Security at Sonny

Your customers trust you with their data. We take that responsibility seriously. Here is how we keep your data safe.

Data Handling

Your data, your control

We handle your data with care and give you full control over it.

Secure infrastructure

All data is hosted on AWS with industry-standard security practices. Our infrastructure is regularly audited and monitored.

Data minimization

We only collect the data necessary to provide the service. No tracking pixels, no selling data, no hidden analytics.

Data retention controls

You control your data. Export or delete your conversations and account data at any time.

Encryption

Your data is encrypted both in transit and at rest using industry-standard protocols.

Encryption in transit

All data transmitted between your browser and our servers is protected with TLS 1.3 encryption.

Encryption at rest

Stored data is encrypted at rest using AES-256 encryption. Database backups are also encrypted.

Secure authentication

Passwords are hashed with bcrypt. We support secure session management and optional two-factor authentication.

Application Security

We follow security best practices throughout the application to protect against common vulnerabilities.

All user input is validated server-side. We use strict schemas to prevent injection attacks and malicious data.

All chat messages and email content are sanitized before rendering to prevent cross-site scripting attacks.

File uploads are validated for type and size (max 25MB). Files are scanned and stored securely in S3.

All incoming webhooks (Stripe, AWS SES/SNS) are verified using cryptographic signatures before processing.

Workspaces are fully isolated at the database level. Every query enforces tenant boundaries to prevent cross-workspace data access.

Dependencies are regularly updated and audited for vulnerabilities. We follow responsible disclosure practices.

We are happy to answer any questions about our security practices. Reach out to us anytime.