Sonar

Privacy Notice

Last updated November 3rd, 2025

At SonarSource, we are committed to protecting your personal data and being transparent about how we handle it. This Privacy Notice (“Notice”) explains what personal data we collect, how we use it, and your choices regarding your information. In this Notice, “personal data” and “personal information” refer to information that can identify you directly or indirectly, but do not include anonymous or aggregated data. 

This Notice applies to personal data collected by SonarSource Sàrl and our affiliates (“SonarSource”, “we”, “us”, or “our”) when you interact with our websites (“Sites”), use our products and services (“Services”), or engage with us through channels such as customer support, events, marketing, or product research. It applies only to personal data for which SonarSource is the  data controller.

Please note, this Notice does not cover how third-party applications, software, or services that may integrate with ours, or any other third-party offerings governed by their own privacy policies, will use your personal data. 

We encourage you to read this Notice carefully. If you have questions or concerns, please contact us using the details provided at the end of this Notice.

Account Users under Organizations

If you access our Sites or Services as part or on behalf of an organization (such as your employer, company, or another entity), your use may be subject to that organization’s policies and administrative controls. In these cases, your organization may manage your account, set usage permissions, and access or process your personal data in connection with your use of our Sites and Services. 

SonarSource collects and processes personal data about account users under organizations as described in the “What Information We Collect” section of this Notice. In addition, we may disclose relevant personal data to authorized representatives of your organization to facilitate account administration, support requests, and compliance with organizational policies. 

Your organization is responsible for ensuring that any personal data it provides to SonarSource, or requests us to process, complies with applicable data protection laws. For questions about how your organization handles your personal data, please contact your organization’s administrator or refer to their privacy policy.

What Information We Collect

We collect personal data in several ways, including directly from you, automatically from your devices, and from third parties.

1. Information You Provide to Us

We collect personal data when you: 

  • Sign up or create an account on our Sites or Services. 
  • Use our Services. 
  • Contact support. 
  • Participate in events, product research, or user experience activities. 
  • Sign up for marketing communications, newsletters, or events via web forms or other marketing activities. 
  • Communicate with us or provide feedback. 

This may include: 

  • Account and Profile Information: Name, email address, mailing address, phone number, user ID, employer name and registered address, job title, and other identifiers assigned by your employer or organization. 
  • Payment Information: Payment and billing details, transaction history. 
  • Product Analysis Data: Information generated by our Services from processing customer-provided content (such as source code or project metadata). While our Services do not require personal data in scanned content, if included as part of the content you choose to scan, we may incidentally process details such as names of software developers found in code comments, commit messages, project descriptions, or integration metadata.
  • Support Data: Details relevant to support requests, such as descriptions, code samples, screenshots, logs, or other files. 
  • Feedback and Survey Data: Responses to surveys, reviews, feedback forms, and interactive features, including written, audio, or video submissions. Where required by law, we will obtain your explicit consent before collecting audio or video recordings. You may withdraw your consent at any time by contacting us using the details provided at the end of this Notice. 
  • Sales and Marketing Data: Information for promotional communications, such as name, email, employer name and registered address, job title, and marketing preferences. You may opt out of receiving promotional emails or withdraw your consent at any time; instructions for opting out and withdrawing your consent are provided at the end of this Notice. 
  • Sales Call Recordings and Transcriptions: Our Sales Team may record calls for training, quality assurance, service improvement, and to facilitate business transactions. Where required by law, we will obtain your explicit consent before recording any calls. You may withdraw your consent at any time by contacting us using the details provided at the end of this Notice. We may use AI-powered tools to transcribe and analyze these recordings to enhance our sales processes and customer experience. These transcriptions are treated as personal data and handled in accordance with this Notice. 

2. Information Collected Automatically

When you access our Sites or Services, we automatically collect data from your devices using cookies, web beacons, device identifiers, pixels, and similar technologies to operate, secure, and improve our Sites and Services. The information we collect using these tools includes: 

  • Technical and Usage Data: Device type, browser, operating system, log files, error reports, system configuration, access times, browsing activity, session details, referring site, pages viewed, and links clicked. 
  • Location Data: General location inferred from IP address, device settings, or other information. 
  • Website Usage Data: Interactions with our Sites, such as pages visited, features used, time spent, navigation paths, search queries, clickstream data, and content interactions. Some of this data may be collected through cookies or similar technologies as described above. 
  • Inferences and Preferences: We may derive insights about your interests, preferences, or characteristics based on your activity, purchase history, or interactions with our Sites and Services. 

