Terms & Policies

Privacy Policy for the Website
Privacy Policy for the App
GDPR Compliance

Privacy Policy for the Website

Covering traffic to sona.is and subdomains

What we collect

We collect personally identifiable information from our users who choose to submit their contact details through our contact form or choose to subscribe to our newsletters. Along with the information you provide us (your name, name of your organisation, email address and telephone number) we also collect information about the device you are using to view our site: your IP address, the type of device you are on and the web browser you are using.

Why we collect it and how we use it

This information we collect is primarily used to get in contact with you about your enquiry of Sona’s products and services and how we may help you or simply to send you our newsletter. We also use some of the data to better understand the people who visit our site and engage with us and to improve our site and marketing materials.

How your data is shared

The Sona website is built and hosted on Wix. Information received via our contact form is sent for storage purposes to HubSpot and all site usage information is sent for support and analytics purposes to Google Analytics and Amplitude.

We never, under any circumstances sell, rent, or lease your personally identifiable information to others. Unless we have your permission or are required by law, we will only share the personal data you provide internally and with the selected third-party tools outlined above.

How long we hold your data

Sona will hold your data indefinitely, until you ask us to remove it. To have your data removed from Sona we just need to be provided with a request in writing and we will process that request within 28 days.

Cookies

Sona uses cookies to allow us to identify visitors and users and to personalise their experience site. Cookies recognise you by storing an anonymous identifier that we use to continue your session within our application. We also use cookies to compile data about how users arrived at our application (e.g. from search engines, adverts etc.) to improve our application and marketing materials and activity.

We use both persistent and session cookies. Persistent cookies remain on your computer after you end your browsing session, until either you or our application deletes them. Session cookies expire and are removed when you close your browser.

Personalised advertising

Third party vendors, including Google, use cookies to serve ads based on your visits to our website and others. Google's use of advertising cookies enables it and its partners to serve ads to you based on your visit to our sites and/or other sites on the Internet. You may opt out of personalised advertising by visiting the Ads Settings Google page

Children’s privacy

The Sona website’s contact form is not permitted for use by anyone under the age of 13. Sona does not knowingly collect any personal identifiable information from anyone under the age of 13

Your rights

You have the right to access all the data Sona holds on your behalf. If at any point you would like to know what personal information we hold on you, to receive a copy of it, or to have your personal information removed from our systems please email privacy@sona.is with details of the request and we will process your request within 28 days. The data will be provided in a standard CSV format

Use of Sona content

Screenshots of this website, quotes taken from our text content, and any references to our brand, domain, or web pages must include a search-engine-followable HTML link.

Changes to our Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We recommend that you review it periodically. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

Continued use of the Sona website is considered acceptance of the terms of the latest version of this Privacy Policy.

Questions

If you have any questions or concerns at all about our Privacy Policy, please feel free to get in touch via email to privacy@getsona.com.

Privacy Policy for the App

Covering traffic to api.sona.is

What we collect

The types of data we collect on api.sona.is are split into three categories:

1. Sona Data

Most data in the Sona app is uploaded directly by the businesses which use Sona and Sona is a data processor for this data (see customer data). In addition to this customer provided data, we may collect:

  • IP Address (of last time you logged in)
  • Filter preferences
  • Any updates to your home address for search purposes

2. Usage Data

Data our customers create as part of their usage of Sona. The data is associated with an encrypted user ID and organisation, so the organisation can be identified but not the specific user. The type and volume can vary by organisation, location and third party in question, however in general we record all data entered into the application at any time, including:

  • Any text input
  • Any clicks, drags, touches or swipes on your devices input
  • App opens, crashes, and error reports

3. Customer Data

Data our customers input and provide as part of their usage of Sona. The type and volume can vary by organisation and location, however in general we record all data entered into the application at any time, including:

  • Name
  • Email Address
  • Password (this is one-way encrypted with no feasible way of decrypting)
  • Address
  • Skill tags
  • Work locations
  • Messages sent and received via the app

Why we collect it and how we use it

Sona Data is collected primarily for the purposes of providing you with access to Sona and to customise the Sona experience for each user (based on their information and preferences). We use Sona Data and Usage Data to provide personalised support and to improve our application by analyzing the data in third-party tools.

Customer Data is collected for the business purposes of each customer. We provide a set of tools to allow our customers to collect information as they require and we store and process it in line with agreed business needs. We also use Customer Data to provide personalised support, and to improve our application by analyzing behaviours using third-party tools.

How your data is shared

The Sona application is hosted on GCP in their London region, which means all data is stored on GCP in their europe-west2 region in London, United Kingdom.

