Terms & Conditions
Privacy Policy
Security

Security

Last Updated: October 31, 2022

Sona Labs (Sona) is committed to keeping your data safe and secure. Sona adheres to industry-leading security and privacy standards to ensure your data is safe and secure when collecting data, replicating data, loading data, and connecting to all of your data sources. Security practices are deeply ingrained into our internal software development, operations processes, and tools. These practices are strictly followed by our cross-functional teams to help prevent, detect, and respond to incidents in an expedient manner. We regularly incorporate advanced security techniques into the products and services we offer.

Please contact security@sonalabs.com if you have any questions or comments.

About the Sona Revenue Growth Platform

The Sona Revenue Growth Platform (SRG Platform) makes revenue attribution and planning easy for B2B marketers so they can understand how their marketing efforts are driving revenue. By unifying online marketing interactions, ad data, and CRM data with sales outcomes, marketers can gain actionable insights related to making data-backed optimizations. From first touch to sales and beyond, across all marketing channels, the SRG Platform enables marketers to connect marketing to revenue through advanced analytics.

 

Solution Architecture 

There are three (3) primary components that track, organize, and house data and provide reporting capabilities in the SRG Platform. These components include:

  • The Sona Tracking Script (sona.js) captures all the online marketing interactions, also called touchpoints, that prospects/leads have with the customer’s organization, and includes a custom script that is added before the closing tag on every marketing page of the customer’s website, e.g. sona.js captures data from web visits (including anonymous web visits), general traffic/page navigation, content downloads, and form submissions. SRG Platform processes this data for the customer and pushes it into their customer relationship management (CRM) solution, with each marketing interaction displayed as an online touchpoint.
  • Sona Platform Application — Customers use the Sona Platform application to view and report on attribution data, configure account settings, and update account information.
  • Sona Data Warehouse — All data generated by the Sona Platform Application is stored in the Sona Data Warehouse in an Elasticsearch cluster.

Additionally, the SRG Platform includes a range of data connectors where processed data can be relayed. These destinations include:

  • CRM and Data Warehouse Integrations — The SRG Platform integrates with CRM solutions to relay and organize processed data from the Sona Data Warehouse. Currently, the SRG Platform has API integrations with a range of CRM systems and data warehouses that can be found on the Sona website..
  • Third-Party Applications — Because marketers rely on many different applications to run their marketing efforts, the SRG Platform is integrated with third-party marketing automation, ad platforms, A/B testing, analytics, and live chat applications. A current list of third-party applications can also be found on the Sona website.

Tracking Script Connectivity

  • All connections to Sona’s tracking servers are encrypted by default using industry-standard cryptographic protocols (TLS 1.2+).
  • Any attempt to connect over an unencrypted channel (HTTP) is redirected to an encrypted channel (HTTPS).
  • To take advantage of HTTPS, your browser must support encryption protection (all versions of Google Chrome, Firefox, and Safari).

 

Data Connectors

  • Connections to customers' ad platform sources and destinations are SSL encrypted by default.
  • Connections to customers’ database sources and destinations are SSL encrypted by default.
  • Sona can support multiple connectivity channels.
  • Connections to customers' software-as-a-service (SaaS) tool sources are encrypted through HTTPS.

Data Flow Narrative 

The following steps describe how data flows in a SRG Platform implementation. This section assumes that the customer has already defined the data they want to track. Steps below correspond to the "SRG Platform Infrastructure" diagram:

  1. When a visitor lands on a customer’s website with the script tag referencing sona.js, the visitor’s browser makes a request to Sona’s servers. This request includes a standard set of information about the user’s machine configuration, the page they are viewing, and the pre-defined information that the customer wants to track.
  2. Throughout the visitor’s web session, the Sona client-side code relays the tracked information to the SRG Platform Server using HTTPS.
  3. The SRG processing platform periodically queries external integrations (e.g., CRM, ad providers) for any updates since the last synchronization point.
  4. These updates are applied to SRG Platform customer-specific data in the segregated client data store.
  5. The SRG processing platform updates the touchpoint and attribution data based on the configuration settings stored in the SRG client configuration. The results are then set up in the segregated client data store.
  6. If the customer has purchased the data warehouse add-on feature, some of the data in the segregated client data store is exported into an external data warehouse, as specified by the client.
SONA GROWTH PLATFORM INFRASTRUCTURE
SRG PLATFORM Infrastructure

 

SRG Platform portal connectivity

  • All connections to Sona’s web portal are encrypted by default using industry-standard cryptographic protocols (TLS 1.2+).
  • Any attempt to connect over an unencrypted channel (HTTP) is redirected to an encrypted channel (HTTPS).
  • To take advantage of HTTPS, your browser must support encryption protection (all versions of Google Chrome, Firefox, and Safari).

Hosting and Security

The SRG Platform solution is hosted at data centers managed by our trusted cloud hosting provider, DigitalOcean, LLC, with United States corporate headquarters located in New York City, NY. Sona cloud service infrastructure partners maintain very strict controls around data center access, fault tolerance, environmental controls, and network security. Only approved, authorized Sona employees, cloud service provider employees, and contractors with a legitimate, documented business need are allowed access to the secured sites.

Sona operates our services in the United States, Netherlands, United Kingdom, Canada, and Germany. This table lists each datacenter, and its region. Regions are geographic areas where they might be one or more datacenters. In addition to what's listed in the table, Sona operates our services in the SFO2 legacy datacenter in the San Francisco, United States region.

Datacenter Region
NYC1 New York City, United States
NYC3 New York City, United States
AMS3 Amsterdam, the Netherlands
SFO3 San Francisco, United States
LON1 London, United Kingdom
FRA1 Frankfurt, Germany
TOR1 Toronto, Canada

Segregated Client Data

Each customer’s data is stored in a dedicated Digital Ocean storage account and a dedicated Elasticsearch schema. The only access to these servers and databases is via secure access by the application. All other access to the application and content servers is made only by authorized Sona personnel and is conducted via encrypted channels over secure management connections.

Data Availability

SRG Platform data is stored in a combination of Digital Ocean cloud repositories and Elasticsearch databases. Digital Ocean repositories provide their own redundancy mechanisms, offering 99.999999999% (Eleven 9’s) durability over a year. SRG Platform data in Digital Ocean is stored in GRS storage, which is replicated in a cross-region manner. 

Disaster Recovery

The SRG Platform is hosted on Digital Ocean continuously active Availability Zone (AZ) data center configurations. All Digital Ocean data centers are highly resilient, designed to deliver high availability and tolerate system or hardware failures with minimal impact. Each data center runs on its own physically distinct and independent infrastructure to help ensure business continuity in the event of an outage.

Availability and Notification

For both planned and unplanned system downtime, the SRG Platform team follows a notification process to inform customers about the status of the service. If there is a need to migrate the operational service from a primary site to a disaster recovery site, Sona can send a customer-specific notification, including:

  • Notification of the intent to migrate the services to the disaster recovery site
  • Hourly progress updates during the service migration
  • Notification of completion of the migration to the disaster recovery site

Company policies

  • Sona requires that all employees comply with security policies designed to keep any and all customer information safe, and address multiple security compliance standards, rules and regulations.
  • Two-factor authentication and strong password controls are required for administrative access to systems.
  • Security policies and procedures are documented and reviewed on a regular basis.
  • Current and future development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
  • Networks are strictly segregated according to security level. Modern, restrictive firewalls protect all connections between networks.

 

In the event of a data breach

To date, Sona has not experienced a breach in security of any kind. In the event of such an occurrence, Sona protocol is such that customers would be made aware as soon as the compromise is confirmed.