This page explains how SUNURA handles account, usage, and compliance evidence data in the product. It is written for commercial evaluation and should be reviewed with your legal and privacy teams before launch.
SUNURA may process account-owner details, business profile data, company address, registration or tax identifiers when provided, tenant configuration, compliance events, disclosure evidence, provenance records, audit logs, subscription metadata, and support communications.
Data is used to provide the compliance service, create customer workspaces, support business onboarding review, enforce plan limits, support audit evidence, secure the platform, respond to support requests, and improve reliability.
SUNURA records security events such as registration, login, failed login, duplicate registration attempts, and internal team-console access. These records may include IP address, IP class, browser user agent, origin, referrer, language header, account email, risk flags, and timestamps so SUNURA can detect abuse, investigate suspicious activity, and protect customers.
The product is designed around authenticated access, tenant separation, hash-chained evidence, retention policy, and production integration points for managed signing and key custody.
Retention depends on plan, tenant policy, evidence type, and legal basis. Customers should configure retention periods that match their compliance, privacy, and contractual obligations.
Enterprise customers may require a separate data processing agreement, security review, subprocessors list, residency commitments, and incident notification terms. Contact SUNURA before using the service for regulated production data that requires special contractual treatment.