Privacy Policy
Our commitment to protecting your privacy and securing your personal data.
Table of Contents
Policy Tools
Need Help?
If you have questions about our privacy practices, please contact our Privacy Team.
Introduction
Last updated: Thu, 01 May 2025 00:00:00 GMT
At Sonic ("we", "our", or "us"), we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our services, website, and applications (collectively, the "Services").
We've designed this policy to be clear, transparent, and easy to understand. We encourage you to read it carefully to understand our practices regarding your personal data and how we will treat it.
By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, you may choose not to use our Services.
Important Notice
This privacy policy is effective as of Thu, 15 May 2025 00:00:00 GMT and applies to all information collected through our Services. Any changes to this privacy policy will be posted on this page, with an updated effective date.
Information We Collect
Last updated: Thu, 01 May 2025 00:00:00 GMT
We collect several types of information from and about users of our "Services", including:
Personal Data
Personal data refers to any information that can be used to identify you as an individual. Depending on your interaction with our Services, we may collect:
- Identity information: Name, email address, postal address, phone number, and other similar contact data.
- Account information: Login credentials, account preferences, and settings.
- Transaction information: Details about purchases, subscriptions, billing address, and payment methods.
- Professional information: Company name, job title, department, and business contact details.
- Communication data: Preferences for receiving communications from us and your communication history with us.
Usage Data
We automatically collect certain information about how you interact with our Services, including:
- Device information: Device type, operating system, browser type and version, IP address, and device identifiers.
- Interaction data: Pages or screens viewed, time spent on pages, navigation paths, clicks, and scrolling information.
- Performance data: System activity, crashes, hardware settings, and other usage data.
- Location data: General location information derived from IP address.
Data Protection Commitment
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction.
We never sell your personal data to third parties and only share it as outlined in this policy.
Cookies and Similar Technologies
We use cookies, web beacons, and similar technologies to enhance user experience and collect information about how our Services are used. These technologies help us:
- Remember your preferences and settings
- Understand how you interact with our Services
- Provide personalized content and recommendations
- Analyze the performance of our Services
- Prevent fraudulent activities and improve security
You can manage your cookie preferences through your browser settings or our cookie management tool.
How We Use Your Information
Last updated: Mon, 28 Apr 2025 00:00:00 GMT
We use the information we collect for various purposes, including to:
Provide Our Services
- Create and maintain your account
- Authenticate your identity
- Process transactions and payments
- Provide customer support
- Fulfill your requests and orders
Security and Protection
- Detect and prevent fraud
- Identify and address security incidents
- Protect against malicious activities
- Ensure the security of our Services
- Verify identity for access control
Improvement and Analysis
- Understand user behavior and preferences
- Analyze usage patterns and trends
- Improve our Services' functionality
- Develop new features and products
- Measure the effectiveness of our Services
Communication
- Send administrative notifications
- Provide updates about our Services
- Respond to your inquiries
- Send marketing communications (with consent)
- Deliver personalized content and offers
Legal Bases for Processing
We process your personal data in accordance with applicable data protection laws. Our legal bases for processing include:
- Contractual necessity: Processing necessary to fulfill our contractual obligations to you.
- Legitimate interests: Processing necessary for our legitimate interests, such as improving our Services, provided those interests are not overridden by your rights.
- Consent: Processing based on your specific consent, which you can withdraw at any time.
- Legal obligation: Processing necessary to comply with our legal obligations.
Personalized Experiences
We may use your information to personalize your experience with our Services, including:
- Recommending content and features that may interest you
- Customizing the Services based on your preferences and past interactions
- Tailoring communications to your interests
You can adjust your personalization preferences in your account settings.
