Security & Trust Overview

Sondar.Ai is built on a "Security-by-Design" foundation. We utilize enterprise-grade encryption, strict access controls, and data isolation protocols to ensure that your sales and CRM data remains secure, private, and under your control.

1. Infrastructure & Encryption

We host our entire infrastructure in Australia to ensure data sovereignty and performance.

  • Cloud Provider: Amazon Web Services (AWS).
  • Data Residency: All data is stored and processed in the Sydney Region (ap-southeast-2).
  • Encryption at Rest: All data (databases, recordings, logs) is encrypted using AES-256 standards via AWS Key Management Service (KMS).
  • Encryption in Transit: All network traffic is secured via TLS 1.2+.

For specifics, please refer to our Security & Infrastructure Assurance Document.

2. AI Safety & Data Privacy

We understand the risks associated with Artificial Intelligence. Sondar.Ai adheres to a strict No Training policy regarding your proprietary data.

  • Data Isolation: Your data is used solely to generate insights (e.g., sentiment analysis, summaries) for your business.
  • No Public Training: We DO NOT use your Customer Intelligence Data (e.g., sales calls, CRM metadata) to train, fine-tune, or improve our AI models for the general public or for other customers.
  • Privacy Policy: Our full privacy commitments can be viewed at: sondar.ai/privacy

See Section 4 of our Privacy Policy for specifics on AI usage.

3. Data Collection & Access Control

We practice the Principle of Least Privilege regarding who and what interacts with our system.

  • Data Collected: Audio recordings of sales/support calls; CRM records and associated metadata.
  • Internal Access: Access to customer data is restricted to authorized Sondar employees strictly on a "Need-to-Know" basis (e.g., for support tickets).
  • Authentication: All internal administrative access is protected by Multi-Factor Authentication (MFA).

For detailed access protocols, please refer to our Data Access Control Policy.

4. Software Development Life Cycle (SDLC)

Our engineering workflow is designed to prevent vulnerabilities from reaching production.

  • "Four-Eyes" Principle: No single engineer can merge code to production. All changes require a Pull Request review and approval from a peer.
  • Automated Testing: We utilize CI/CD pipelines to run automated security and quality checks before deployment.

For our full engineering workflow, please refer to our Change Management & SDLC Policy.

5. Compliance & Security Audits

We are committed to meeting the highest standards of security and privacy.

  • Compliance Status: Active audit window for SOC 2 Type II Roadmap: Q2 2026
  • Third-Party Penetration Testing: Currently undergoing Third-Party Penetration Testing.

6. Security Contact

For security inquiries or to report potential vulnerabilities, please contact data@sondar.ai