This Data Processing Addendum ("DPA") forms part of the agreement between Sonner ("Processor") and the customer ("Controller") for the processing of personal data in connection with the service.
Roles
For customer account data, Sonner acts as a processor on the Controller's instructions. For publicly aggregated profile data, Sonner acts as an independent controller and honors data-subject rights directly.
Subprocessors
- Convex — application database and backend
- Vercel — application hosting
- Stripe — billing and payments
- Vercel AI Gateway — LLM inference for synthesis and drafts
Security
Sonner maintains administrative, technical, and organizational measures appropriate to the risk, including encryption in transit, scoped API keys, audit logging, and least-privilege access. See our Privacy Policy for data-subject rights.
International transfers
Where personal data is transferred across borders, transfers are made under appropriate safeguards such as the EU Standard Contractual Clauses.
Contact
To execute a signed DPA or ask questions: legal@sonner.ai.