Security at Sonny
How we protect your data and your customers' data.
Your data, your control
You decide what we store and for how long.
Secure infrastructure
Hosted on AWS with encrypted storage, network isolation, and continuous monitoring.
Data minimization
We only collect what's needed to run the service. No tracking pixels, no data sales.
Data retention controls
Export or delete your conversations and account data at any time. Your data, your call.
Encrypted everywhere
Your data is encrypted both in transit and at rest using industry-standard protocols.
Encryption in transit
All data transmitted between your browser and our servers is protected with TLS 1.3 encryption.
Encryption at rest
Stored data is encrypted at rest using AES-256 encryption. Database backups are also encrypted.
Secure authentication
Passwords are hashed with bcrypt. Sessions are managed with secure, HTTP-only cookies.
Security best practices
How we guard against common attack vectors.
Input validation
All user input is validated server-side with strict schemas to prevent injection attacks and malicious data.
XSS prevention
All chat messages and email content are sanitized before rendering to prevent cross-site scripting attacks.
File upload safety
File uploads are validated for type and size (max 25MB). Files are stored securely on encrypted S3 infrastructure.
Webhook verification
All incoming webhooks (Stripe, AWS SES/SNS) are verified using cryptographic signatures before processing.
Multi-tenant isolation
Workspaces are fully isolated at the database level. Every query enforces tenant boundaries for complete separation.
Regular updates
Dependencies are kept up to date and audited with automated tooling. We accept vulnerability reports via email.
Have security questions?
If you have specific security requirements or questions, email us at support@usesonny.com
Start free trial