Privacy Policy
SonderSoft by Innvesio Effective Date: June 2025 Last Updated: June 2025
1. Introduction
Welcome to SonderSoft, a product of Innvesio ("we," "us," or "our"). SonderSoft is a modular business operations suite — including knowledge management, customer support, and CRM tools — built for ambitious African businesses.
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use SonderSoft and its associated services at sondersoft.com, app.sondersoft.com, knowledge.sondersoft.com, support.sondersoft.com, and all workspace subdomains (collectively, "the Platform").
By using SonderSoft, you agree to the practices described in this policy. If you do not agree, please do not use the Platform.
2. Who This Policy Applies To
This policy applies to:
- Workspace Owners and Admins — individuals who create and manage a SonderSoft workspace on behalf of their organisation.
- Team Members — individuals invited to a workspace by an admin.
- End Customers — members of the public who interact with a workspace's public knowledge base or submit support tickets via
[slug].sondersoft.com. - Visitors — individuals who browse
sondersoft.comwithout creating an account.
3. Information We Collect
3.1 Information You Provide Directly
| Data | Context |
|---|---|
| Full name and email address | Account registration and team invitations |
| Password (hashed, never stored in plain text) | Account authentication |
| Workspace name, slug, and logo | Workspace setup |
| Brand colour | Workspace customisation |
| Billing information | Plan upgrades (processed by our payment provider; we do not store card details) |
| Article and collection content | Knowledge base creation |
| Support ticket content (name, email, subject, message, attachments) | Ticket submission by end customers |
| Team replies and internal notes | Support ticket management |
3.2 Information Collected Automatically
When you use the Platform, we may automatically collect:
- IP address and approximate location
- Browser type and device information
- Pages visited, time spent, and navigation paths
- Error logs and performance data
3.3 Information From Third Parties
- Better Auth — our authentication provider may process session and identity data.
- Cloudflare R2 — file and image uploads (workspace logos, article images, ticket attachments) are stored in Cloudflare's infrastructure.
- Zeptomail — transactional email delivery. When we send you a verification email, invitation, or ticket confirmation, Zeptomail processes the recipient address and delivery metadata.
4. How We Use Your Information
We use the information we collect to:
- Create and manage your account and workspace
- Deliver the services you have subscribed to (knowledge base, support inbox, team collaboration)
- Send transactional emails — including account verification, team invitations, and ticket confirmations
- Enforce usage limits based on your subscription plan
- Investigate and resolve technical issues and security incidents
- Improve and develop new features for the Platform
- Comply with applicable laws and regulations
We do not use your personal data for advertising. SonderSoft does not sell your data to third parties.
5. Legal Basis for Processing (Where Applicable)
For users in Nigeria and other jurisdictions with data protection legislation (including those subject to the Nigerian Data Protection Act 2023 and the NDPR 2019), we process your personal data on the following lawful bases:
- Performance of a contract — processing your account data to deliver the services you signed up for.
- Legitimate interests — improving the Platform, preventing fraud, and maintaining security.
- Legal obligation — complying with applicable Nigerian and international laws.
- Consent — where we specifically ask for your consent (e.g. optional communications), you may withdraw it at any time.
6. How We Store and Protect Your Data
- Passwords are stored as cryptographic hashes and are never accessible in plain text.
- Data is stored in cloud infrastructure with access controls and encryption in transit (HTTPS/TLS).
- File uploads (logos, images, attachments) are stored in Cloudflare R2 with private access controls.
- We limit access to personal data to employees and contractors who need it to operate and improve the Platform.
Despite our precautions, no system is perfectly secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorised access to your account.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account and workspace data | Retained for as long as the workspace is active |
| Deleted workspaces | Soft-deleted for 30 days; permanently deleted after |
| Deleted collections and articles | Soft-deleted for 30 days; recoverable by admins within that window |
| Support tickets | Retained for the lifetime of the workspace |
| Email logs (transactional) | Retained per Zeptomail's data retention policy |
| Inactive accounts with no workspace | Reviewed and may be deleted after 12 months of inactivity |
8. Sharing Your Information
We do not sell, rent, or trade your personal data. We may share data only in the following circumstances:
- With service providers — Cloudflare (infrastructure and CDN), Zeptomail (transactional email), and our hosting providers, strictly to deliver our services.
- With your workspace team — workspace admins can see team member names, emails, roles, and module access within their workspace.
- Public readers — published knowledge base articles and their author names are visible to the public at
[slug].sondersoft.com/knowledge. No other personal data is exposed publicly. - Legal requirements — we may disclose data if required to do so by law, court order, or a competent regulatory authority in Nigeria or another jurisdiction.
- Business transfers — in the event of a merger, acquisition, or sale of assets, data may be transferred. We will notify affected users.
9. Cookies and Tracking
SonderSoft uses cookies and similar technologies to:
- Maintain your authenticated session across product apps (Knowledge, Support, Console)
- Store user preferences
- Collect anonymised analytics to improve the Platform
You may adjust cookie preferences in your browser settings. Disabling session cookies will prevent you from logging in to the Platform.
10. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your account and personal data (subject to retention obligations)
- Restrict or object to certain types of processing
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent — where processing is based on consent, you can withdraw at any time
To exercise any of these rights, contact us at the address in Section 13. We will respond within 30 days.
11. Children's Privacy
SonderSoft is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and, where material changes are made, notify workspace admins by email. Continued use of the Platform after the effective date of changes constitutes acceptance of the updated policy.
13. Contact Us
For privacy-related questions, requests, or complaints, please contact:
Innvesio Email: privacy@sondersoft.com Location: Abuja, Nigeria
If you are not satisfied with our response, you may contact the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
SonderSoft by Innvesio · Confidential · v1.0 · June 2025