More than 4500 businesses trust Sunshine Conversations with their customer communications, expecting their data to be protected and secure. That’s why we sweat the details. Through rigorous security checks, data encryption, employee screenings and compliance with industry regulations, we ensure your data is safe with us.

Data center and network security

Sunshine Conversations services are hosted on Amazon Web Services. As such, Sunshine Conversations inherits the control environment which Amazon maintains and demonstrates via SSAE-16 SOC 1, 2 and 3, ISO 27001 and FedRAMP/FISMA reports and certifications. Web servers and databases run on servers in secure data centers.

Access Controls

Logical access to the Sunshine Conversations production system is restricted by an explicit need-to-know basis, utilizes least privilege. It is frequently audited and monitored and is controlled by our production and security teams. Premises are monitored and access is logged.

Data Encryption

Sunshine Conversations encrypts all customer data, both in transit and at rest. Communications between you and Sunshine Conversations servers are encrypted via HTTPS and Transport Layer Security (TLS) industry best-practices.

Best practices and education

We implement industry best practices to ensure the confidentiality and integrity of your data.

Incident response plan

We have implemented a formal procedure for security events and have educated all our staff on our policies.

Background checks

All new employees on teams that have access to customer data (such as technical support and engineers) undergo criminal history and background checks prior to employment.

Confidentiality agreements

All new hires are screened through the hiring process and required to sign non-disclosure and confidentiality agreements.

Security and privacy training

All new employees attend a security training during the onboarding process. In addition, all employees must take the Zendesk Security and Privacy training once a year, which covers the information security policies, security best practices, and privacy principles.

  • SOC 2 Type 2

    As of March 31 2020, Sunshine Conversations has completed its SOC 2 Type 2 audit for the Security and Availability Trust Services Principles. Our SOC 2 Type 2 report is available upon request and subject to NDA. For more information, contact us at

  • Privacy Shield Certification

    Sunshine Conversations complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and from the Switzerland.

  • GDPR

    Sunshine Conversations has designed its Privacy Program based on European, Canadian and US privacy laws to ensure that no matter where they are located, customers using our platform will be able to comply with any privacy framework, including the GDPR.

  • Payment processing

    All payment instrument processing is outsourced to Stripe, making Sunshine Conversations not subject to PCI compliance obligations.

  • Internal processes and audit

    Our Chief Privacy Officer works with our developers to make sure we comply with applicable international privacy laws.

  • Service data processing

    We primarily process personal data on behalf of our customers. Our privacy practices are outlined in the privacy statement for service data.

  • Data collection

    We collect a limited amount of personal data for our own internal purposes, that is governed by the privacy policy.

  • European Union Data Hosting

    Customers with strict data residency requirements have the option of having their data hosted, stored and backed up entirely within the EU. Available upon request. Learn more.