For more details and opt-out options with respect to our use of cookies and similar technologies, see our Cookie Policy.

3. Information from Third Parties

We may receive personal data about you from: 

  • Business and channel partners, resellers, marketing and lead generation providers, public sources, our affiliates, or other users. 
  • Third-party applications or services you choose to integrate or link with our Services. When you connect your account to a third-party application, you authorize SonarSource to receive information from that application as permitted by your settings and the third party’s privacy policies. 

This may include: 

  • Account and Profile Information: Name, email, employer, job title, or other contact details. 
  • Sales and Marketing Data: Information for promotional, sales, or marketing purposes. 
  • Integration Data: Information received from authentication providers or third party services that you choose to link or integrate with our Services
  • Additional Information: Data from public sources or other third parties relevant to your interactions with SonarSource. 

How We Use Your Information

We use the personal data we collect for the following purposes, depending on how you access our Sites, use our Services, and interact with SonarSource:

  • To provide, maintain, and improve our Sites and Services: Deliver, operate, and support our offerings, including account management, processing transactions, accounting, billing, meeting tax obligations, resolving technical issues, and ensuring reliability, security, and accessibility.
  • To communicate with you: Respond to inquiries, send administrative information, and provide updates, including via email, about our Sites, Services, events, or policy changes.
  • To personalize your experience: Tailor content, recommendations, and communications based on your preferences and usage.
  • To record and transcribe sales calls: with your consent, where required, use recordings and transcriptions for training, quality assurance, service improvement, and business transactions. We may use AI tools for transcription and analysis. You may withdraw your consent at any time. 
  • To improve our Services and develop new features: Analyze usage data and feedback, monitor performance, conduct research and testing, enhance security, update features, and develop new products and services to better meet user need.
  • For events, research, and user experience activities: Register and manage your participation in events, surveys, interviews, early access testing, and feedback sessions.
  • For marketing and promotional purposes: With your consent where required, send marketing communications, promotional offers, and information about our Services and events. You may opt out or withdraw your consent at any time; see the end of this Notice for details.
  • To ensure security and prevent misuse: Monitor, detect, and prevent fraudulent activity, unauthorized access, policy violations, and other harmful or illegal activities.
  • To comply with legal obligations: Process personal data as required by applicable laws, regulations, or governmental requests.
  • To protect and enforce our legitimate interests and legal rights: Support audits, legal claims, investigations, and corporate transactions such as mergers or asset transfers.

How We Disclose Your Personal Data

We may disclose your personal data to third parties as needed to operate our business, provide our Sites and Services, and comply with legal obligations:

  • Affiliates: We disclose personal data to SonarSource affiliates to deliver and support our Sites and Services and for internal business operations.
  • Service Providers and Partners: We engage trusted third-party service providers (processors or subprocessors) to assist with hosting, analytics, payment processing, support, marketing, security, sales call recording and transcription and other business operations. These providers may access personal data only as necessary to perform their services for us, and are contractually required to protect your information. We may also disclose personal data to business partners, resellers, and distributors who help deliver, sell, or implement our Services. If you interact directly with these partners, their privacy policies will apply.
  • Third-Party Authentication and Integrations: We may enable you to use third-party services to log in to our Services, such as using your GitHub, Bitbucket, GitLab, or Azure DevOps credentials. 
  • Legal Requirements and Protection: We may disclose personal data to comply with laws, regulations, or legal requests, or to enforce our agreements, protect rights and safety, prevent fraud, or address security and technical issues. We may also disclose data to manage legal claims or disputes.
  • Customers and Account Administrators: As further set out in the “Account Users and Organizations” section.
  • Other Users and Public Forums: Information you submit in public forums, such as the Sonar Community, may be visible to other users or the public. 

Cookies and Similar Technologies

SonarSource uses cookies and similar technologies—including pixels, tags, web beacons, JavaScript, and device identifiers—to enhance your experience, analyze usage, and support the functionality of our Sites and Services. Together with our third-party partners, such as analytics providers, we use these technologies to deliver site functionality, recognize you across devices, provide personalized content, analyze performance, and support customization and marketing.

You can manage your cookie preferences and opt out of certain analytics tools at any time. In addition, SonarSource recognizes and honors browser-based opt-out signals, such as the Global Privacy Control (“GPC”), where required by law. If your browser or extension sends a GPC signal, we will treat it as a valid request to opt out of the sale or sharing of your personal information, in accordance with applicable laws in your jurisdiction. 

