<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=438711809987663&amp;ev=PageView&amp;noscript=1">
Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Data, privacy & security

Where can I learn more about Sonder's information security program (including Certification, Software Development, Business Continuity and Data Residency)?

Sonder takes privacy very seriously and our security philosophy in how we manage and protect data puts you and your people first. We maintain a robust security program that’s guided by formal policies and requirements that meet the latest industry standards. This ensures that we’re staying ahead of any cyber threat.

For more in-depth information about Sonder’s information security program - including details about certification, software development, business continuity, and data residency - please head over to our Sonder Security webpage.


What domains and email addresses should my organisation whitelist?

Sonder takes privacy seriously and will only send you and your people an email for important matters that includes:

Member emails:

  • Activation emails encouraging you to download Sonder (if you have opted in to do so)
  • Replying to customer service enquiries
  • Requesting or responding to feedback or complaints.

Organisational emails:

  • Receiving an invitation to a Sonder event
  • Invoicing and accounts information

To ensure that you and your people are receiving these important emails, we ask that you whitelist our Sonder domains and emails. Please follow these steps:

  1. Log in to your email management system or spam filter.
  2. Navigate to your whitelist or safe senders list. This will vary depending on the email management system you are using.
  3. Add the domains and email addresses the below domains to your whitelist:
    1. @sonder.io
    2. @sondersafe.com
    3. @member.sonder.io
    4. @accounts.sonder.io
    5. @intelligencebank.com
    6. hello@sonder.io
    7. hello@member.sonder.io
    8. no-reply@members.sonder.io
    9. hello@account.sonder.io
  1. If the whitelist requires you to whitelist subdomains, please include the subdomains for these domains as well.
  2. Save the changes to your whitelist.

What is required for the SSO configuration process?


The steps required for setting up SSO must be completed at least 2 weeks prior to your Sonder launch date.

These are the key details required for the integration:


Sonder

Federation Server

AWS Cognito 

SSO Protocol

SAML 2.0

Endpoint URL

https://auth.prod.sondersafe.com/saml2/idpresponse

Entity ID

urn:amazon:cognito:sp:ap-southeast-2_Gk0YLtEoy

Logout Binding 

HTTP-Redirect

Logout URI 

sonder://sso/logout

Binding

POST

The following is an example SSO Configuration using Microsoft Entra ID (formerly Azure Active Directory) and is purely used for demonstration purposes. If you have a different SSO provider, you will need to use that provider's instructions for SSO configuration.

STEP 1. Create a new application

Click Enterprise applications under Applications on the left menu:



Click New application:


Click Create your own application:


Input the app name, e.g. Sonder, then click Create:



STEP 2: Configure SAML

Click Single sign-on in the Sonder application:

Click SAML:


Edit Basic SAML Configuration:


Add Identifier and input the Entity ID, add the Endpoint URL / Reply URL and input the reply URL, then Save.

Note: the Entity ID and reply URL are the information Sonder gives to the customer.



Edit Attributes & Claims(Optional):


In the Additional Claims section, Sonder requires email, givenname and surname for SSO Configuration. You do not need to change anything unless you want to change the Value column, e.g. change user.surname to user.sn if you have surname populated in the user.sn field instead of user.surname in your system.



STEP 3: Collect & share the configuration information Sonder needs


You are required to share Metadata URL and Attributes with Sonder. Please use the accompanying Word Document titled SSO Configuration - Customer to complete and share with your Customer Success Manager or Sonder Implementation Manager when complete.


Screenshots below show where to locate this information.

  1. Metadata url

  1. Claim attributes


STEP 4: Sonder configuration steps & SSO Login Test Meeting


Once Sonder has received the completed SSO Configuration - Customer to complete document, we will configure SSO on our platform. Your Customer Success Manager or Sonder Implementation Manager will schedule a meeting with your project team for SSO Login Testing.


The purpose of this meeting is to ensure the SSO experience is functioning correctly and answer any questions your team may have. Sonder recommends your SSO Login test group is between 4-6 employees (including your Sonder project team members & IT contact), plus a combination of iOS and Android phone users if possible.


Prior to the SSO Login Test Meeting, ensure that the test Users/Group has been added to the Sonder application group so they can login to the app during testing.


NOTE: The SSO integration will not work until Sonder has configured our side of the SSO bridge. Please do not try to login to the Sonder app prior to this meeting as you will see the incorrect login experience. 


STEP 5: Add Users/Groups so your people can access Sonder at launch:


Once login testing is complete, ensure all applicable Users or Groups are added to the Sonder application so that your people can access the Sonder mobile app at launch.


Please contact your Customer Success Manager or Sonder Implementations (implementations@sonder.io) with any questions or queries.

Where is my data stored?


To ensure data privacy and compliance with regional requirements, Sonder stores cloud data with Amazon Web Services (AWS) data centres. This geographically distributed approach places your and your people’s data in the AWS region you require, be it Australia or the United Kingdom. 


Backups for data are performed daily, are encrypted, and are stored in AWS region data centres. Recovery practices are conducted at least annually and are aligned to meet RPO/RTO/MAO objectives outlined within Sonder’s Business Continuity Plan (BCP).


These AWS data centres are ISO 27001 and SOC 2 compliant, and include backup power, HVAC systems and fire suppression equipment to help protect servers and ultimately your data. AWS on-site security includes features such as security guards, fencing, security feeds, intrusion detection technology and other security measures.

How does Sonder guarantee privacy?


Sonder is dedicated to safeguarding you and your people’s personal information by following privacy laws. Guided by formal policies, detailed requirements, and legislation, Sonder’s security program maintains confidentiality and integrity of you and your people’s information as per best practice standards for the industry.


Reasonable care is taken to protect personal information and up-to-date data security measures, policies, practices, and procedures are implemented. When personal information is no longer required (unless stated by the law), Sonder will destroy or de-identify this data.


It’s important to note that transmission of information via the internet isn’t completely secure and while Sonder will do its best to protect your personal information, there’s no guarantee for the security of any personal information transmitted.


By using Sonder’s platform and services, you give permission for Sonder to responsibly manage your personal information as per its Privacy Policy. Head over there for an in-depth look at the measures Sonder takes to protect you and your people’s information and privacy.


LINK TO SONDER PRIVACY POLICY 

https://sonder.io/legal/#privacy-policy