bubbles iconSonar Compliance Overview

Get Started

Sonar's built-in compliance suite ensures your company abides by governing laws and your consumers are always protected

Consumers expect companies to take the utmost stance on protecting their customers. With more and more laws going into effect to protect the consumer, Sonar stays on top of the changing landscape so our partners don't have to worry.

Sonar delivers by going beyond simple exceptions. We are CCPA, TCPA, and GDPR compliant, as well as adhering to all U.S. timezones and double opt-in governance. We take it a step further with our anti-spam initiative, ensuring your messages won't get flagged as spam nor unusual behavior.

We believe abiding with all these measures increases the success and engagement of our platform. Sonar complies with all consumer-communication laws by never selling consumer data, disclosing all the information we collect, always supplying an opt-in/opt-out function, utilizing our intelligent timezone messaging feature, and providing sensitive content retraction.

Double opt-in is a two-step verification process to confirm customers to your messaging list. Enabling double opt-in allows you to generate a messaging list that complies with TCPA policies. It provides the best end user experience, as well as keeping legal liabilities related to text messaging to a minimum.

With double opt in, you’re making the opt-in process very explicit so you know the end user wants to receive messages and are expecting to receive messages. Double opt-in starts with an inbound message from an end user (contact), the feature then sends back a confirmation message, which includes a keyword for the end user to reply with.

Sonar’s Intelligent Timezone Compliance feature— an added safety measure to avoid sending texts to your customers or prospects during non-business and unapproved hours as stated by TCPA law guidelines.

First, you need to derive the timezone using one of several options:

  • You can input a timezone manually for customers — either through the Salesforce integration, API, CSV Import, or manually in the UI — but this method is reliant on your company already collecting timezone data.
  • In cases where you do not have timezone data, you can utilize the consumer’s zip code (U.S. only).
  • Zip code is better than area code because people move around while still keeping their existing phone numbers.
  • If your company doesn’t go about either of the above routes, then Sonar tries to derive timezone from the area code. However, we recommend being extra cautious in this scenario by specifying the acceptable hours to a more narrow window to prevent accidentally sending a text too early or too late. Specifying an 11 a.m. to 5 p.m. window would give you wiggle room to ensure you are abiding by TCPA guidelines.
  • Sonar gives companies the ability to pre-select their own acceptable hours of text communication if they do not want to run off the default of TCPA hours.

When a customer asks you to stop messaging them, we automatically unsubscribe and prevent further communication.

If a customer messages in any of the below keywords, Sonar automatically unsubscribes them in your system.

  • Stop
  • Unsubscribe
  • End
  • Cancel
  • Quit

We also allow for custom STOP and HELP keywords that will automatically trigger when a recipient responds with one of those keywords

We use SSL and HTTPS for end-to-end encryption, as well as encrypting our database. We also perform sensitive message deletion upon request. Sonar will remove sensitive content from messages such as credit card numbers, phishing/illicit content, and other personally identifiable information.


  • The state of California introduced legislation for the California Consumer Privacy Act (CCPA) which took effect Jan 1, 2020. This bill intends to give Californians rights over the personal data companies collect. Companies have to disclose what information they collect, if they sell your information, and are required to provide an opt-out function.


  • In the European Union, they implemented a General Data Protection Regulation (GDPR) which took effect in May 2018. GDPR aims to bring all the EU member states under one umbrella by enforcing a single data protection law, intending to put guidelines and regulations on how data is processed, used, stored or exchanged.


  • The Telephone Consumer Protection Act (TCPA) was one of the first consumer protection laws enacted to protect consumers. This law created the basis of required telecom compliance. Companies cannot call consumers before 8 a.m. or after 9 p.m., maintain a do-not-call list, and must disclose their name/pertaining information.

bubbles iconReady to streamline communication with your customers?

Get Started