Data gathered in our application is sent for analytics and support purposes to Hubspot, Google Analytics, Sentry, Amplitude and CleverTap.

A number of other third-party tools are used to provide additional functionality within the Sona application:

  • Feedback forms are powered by Typeform; any data submitted on Typeform is stored by them and sent to us.
  • Notifications including emails and pushes are sent using Clevertap.
  • Dashboarding is provided by Holistics
  • Push notifications for Android uses are provided by Firebase Cloud Messaging (FCM)

We never, under any circumstances sell, rent or lease your personally identifiable information to others. Unless we have your permission or are required by law, we will not share your personal information with the exception of the selected third-party tools outlined above, and always in a secure manner.

How long we hold your data

Sona will hold your data indefinitely, until you ask us to remove it, or you terminate your agreement with us.

To have your data removed from Sona you just need to provide us with a request in writing and we will process that request within 28 days.

In the event of termination, or if Sona needs to permanently delete customer data, we will give you 28 days written notice, and provide all of your data in CSV format at no charge before deleting it, should you want it. We reserve the right to charge an appropriate fee for provision in any other format.

Cookies

Sona uses cookies to allow us to identify visitors and users and to personalise their experience of our application. Cookies recognise you by storing an anonymous identifier that we use to continue your session within our application. We also use cookies to compile data about how users arrived at our application (e.g. from search engines, adverts etc.) to improve our application and marketing activity.

We use both persistent and session cookies. Persistent cookies remain on your computer after you end your browsing session, until either you or our application deletes them. Session cookies expire and are removed when you close your browser.

Children’s Privacy

The Sona application is not permitted for use by anyone under the age of 13. Sona does not knowingly collect any personally identifiable information from anyone under the age of 13.

Your Rights

You have the right to access all the data Sona holds on your behalf. If at any point you would like to know what personal information we hold on you, to receive a copy of it, or to have your personal information removed from our systems please email privacy@sona.is with details of the request and we will process your request within 28 days. The data will be provided in a standard CSV format.

Changes to our Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We recommend that you review it periodically. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

Continued use of the application is considered acceptance of the terms of the latest version of this Privacy Policy.

Questions

If you have any questions or concerns at all about our Privacy Policy, please feel free to get in touch via email to privacy@getsona.com.

GDPR Compliance

A summary of the GDPR and what that means for Sona and you

What is GDPR?

The General Data Protection Regulation (GDPR) is a European regulation coming into effect on May 25, 2018. It's designed to improve the privacy and security around personal data for everyone in the European Union, and gives EU citizens new and improved rights to access and control their data.

GDPR at Sona

GDPR is about giving everyone greater control over their personal data online, enhanced transparency about how companies use and share that data, and ensuring companies keep that data secure. At Sona, we think this is a good thing wherever you're from! We made GDPR a priority a while back, and treat all personal data with privacy and security regardless of where your business is based. For every new feature, we proactively apply the Data Protection by Design principles. This article is set out to reassure everyone that we're prepared.

Our Privacy Policies should cover everything you need to know for GDPR purposes. They can be found here:

Website (www.sona.is)

App (app.sona.is)

We've also pulled out answers to some frequent GDPR questions below. If you have any other questions or concerns at all about our GDPR at Sona, please feel free to get in touch via email to privacy@sona.is.

GDPR FAQs

Where is my data stored?

The Sona application is hosted on GCP in their London region, which means all data is stored on GCP in their europe-west2 region in London, United Kingdom

How is my data shared?

Data gathered in our application is sent for analytics and support purposes to Hubspot, Google Analytics, Sentry, Amplitude and CleverTap.

A number of other third-party tools are used to provide additional functionality within the Sona application:

  • Feedback forms are powered by Typeform; any data submitted on Typeform is stored by them and sent to us.
  • Notifications including emails and pushes are sent using Clevertap.
  • Dashboarding is provided by Holistics
  • Push notifications for Android uses are provided by Firebase Cloud Messaging (FCM

We never, under any circumstances sell, rent or lease your personally identifiable information to others. Unless we have your permission or are required by law, we will not share your personal information with the exception of the selected third-party tools outlined above, and always in a secure manner.

What does this mean for me?

If you’re a company, this means transparency and visibility of how Sona processes any personal data collected as your employees use our application.

If you’re an individual, you don't need to do anything - this just means your data is safer than ever. You have the right to access all the data Sona holds on your behalf. If at any point you would like to know what personal information we hold on you, to receive a copy of it, or to have your personal information removed from our systems please email privacy@getsona.com with details of the request and we will process your request within 28 days. The data will be provided in a standard CSV format.