Security information
We build our products with security in mind from design to deployment ensuring that we have the infrastructure, automation and monitoring necessary to protect your data.
🇫🇷 Hosting
All of our data and application is hosted in France on AWS Servers (eu-west-3).
🔐 Compliance

☁️ Sub-Providers
Our main sub-providers are : AWS (cloud), Google (IdP), Microsoft (IdP), Okta (IdP), Github (Version Control)
⚙️ Functional levels
Our solution offers three distinct levels of functionality plus an extra
Premium - Diagnostic:
A one-time in-depth automatic diagnostic to uncover Shadow IT, prevent security risks, cut down on unused tool costs and pinpoint critical concerns.
Anonymous Collection:
This level provides anonymous data collection, tracking usage events such as timestamps and accessed domains across 110,000+ whitelisted domains. It is ideal for environments needing high security with minimal data exposure.
Identified Collection:
In addition to basic monitoring, this level includes identified data collection. It captures user-specific information like email addresses and domain cookies to ensure accurate tracking of user activity. This level also supports integration with major IdPs (Microsoft, Okta, Google) for directory and SSO event synchronization. Examples of outcomes include identifying unauthorized SaaS usage or detecting policy violations based on user activity.
Business Plan - Shadow IT
Manage Shadow IT effortlessly with the Business Package, offering real-time monitoring and proactive protection for all online tools used by your teams.
Enterprise plan - Shadow IT & FinOps:
Streamline SaaS management with the Enterprise package, offering smarter cost control and spend management systems alongside with advanced security features.
Advanced Software Analysis
This specific use case focuses on timely audits and reviews, providing a comprehensive overview of a SaaS real usage—ideal for contract renewals, for example. Deliverables are provided as Excel sheets, offering significantly more data than what is available in Sonar’s web app.
🙅 Data collected :
IdP (Google Workspace, Okta, Microsoft Entra, CSV)
List of Users (email, name, Id, team, admin status)
Users relationship (manager)
Groups and Organization units
Historical log events
Token of authentifications for external apps
Timestamp of tokens
Scopes granted to external apps
Browser extensions (Chrome, Chromium, Edge, Firefox, Safari)
URLs
Email used to connect
Timestamp
Users nudge responses
2000+ integrations
Users
Authentification method
Date of creation and desactivation
Permissions and licences levels
Historical events
Google Workspace and Microsoft Office 365
UserId
VendorId
Timestamp
🗄️ Recognised Applications:
All applications that are part of our database can be recognised by both the SSO, the browser agent and the emails addons. This whitelist currently contains more than 110,000 apps. This whitelist is also :
Customizable.
Weekly updated, especially with new AI tool.
Can contain custom client URLS for on premise applications accessed via the browser.
📗GDPR Compliance and Validation:
All solutions are GDPR compliant, addressing the stringent data protection requirements of the insurance industry.
The anonymous option is particularly beneficial in security-sensitive environments, as it only collects usage events without personal information. Furthermore, all data traffic is encrypted to prevent leakage in case of interception. Upon receipt, traffic is secured using AWS Cognito resource access control, ensuring no unauthorized access.
Last updated