Compliance

Built on data your organisation already lawfully processes

CollaborationSonar reads audit logs that your administrators already have access to, inside infrastructure you already control. You stay the data controller - we never receive a copy.

Your tools Slack, Jira, GitHub, Office - audit logs you already own
Your environment Processing stays inside your infrastructure
You are the controller Your legal basis, your retention, your records

Nothing leaves your network. No vendor-side storage of your employees' data. Designed so a legal review can sign off without scope-creep.

Same data class as your existing admin tools

We do not invent a new monitoring surface. We read the logs the major workplace platforms already expose to administrators - just unified across tools.

Slack Message activity logs and analytics, in admin dashboards
MS Workplace Analytics Behavioural metrics across Teams and Office
Google Workspace Admin audit and usage reporting
GitHub / Jira Org-level audit logs exposed to administrators

How we keep the privacy footprint small

Four design choices that make a DPIA or legal review short rather than long.

  1. 01

    Audit logs only

    We read what the source tool already exposes to your administrators. Same data class as the dashboards your IT and HR teams use today.

  2. 02

    Metadata, never content

    Timestamps, action types, and identifiers - never message bodies, source code, document text, or file contents.

  3. 03

    Stays inside your perimeter

    Nothing is sent back to us. The database is yours, the network is yours, the keys are yours. No cross-customer storage exists.

  4. 04

    Configurable retention

    Per-source retention windows. Old metadata is purged automatically once your policy says so.

Designed to fit common frameworks

Not legal advice - your counsel runs the review. But the architecture is built so that review fits the shape of the rules you already work under.

EU / GDPR

You stay the controller; we are at most a processor under a DPA. Designed around data minimisation, purpose limitation, and a legitimate-interest basis you can document. Supports a DPIA on the customer side.

US privacy frameworks

Built around employer access to corporate tools - no consumer data, no public profiling. Per-source retention and exportable audit trails fit CCPA-style record-keeping obligations.

Polish employment law

Aligned with Article 22(3)¹ of the Labour Code on workplace monitoring: defined purpose, transparency in the regulamin pracy, and proportionality through metadata-only collection.

Your obligations, made easier

Sample privacy notice and employee handbook text, a DPIA outline, and a written breakdown of the data we ingest from each source - ready for your legal team.

Questions legal teams ask first

The three questions that come up in every compliance review.

Who is the data controller?

You are. CollaborationSonar runs inside your infrastructure and reads audit logs from corporate tools you already operate. We never receive a copy and never act independently on the data.

Do employees need to be notified?

In most EU jurisdictions, including Poland, the answer is yes - workplace monitoring has to be declared in internal policies and privacy notices. We provide sample text your legal team can adapt. In the US the rules vary by state, but disclosure in an employee handbook is the common practice.

Is this different from what Slack or Microsoft already do?

It is the same data class. Slack, Microsoft, Google, GitHub, and Jira all expose audit and analytics logs to administrators. CollaborationSonar unifies those existing logs across tools - it does not generate new monitoring data.

Want our compliance brief?

A short PDF for your legal and DPO teams - data inventory per source, controller/processor split, retention defaults, and sample employee notice text.