For more information about the cookies we use, your choices, and browser-based opt-out signals such as GPC, please see our Cookie Policy or visit https://globalprivacycontrol.org.

Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including providing our Sites and Services, managing your account, and meeting legal or business obligations. Data may be kept longer than is typical to resolve disputes, enforce agreements, or protect legal interests.

Retention periods depend on the type of data, our relationship with you, and applicable legal requirements. When no longer needed, personal data is securely deleted, anonymized, or disposed of in accordance with our policies.

Data Security

We protect your personal data using industry-standard technologies and practices, including encryption, access controls, regular security assessments, and employee training. These measures are designed to prevent unauthorized access, disclosure, alteration, or destruction of data and are regularly reviewed and updated.

While we strive to maintain strong security, no method of transmission or storage is completely secure, and no IT infrastructure is immune to unauthorized third-party access or theft. We cannot guarantee the absolute security of your personal data and are not liable for unauthorized third-party actions beyond our reasonable control. Internet transmissions are inherently insecure and are carried out at your own risk; our responsibility applies only once your data is under our control.

We encourage you to protect your account credentials and devices. If you suspect your account or data has been compromised, please contact us promptly using the details at the end of this Notice. For more information about our security practices, please visit our Trust Center

Legal Bases for Processing (EEA, UK, and Switzerland)

If you are located in the EEA, UK, or Switzerland, we process your personal data in line with applicable data protection laws, including the General Data Protection Regulation, UK Data Protection Act, and Swiss Federal Act on Data Protection. 

We rely on the following legal bases:

  • Contractual Necessity: To enter into or perform a contract with you, such as providing our Services or support. Without this data, we may not be able to fulfill our obligations.
  • Legitimate Interests: To operate, maintain, and improve our Sites and Services, communicate with you, conduct analytics, ensure security, prevent fraud, promote our offerings, and manage legal claims or disputes. We balance these interests against your privacy rights.
  • Legal Obligations: To comply with laws and regulations, respond to lawful requests, and fulfill data subject requests.
  • Consent: Where required, we process your data based on your consent, such as for certain marketing communications or cookies. You may withdraw your consent at any time by following the instructions provided or by contacting us using the details in the “Contact Us” section of this Notice. 

International Data Transfers

SonarSource is organized as a corporate group, with its parent holding company domiciled in the United States. SonarSource Sàrl, based in Switzerland, serves as the principal operating entity and is primarily responsible for processing personal data. The SonarSource group operates globally through offices and affiliates in the European Union, United Kingdom, Switzerland, Japan, Singapore, United Arab Emirates, and the United States. To provide our Sites, Services, and support, your personal data may be stored and processed in these jurisdictions and in other countries where SonarSource Sàrl, its affiliates, or authorized processors or subprocessors maintain operations.

Some of these jurisdictions may not offer the same level of data protection as your home jurisdiction. When transferring personal data from the EEA, UK, or Switzerland to countries without an adequate data protection decision—including transfers to the United States—we implement appropriate safeguards such as Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements (IDTAs), Swiss Addenda, and supplementary measures as required by applicable data protection laws. We regularly review and update our data transfer mechanisms to ensure compliance with applicable laws and protection of your rights.

Your Privacy Rights 

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal data. These rights may include:

  • Right to Access: Request information about the personal data held.
  • Right to Correction: Correct inaccurate or incomplete personal data.
  • Right to Deletion/Erasure: Delete or erase personal data, subject to certain exceptions (such as legal or security requirements).
  • Right to Restrict Processing: Restrict the processing of personal data under certain circumstances.
  • Right to Object: Object to certain processing activities, as permitted by applicable data protection laws.
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent.
  • Right to Data Portability: Receive personal data in a structured, commonly used, and machine-readable format to facilitate transfer to another company, where technically feasible.

You may also have the right to lodge a complaint with your local Data Protection Authority. For more information, visit the European Data Protection Board site if you are an EU resident, the Swiss Federal Data Protection Commissioner’s site if you are a Swiss resident, or the UK Information Commissioner’s Office site if you are a UK resident.  

To exercise your rights, please contact us at internal.secgov@sonarsource.com. If you are making a request on behalf of someone else, please ensure you have the necessary authorization as required by law. We may need to verify your identity before processing your request.