Information Sharing and Disclosure
Last updated: Tue, 15 Apr 2025 00:00:00 GMT
We may share your information in the following circumstances:
Service Providers
We share information with service providers who help us operate, improve, and deliver our Services. These service providers are contractually obligated to use your information only for the specific purposes for which it was shared and in accordance with this privacy policy. Examples include:
- Cloud hosting and infrastructure providers
- Payment processors
- Customer support services
- Analytics providers
- Email and communication services
Business Transfers
If we are involved in a merger, acquisition, financing, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose your information when we believe disclosure is necessary to:
- Comply with applicable laws, regulations, or legal processes
- Protect the rights, property, or safety of Sonic, our users, or others
- Detect, prevent, or address fraud, security, or technical issues
- Enforce our terms of service
With Your Consent
We may share your information with third parties when we have your consent to do so. You can withdraw your consent at any time.
Important Notice on Data Sharing
We do not sell your personal data to third parties. When we share your information with our service providers, we ensure they comply with privacy and security standards comparable to our own.
Aggregated or De-identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for various purposes, including:
- Industry analysis and research
- Marketing and advertising
- Improving our Services
- Developing benchmarks and best practices
Data Retention and Security
Last updated: Thu, 20 Mar 2025 00:00:00 GMT
Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. The criteria we use to determine the retention period include:
- The length of time we have an ongoing relationship with you
- Whether there is a legal obligation to retain the data
- Whether retention is advisable in light of our legal position (e.g., for statutes of limitations, litigation, or regulatory investigations)
When we no longer need to use your personal data, we will either delete it or anonymize it so that it can no longer be associated with you. In some cases, we may retain certain information in a depersonalized or aggregated form.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:
Encryption
Data encryption at rest and in transit using industry-standard protocols
Access Controls
Strict access controls and authentication procedures
Monitoring
Continuous monitoring and regular security assessments
While we take reasonable steps to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
Security Best Practices
To help protect your information, we recommend using strong, unique passwords for your account, enabling two-factor authentication where available, and being cautious about sharing your login credentials.
Data Breach Notification
In the event of a data breach that compromises your personal data, we will notify you and relevant authorities as required by applicable law. We will provide information about the breach, the affected data, and steps we are taking to address the situation and mitigate potential harm.
Your Privacy Rights
Last updated: Thu, 01 May 2025 00:00:00 GMT
Depending on your location and applicable laws, you may have certain rights regarding your personal data. These may include:
Access and Information
You have the right to access and receive information about the personal data we process about you.
Portability
You have the right to receive your personal data in a structured, commonly used format.
Rectification
You have the right to have inaccurate personal data corrected or completed.
Deletion
You have the right to request the deletion of your personal data in certain circumstances.
Restriction and Objection
You have the right to restrict or object to our processing of your personal data.
Withdraw Consent
You have the right to withdraw consent where processing is based on consent.
How to Exercise Your Rights
To exercise your rights, you can:
- Access and update certain information through your account settings
- Contact us directly using the information in the ‘Contact Us‘ section
- Use our dedicated privacy portal to submit requests
We will respond to your request within the timeframe specified by applicable law (typically within 30 days). We may need to verify your identity before processing your request and may request additional information for verification purposes.
Note on Requests
In some cases, we may not be able to fully comply with your request, such as when it would impact the privacy of others, conflict with our legal obligations, or if the information is necessary for the performance of a contract. In such cases, we will explain our decision and your available options.
Complaints
If you believe your privacy rights have been violated, you have the right to file a complaint with the relevant data protection authority in your jurisdiction or seek a remedy through the courts. We encourage you to contact us first so we can try to resolve your concern directly.
International Data Transfers
Last updated: Sat, 15 Mar 2025 00:00:00 GMT
Sonic operates globally, which means your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that are different from those in your country.
Transfer Mechanisms
When we transfer your personal data internationally, we implement appropriate safeguards to ensure your information receives adequate protection. These safeguards may include:
- Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs for data transfers to countries outside the EEA, UK, and Switzerland.
- Adequacy Decisions: Transfers to countries recognized as providing adequate protection by relevant authorities.
- Binding Corporate Rules: Internal rules for transfers within our corporate group.
- Consent: Where applicable, obtaining explicit consent for the transfer after informing you of the potential risks.
