Security

Designed for the most sensitive environments

CollaborationSonar is built to live inside the perimeters of PE firms, banks, healthcare groups, and any organisation where collaboration data simply cannot leave the building.

On-Premise Deployment

Deployed entirely within your own infrastructure. Runs in your AWS account, your Kubernetes cluster, your VPC. No data ever leaves your network.

Metadata Only

We never collect message content, file contents, or code. Only audit logs and metadata - timestamps, user actions, and interaction patterns.

Data Isolation

Strict per-tenant data isolation with encryption at rest. Each customer's data is fully separated - no cross-tenant access, no shared storage.

What we touch - and what we don't

The single most common security question we get. Here it is in two columns.

Collected Metadata about activity

  • Timestamps of user actions in each source tool
  • Source-specific user IDs (later unified into a single identity)
  • Action types (commented, merged, assigned, joined channel, ...)
  • Channel, repo, project, or board identifiers
  • Relationships between actions (who replied to whom, who reviewed what)

Never collected Content of any kind

  • Slack, Teams or email message bodies
  • Source code, diffs, or file contents
  • Document text in Confluence, Notion, or Google Docs
  • Screenshots, keystrokes, or anything from user devices
  • Calendar event titles or meeting transcripts
  • Anything outside of the integrated tools

Controls inside the product

Once it is deployed, your security team keeps the keys.

Role-based access

Granular roles for viewers, analysts, and admins. Restrict dashboards by team, region, or business unit.

SSO & SCIM

Plug into your existing identity provider (Okta, Entra ID, Google Workspace). User provisioning stays in your IdP.

Audit log of the audit log

Every query, export, and configuration change inside CollaborationSonar is itself logged for your security team.

Read-only source access

Collectors use read-only OAuth scopes on each source tool. CollaborationSonar never has permission to post, edit, or delete in Slack, GitHub, or anywhere else.

Configurable retention

Set retention windows per source. Old metadata is automatically purged from storage.

Compliance posture

Because CollaborationSonar runs entirely in your environment and only handles metadata, most of the certification surface stays with your existing infrastructure. You remain the data controller. We remain a software vendor.

Formal certifications - SOC 2 Type II, ISO 27001 - are on our roadmap as we grow. In the meantime we are happy to walk your security team through the architecture, threat model, and dependency list under NDA.

Want to dig deeper? security@collaborationsonar.com

Bring your hardest security questions

We have answered most of them already. Book a call and we'll go through your specific environment.