Privacy Policy

Sonarlight | sonarlight.com
Effective date: June 10, 2026
Last updated: June 10, 2026

1. Introduction

Sonarlight ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what choices you have.

This Policy applies to personal information collected through our website (sonarlight.com), our dashboards, reports, and any other services we operate (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this Policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: name, email address, business name, and password when you create an account.
• Business profile data: Google Business Profile details, location, category, website URL, and other business information you enter or connect to the Service.
• Payment information: billing name, address, and payment card details. Payment card data is collected directly by our payment processor (Stripe, Inc.) and is not stored on our servers. See Section 5.
• Communications: messages, feedback, or support requests you send to us.

2.2 Information We Collect Automatically

When you use the Service, we may automatically collect:

• Usage data: pages visited, features used, time spent, clicks, and navigation paths.
• Device and browser information: IP address, browser type and version, operating system, and device identifiers.
• Cookies and similar technologies: see Section 6.

2.3 Information We Collect About Third Parties' Systems (on Your Behalf)

To provide the core Service, we query third-party AI assistants and directories (e.g., ChatGPT, Gemini, Perplexity, Google AI Overviews, Bing Places) using the business information you provide. The outputs of these queries are processed and stored to generate your visibility reports. This data relates to your business, not to individual consumers.

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service: generate visibility reports, accuracy monitoring, and improvement recommendations for your business.
• Process payments: facilitate billing and subscription management via Stripe.
• Communicate with you: send transactional emails (account confirmations, billing receipts, alerts), product updates, and — where you have consented — marketing communications.
• Improve the Service: analyze usage patterns to fix bugs, improve features, and develop new functionality. Where possible, this analysis uses aggregated or anonymized data.
• Ensure security: detect, investigate, and prevent fraud, abuse, and unauthorized access.
• Comply with legal obligations: retain records as required by applicable law and respond to lawful requests from authorities.

We do not sell your personal information to third parties.

4. Legal Basis for Processing (Canadian Law)

We collect and use personal information with your knowledge and consent, as required under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Your consent is obtained:

• Expressly — when you register for an account or opt in to marketing communications.
• Implicitly — when you provide information in the context of using the Service (e.g., entering your business address to receive a visibility report).

You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting us at [email protected]. Withdrawal of consent may affect our ability to provide the Service to you.

5. Payment Processing and Stripe

Payments are processed by Stripe, Inc., a PCI-DSS-compliant payment processor. When you enter payment details, that information is transmitted directly to and stored by Stripe. We receive only a payment token and limited transaction metadata (e.g., last four digits, card type, expiry month/year) necessary to manage your subscription.

Stripe's privacy policy is available at stripe.com/privacy. By using paid features of the Service, you agree to Stripe's terms.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Keep you logged in and maintain your session.
• Remember your preferences.
• Understand how you use the Service (analytics).

Types of cookies we use:

We do not currently use third-party advertising cookies or track you across unrelated websites for advertising purposes.

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

7. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

• Service providers: third-party vendors who help us operate the Service (e.g., Stripe for payments, cloud hosting providers, email delivery services). These providers are contractually bound to process your data only on our instructions and to maintain appropriate security.
• AI assistants and third-party data sources: we send queries (containing your business name and location) to third-party AI services to generate visibility data. No personal information about individual consumers is transmitted in these queries.
• Legal requirements: we may disclose your information if required by law, court order, or government authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: if Sonarlight is acquired, merged with, or sells substantially all of its assets to another entity, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
• With your consent: in any other circumstances where you have given us explicit permission to share your information.

8. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

• Account data: retained for the duration of your account and for up to 2 years after account closure (for legal and audit purposes), then deleted or anonymized.
• Payment records: retained as required by applicable financial and tax law (typically 7 years in Canada).
• Visibility and report data: retained for the duration of your subscription plus up to 1 year for historical trend analysis; deleted upon verified account closure request.
• Support communications: retained for up to 2 years.

When we no longer need your information, we securely delete or anonymize it.

9. Your Privacy Rights

Under Canadian privacy law and, where applicable, other legislation, you have the right to:

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to correct inaccurate or incomplete information.
• Deletion — request that we delete your personal information, subject to legal retention obligations.
• Withdrawal of consent — withdraw your consent to our use of your information (which may affect our ability to provide the Service).
• Complaint — file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca if you believe we have mishandled your personal information.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Marketing Communications (CASL)

We comply with Canada's Anti-Spam Legislation (CASL). We will only send you commercial electronic messages where we have your express or implied consent, as defined under CASL. Every marketing message we send will include:

• Clear identification of Sonarlight as the sender.
• Our contact information.
• A functional, one-click unsubscribe mechanism.

You may unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us at [email protected]. Unsubscribing from marketing will not affect transactional messages (e.g., billing receipts, security alerts).

11. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These include:

• Encryption of data in transit (TLS) and at rest.
• Access controls limiting who within our organization can access personal data.
• Use of PCI-DSS-compliant payment processing (Stripe).

No method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.

12. Data Transfers

Sonarlight is based in British Columbia, Canada. Some of our service providers (including Stripe and cloud infrastructure providers) may process data in the United States or other jurisdictions. Where we transfer personal information outside Canada, we take steps to ensure it receives a comparable level of protection, including through contractual safeguards.

13. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at [email protected] and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will post the updated Policy on our website and update the "Last updated" date. For material changes, we will provide additional notice (e.g., via email). Your continued use of the Service after the effective date of a revised Policy constitutes your acceptance of the changes.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:

Sonarlight
Attn: Privacy Officer
Email: [email protected]
Website: sonarlight.com
Vancouver, British Columbia, Canada