Sunshine Conversations authenticates callers to its API using JSON Web Tokens (JWTs) that allow access to be scoped to several different levels and can be set to expire at a specific date and time. Access to Sunshine Conversations data through JWTs can be limited to access to an individual user's conversation history and metadata, access to a single business account (app) and all of the user data contained within it, access to a group of business accounts (such as parent company and divisions) as well as global access for all business accounts provisioned on the software provider’s system.

With respect to audits and logs, all generated logs are transferred and stored in a secured and encrypted location. In the event of suspected or confirmed unauthorized data access, Sunshine Conversations can provide audit logs to help you investigate, respond to, and remediate the issue.

To export the data from Sunshine Conversations, please follow the steps described in Meeting a data portability obligation.

To meet a correction obligation, Sunshine Conversations allows you to delete the existing information and re-create the personal data with the necessary fixes.

See Meeting an erasure obligation for more detail.

To delete a user's personal data, Sunshine Conversations gives you full control over app, user, and message deletion. You can easily delete a single user profile along with the conversation history attached to it. You can also delete single messages. Sunshine Conversations also supports deleting an app. This means you can delete a customer (a business) and immediately delete all associated data of the users of that business.

Businesses can easily export data about users, including metadata and conversation history, to another system as required by privacy and data protection law. The feature exports data in a commonly used machine readable format (JSON), which can then be imported into another system. The Get App User API allows you to retrieve all of the metadata (including channel-specific metadata) Sunshine Conversations stores on a user. The Get Messages API retrieves all the messages exchanged between your software and a user, across any channel the user has used to communicate. If your software takes advantage of Sunshine Conversations’s built-in business system integrations, you can use the Get App User Business System IDs to find the business system entity (such as a ticket ID or Slack channel) associated with the user.

Since Sunshine Conversations as a platform does not actively offer direct marketing as a feature, it's up to the business to be aware of how the end user information is being used. With that, if the business wishes to meet this objection obligation within the platform, Sunshine Conversations allows you to delete the existing information and re-create the personal data with the necessary fixes. See Meeting an erasure obligation for more detail.