Security

The Sona Revenue Growth Platform (SRG Platform) makes revenue attribution and planning easy for B2B marketers so they can understand how their marketing efforts are driving revenue. By unifying online marketing interactions, ad data, and CRM data with sales outcomes, marketers can gain actionable insights related to making data-backed optimizations. From first touch to sales and beyond, across all marketing channels, the SRG Platform enables marketers to connect marketing to revenue through advanced analytics.

There are three (3) primary components that track, organize, and house data and provide reporting capabilities in the SRG Platform. These components include:

The Sona Tracking Script (sona.js) captures all the online marketing interactions, also called touchpoints, that prospects/leads have with the customer’s organization, and includes a custom script that is added before the closing tag on every marketing page of the customer’s website, e.g. sona.js captures data from web visits (including anonymous web visits), general traffic/page navigation, content downloads, and form submissions. SRG Platform processes this data for the customer and pushes it into their customer relationship management (CRM) solution, with each marketing interaction displayed as an online touchpoint.

Sona Platform Application — Customers use the Sona Platform application to view and report on attribution data, configure account settings, and update account information.

Sona Data Warehouse — All data generated by the Sona Platform Application is stored in the Sona Data Warehouse in an Elasticsearch cluster.

Additionally, the SRG Platform includes a range of data connectors where processed data can be relayed. These destinations include:

CRM and Data Warehouse Integrations — The SRG Platform integrates with CRM solutions to relay and organize processed data from the Sona Data Warehouse. Currently, the SRG Platform has API integrations with a range of CRM systems and data warehouses that can be found on the Sona website.

Third-Party Applications — Because marketers rely on many different applications to run their marketing efforts, the SRG Platform is integrated with third-party marketing automation, ad platforms, A/B testing, analytics, and live chat applications. A current list of third-party applications can also be found on the Sona website.

All connections to Sona’s tracking servers are encrypted by default using industry-standard cryptographic protocols (TLS 1.2+).

Any attempt to connect over an unencrypted channel (HTTP) is redirected to an encrypted channel (HTTPS).

To take advantage of HTTPS, your browser must support encryption protection (all versions of Google Chrome, Firefox, and Safari).

Connections to customers' ad platform sources and destinations are SSL encrypted by default.

Connections to customers’ database sources and destinations are SSL encrypted by default.

Sona can support multiple connectivity channels.

Connections to customers' software-as-a-service (SaaS) tool sources are encrypted through HTTPS.

The following steps describe how data flows in a SRG Platform implementation. This section assumes that the customer has already defined the data they want to track. Steps below correspond to the "SRG Platform Infrastructure" diagram:

When a visitor lands on a customer’s website with the script tag referencing sona.js, the visitor’s browser makes a request to Sona’s servers. This request includes a standard set of information about the user’s machine configuration, the page they are viewing, and the pre-defined information that the customer wants to track.

Throughout the visitor’s web session, the Sona client-side code relays the tracked information to the SRG Platform Server using HTTPS.

The SRG processing platform periodically queries external integrations (e.g., CRM, ad providers) for any updates since the last synchronization point.

These updates are applied to SRG Platform customer-specific data in the segregated client data store.

The SRG processing platform updates the touchpoint and attribution data based on the configuration settings stored in the SRG client configuration. The results are then set up in the segregated client data store.

If the customer has purchased the data warehouse add-on feature, some of the data in the segregated client data store is exported into an external data warehouse, as specified by the client.

All connections to Sona’s web portal are encrypted by default using industry-standard cryptographic protocols (TLS 1.2+).

Any attempt to connect over an unencrypted channel (HTTP) is redirected to an encrypted channel (HTTPS).

To take advantage of HTTPS, your browser must support encryption protection (all versions of Google Chrome, Firefox, and Safari).

NYC1

New York City, United States

NYC3

New York City, United States

AMS3

Amsterdam, the Netherlands

SFO3

San Francisco, United States

LON1

London, United Kingdom

FRA1

Frankfurt, Germany

TOR1

Toronto, Canada

The SRG Platform is hosted on Digital Ocean continuously active Availability Zone (AZ) data center configurations. All Digital Ocean data centers are highly resilient, designed to deliver high availability and tolerate system or hardware failures with minimal impact. Each data center runs on its own physically distinct and independent infrastructure to help ensure business continuity in the event of an outage.

For both planned and unplanned system downtime, the SRG Platform team follows a notification process to inform customers about the status of the service. If there is a need to migrate the operational service from a primary site to a disaster recovery site, Sona can send a customer-specific notification, including:

Notification of the intent to migrate the services to the disaster recovery site

Throughout the visitor’s web session, the Sona client-side code relays the tracked information to the SRG Platform Server using HTTPS.

Hourly progress updates during the service migration

Notification of completion of the migration to the disaster recovery site

Sona requires that all employees comply with security policies designed to keep any and all customer information safe, and address multiple security compliance standards, rules and regulations.

Two-factor authentication and strong password controls are required for administrative access to systems.

Security policies and procedures are documented and reviewed on a regular basis.

Current and future development follows industry-standard secure coding guidelines, such as those recommended by OWASP.

Networks are strictly segregated according to security level. Modern, restrictive firewalls protect all connections between networks.

Notwithstanding anything else in this Privacy Policy, we and our marketing partners may use IP address, browser information, and your device information obtained by us when you visit our Site, utilize our Services, or open messages sent by us, in conjunction with third-party web cookies, pixels, or similar technologies, enabling us to obtain personal data about you (such as your name, contact details, location, and employer) held by third parties. To learn more, see the section above entitled “Information That We Collect” of this Privacy Policy. To opt out of the specific data collection and sharing practices described in this provision, please contact us using the contact information set forth in the section entitled “Privacy Questions” of this Privacy Policy.  

To date, Sona has not experienced a breach in security of any kind. In the event of such an occurrence, Sona protocol is such that customers would be made aware as soon as the compromise is confirmed.