonarID Shopify app
sonarID REST API

Out of scope

Social engineering attacks
Physical security
Third-party services

Infrastructure & sub-processors

VercelApplication hosting and edge delivery

NeonPostgreSQL database hosting

InngestBackground job processing

AWSCloud infrastructure (via sub-processors)