Security & Compliance

Your data. Your customers.
Our responsibility.

SonaLift is built for businesses that trust us with their most valuable asset — their customer relationships. Here is exactly how we protect that trust.

Our Security Commitments

Complete Data Isolation

Every client's data is isolated at the database level. No client can ever access, view, or influence another client's customer records. Your data is yours alone.

Encryption Everywhere

All data is encrypted in transit and at rest using industry-standard encryption. Customer records, campaign data, and analytics are protected at every layer of our infrastructure.

Passwordless Authentication

Client portal access uses secure passwordless authentication — no passwords to leak, guess, or steal. Every login is verified and time-limited.

AI with Zero Data Retention

Our AI processes your customer data with zero data retention policies. Your customer information is never stored by AI providers and is never used to train AI models.

Human Oversight Built In

Every campaign runs with intelligent rules, compliance checks, and human review. Automated safeguards pause, escalate, or adjust messaging before it reaches your customers.

Your Data, Your Control

Request a full export or deletion of your data at any time. If you leave SonaLift, your customer data is permanently deleted within 30 days. No lock-in, no hostage data.

Regulatory Compliance

GDPR Compliant

SonaLift is fully compliant with the General Data Protection Regulation. We process personal data lawfully, transparently, and only for the purposes agreed with each client. Data subject rights — including access, rectification, and erasure — are supported and actioned promptly.

CAN-SPAM Compliant

All email communications sent through SonaLift comply with the CAN-SPAM Act. Every message includes clear sender identification, a valid physical address, and a working unsubscribe mechanism. Opt-out requests are honoured within 10 business days.

Blacklist & Suppression Management

SonaLift maintains automatic suppression lists to ensure customers who have opted out, bounced, or been excluded by the client are never contacted again. Blacklist enforcement is applied before every campaign send.

What we will never do

Sell your customer data
Share data between clients
Use your data to train AI
Contact customers without approval

Common Questions

No. Every client's data is completely isolated at the database level. There is no shared access, no cross-client reporting, and no way for one business to view another's records.

No. Your customer data is processed in real time with zero data retention. It is never stored by AI providers or used for model training.

You can request a full data export at any time. After cancellation, all customer records, campaign data, and analytics associated with your account are permanently deleted within 30 days.

Every message includes a working unsubscribe link. Opt-out requests are processed automatically and immediately added to suppression lists. Unsubscribed contacts are never re-contacted.

Your data is stored on managed infrastructure with encryption at rest and in transit, hosted in certified, audited data centres.

Yes. We provide a DPA to all clients upon request. Contact us at hello@sonalift.co to request a copy.

Have a specific security question? We are happy to walk you through our setup.

Book a free AI audit