Compliance Reports

Compliance reports provide a downloadable record of PII detection activity, designed for regulatory documentation requirements in HIPAA, GDPR, PCI-DSS, and SOX environments.

Prototype scope

The browser extension’s compliance report is generated from per-device detection metadata stored locally and synced to your Sonomos account. The upcoming Sonomos Desktop app produces a tamper-evident, signed audit log spanning every monitored app on the system, with optional MDM-managed delivery to your compliance officer.

What’s included

Each report contains:

• Detection summary — total entities detected, broken down by category and severity
• Timeline — chronological log of detection events (timestamps, severity, category — never the underlying PII text)
• Platform coverage — which sites were scanned and what interceptions occurred
• Masking actions — what was redacted and when (Cloak activity log)
• Send Guard activity — banners shown, modals dismissed, submissions blocked

What’s deliberately not included: the underlying PII text itself. Reports document that detection occurred, not the detected content. This keeps the report itself safe to share with auditors.

Availability

Compliance report download and email delivery are available on the Professional and Teams plans.

Feature	Individual (Free)	Professional	Teams
View detection summary	✅	✅	✅
Download report (PDF)	—	✅	✅
Email report	—	✅	✅
Scheduled report delivery	—	✅	✅
Team-wide aggregate report	—	—	✅
Per-member breakdown	—	—	✅

Generating a report

1. Open the Sonomos dashboard at my.sonomos.ai.
2. Navigate to Reports.
3. Choose a date range (last 7 days, last 30 days, last quarter, or custom).
4. Optional — apply filters: severity, platform, detector category.
5. Click Download to get a PDF, or Email to send it to your registered address.

Teams admins can also schedule reports on a recurring cadence and route delivery to a designated compliance inbox.

Use in audits

Auditors typically want to see:

• That a control existed during the period in question (the report’s date range covers it).
• That the control was active (detection events appear).
• That high-severity events were handled (Cloak masked or Send Guard blocked / acknowledged).

The PDF is laid out to surface those answers quickly. For more nuanced asks (per-system breakdowns, individual incident review), Teams admins can export the underlying data as CSV.

Coming in Sonomos Desktop

The desktop app expands compliance reporting in three directions:

• OS-wide scope — detection events from every monitored app, not just web pages.
• Tamper-evident log — append-only, hash-chained event log signed by your Sonomos Desktop install, suitable for forensic review.
• Managed delivery — MDM-pushable configuration that automatically routes reports to your compliance team without per-user setup.

See the Sonomos Desktop overview for the broader picture.