Find accounts
ready to buy
before they raise their hand.

Sarona processes B2B contact data — including name, work email, job title, and company — under Legitimate Interest (GDPR Article 6(1)(f)) for business-to-business outreach. Where required, processing is also based on contractual necessity (Article 6(1)(b)) or explicit user consent (Article 6(1)(a)).

Contact data is retained for the duration of your active subscription, plus 30 days after termination or a deletion request. Email interaction logs (opens, replies) are retained for 12 months. Immediate deletion is available on request at any time.

Under GDPR, all data subjects have the right to:

All data is encrypted at rest using AES-256 and in transit via TLS 1.3. Access to personal data is restricted to authorised personnel with full audit logging. Infrastructure is hosted exclusively in EU data centres (AWS Frankfurt, eu-central-1).

For data subject requests, GDPR inquiries, or to exercise any of your rights, contact our Data Protection Officer at privacy@sarona.dev. We respond to all requests within 30 days.

Sarona has completed a SOC 2 Type II examination performed by an independent, AICPA-registered auditing firm. The audit covers a 12-month continuous observation period and is renewed annually to maintain certification.

Our control environment includes: multi-factor authentication on all systems, role-based access controls, continuous vulnerability scanning, documented incident response procedures, AES-256 encrypted backups, change management reviews, and third-party vendor risk assessments.

The full SOC 2 Type II report is available to enterprise customers and qualified prospects under NDA. To request a copy, contact security@sarona.dev with your company name and use case.