Our Global Data Infrastructure
Primary Processing Locations
| Region | Primary Purpose | Safeguards |
|---|---|---|
| United States | Service hosting, Analytics | SCCs, Corporate Rules |
| European Union | Service hosting, Customer support | GDPR Compliance |
| United Kingdom | Research and development | UK GDPR Compliance |
| Japan | Service hosting (APAC) | SCCs, Adequacy Decision |
| Australia | Customer support (APAC) | SCCs, Corporate Rules |
By using our Services, you acknowledge and consent to the transfer of your information to countries outside your country of residence, including the United States, which may have different data protection rules than those in your country.
Important Notice on International Transfers
While we take measures to ensure the protection of your data when transferred internationally, such transfers may present additional risks due to different legal frameworks and enforcement mechanisms in other countries. You can contact us for more information about the specific safeguards we have in place.
Children's Privacy
Last updated: Mon, 10 Feb 2025 00:00:00 GMT
Our Services are not intended for children under the age of 16, and we do not knowingly collect or solicit personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will promptly delete that information.
If you are a parent or guardian and believe we may have collected personal information from your child, please contact us immediately using the information in the ‘Contact Us‘ section.
Note for Parents and Guardians
In certain educational or family contexts, we may collect information from children with verifiable parental consent or as authorized by the child's educational institution. In such cases, we comply with applicable laws specifically protecting children's privacy, such as the Children Online Privacy Protection Act (COPPA) in the United States.
Special Protections
In cases where we may collect information from children with appropriate consent (such as through educational or family products), we implement additional protections:
- We collect only the minimum information necessary to provide the relevant services
- We provide parents with control over their child's information
- We limit data retention periods for children's information
- We do not use children's personal information for marketing or advertising purposes
- We implement additional security measures to protect children's data
Changes to This Policy
Last updated: Wed, 15 Jan 2025 00:00:00 GMT
We may update this privacy policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the ‘Last Updated‘ date at the top of this policy and take other appropriate measures to notify you, consistent with the significance of the changes we make.
How We Notify You of Changes
For significant changes that materially alter your rights or our practices, we will provide notice through:
- Email notifications to the address associated with your account
- Prominent notices on our website or within our applications
- A notification when you log in to your account
- Other direct communications when appropriate
We encourage you to periodically review this privacy policy to stay informed about our information practices. Your continued use of our Services after changes to this policy constitutes acceptance of the updated policy.
Policy Version History
Previous Versions
| Version | Effective Date | Key Changes | Action |
|---|---|---|---|
| v4.0 | Thu, 15 May 2025 00:00:00 GMT | Current version | - |
| v3.5 | January 15, 2025 | Updated international data transfers section | |
| v3.0 | October 10, 2024 | GDPR and CCPA updates | |
| v2.5 | June 5, 2024 | Added new data processing activities |
Contact Us
Last updated: Wed, 15 Jan 2025 00:00:00 GMT
If you have any questions, concerns, or requests regarding this privacy policy or our privacy practices, please contact us using the following information:
Email Us
Our team typically responds within 24 hours
For general privacy inquiries:
[email protected]
For data subject requests:
[email protected]
Submit a Request
Use our privacy portal for formal requests
For data access, deletion, or other privacy rights requests, please use our dedicated privacy portal.
Data Protection Officer
You can reach our Data Protection Officer at:
Sonic, Inc.
Attn: Data Protection Officer
350 California St
San Francisco, CA 94104
United States
Email: [email protected]
EU Representative
For individuals in the European Union, we have appointed a representative who can be contacted at:
Sonic EU B.V.
Attn: EU Representative
Herengracht 500
1017 CB Amsterdam
The Netherlands
Email: [email protected]
UK Representative
For individuals in the United Kingdom, we have appointed a representative who can be contacted at:
Response Time
We will respond to your privacy-related inquiries as quickly as possible and in accordance with applicable law. For formal data subject requests, please note that we may need to verify your identity before processing your request.