We respond to requests as required by law and may retain certain data to comply with legal obligations or for legal claims. For individuals in the EU, Switzerland, or the UK, we will respond to your request within one month of receipt. If necessary, and as permitted by law, we may extend this period by up to two additional months, in which case we will inform you of the extension and the reason for the delay. 

California Mandatory Disclosures

1. Categories of Personal Information Collected 

In the past 12 months, we have collected the categories of personal information described in the “What Information We Collect” section of this Notice. These include: 

  • Identifiers and contact details (such as name, email address, mailing address, phone number, user ID).
  • Payment and billing information.
  • Commercial information (such as transaction history).
  • Internet or other electronic network activity (such as device information, browsing activity, and usage data).
  • Geolocation data (general location inferred from IP address).
  • Audio, electronic, visual, or similar information (such as recordings of product or user experience (UX) research calls, sales presentations, screenshots, or video submissions, where permitted by applicable data protection laws). 
  • Inferences drawn from the above (such as preferences or characteristics).

We collect personal information directly from you, automatically through your use of our Sites and Services, and from third parties, as outlined in “What Information We Collect.”

2. Business or Commercial Purposes for Collection

We use personal information for the purposes described in “How We Use Your Information,” including providing, maintaining, and improving our Sites and Services, communicating with you, personalizing your experience, supporting marketing activities, ensuring security, and meeting legal obligations.

3. Disclosure of Personal Information

In the past 12 months, we have disclosed the categories of personal information listed above for business purposes to service providers, business partners, affiliates, and other third parties, as described in “How We Disclose Your Personal Data.”

4. Sharing and Sale of Personal Information

As defined by California law, we have “shared” (for cross-context behavioral advertising) and “sold” the following categories of personal information in the past 12 months: identifiers/contact information, Internet or other electronic network activity information, and inferences drawn from the above. These categories may be shared or sold to advertising networks, analytics providers, and social networks to support marketing, advertising, audience measurement, and other commercial purposes. You may opt out of this sharing by clicking the “Do Not Sell or Share My Personal Information” link in the footer of our website or by using the GPC signal, if available (as further set out in the “Cookies and Similar Technologies” section of this Notice. 

We do not “sell” or “share” the personal information of known minors under 16 years of age.

5. Your Rights and Choices 

California residents have the following rights regarding their personal information: 

  • Right to Know (Access): Request details about the personal information we collect, use, disclose, sell, or share about you. 
  • Right to Know Data Recipients: Obtain detailed information about the specific types and categories of personal information collected over the past 12 months, including data disclosed for business purposes and the recipients of such data.
  • Right to Deletion: Request deletion of personal information collected from you, subject to certain exceptions. 
  • Right to Correct: Request correction of inaccurate personal information maintained about you. 
  • Right to Opt Out of Sale or Sharing: Opt out of the sale or sharing of personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: Protection from discrimination for exercising privacy rights.
  • Right to a Timely Response: Receive a response to your request within 45 days of receipt. If we require more time, we will notify you of the reason and may extend the response period by up to an additional 45 days, as permitted by applicable data protection laws. You may submit up to two free requests within a 12-month period.

6. Additional California Rights and Disclosures

  • California “Shine the Light” Disclosure: California residents may request information regarding the disclosure of their personal information to third parties for those third parties’ direct marketing purposes, as defined by California Civil Code section 1798.83. To make such a request, please contact us using the information provided in the “Contact Us” section of this Notice.

Updates to this Notice

SonarSource may update this Notice from time to time to reflect changes in our practices, legal requirements, or the features of our Sites and Services. Any updates will be posted on our Sites, along with the date of the latest revision. We encourage you to review this Notice periodically to stay informed about how we protect your personal data. Where required by law, we will provide additional notice of significant changes. Your continued use of our Sites and Services following any updates constitutes your acknowledgment and understanding of the revised  Notice.

Contact Us  

If you have any questions or concerns regarding our data practices or this Notice, or if you would like to exercise any of your privacy rights, please contact us at internal.secgov@sonarsource.com. When reaching out, please include your country and/or state of residence to help us respond appropriately.

If you are located in the United States, you may also contact us at 1 737 263 2279.

You may also opt out of certain data processing activities or withdraw your consent at any time, where applicable, by contacting us through the methods listed above.

Go to SonarSource homepage
sonar logo
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin
language switcher
English

© 2025 SonarSource Sàrl. All rights reserved.