Download app
Sardine Protect Privacy Policy
Sardine Protect Privacy Policy
Last Updated: [August 2025]
content

Introduction and Scope

SardineAI Corp. (“SardineAI,” “we,” or “us”) respects your right to privacy and is committed to safeguarding personal information. This Privacy Policy (this “Policy”) explains how we collect, use, store, and disclose personal information collected from users (“users” or “you”) of our Sardine Protectapp, our website (http://protect.sardine.ai), and any related services, including customer support (collectively, the “Services”), in accordance with India’s Digital Personal Data Protection Act 2023 (together with its implementing regulations, the “DPDPA”) and any other applicable data privacy laws or regulations.
This Policy applies to all personal information we collect and process when you use the Services. For purposes of this policy, “personal information” means any information that identifies you or that can reasonably be used to identify you.
By using the Services and/or providing personal information to us, you acknowledge that you have read, understood, and agreed to this Policy. If you do not agree with any part of this Policy, please do not use the Services or provide personal information to us.

Personal Information We Collect

We collect personal information that is necessary for us to provide the Services and to operate our business. The types of personal information we collect, and how we collect it, include:
  1. Information You Provide Directly: When you interact with the Services or Sardine, you may give us information such as:
  2. Identity and Contact Details: For example, your name, email address, phone number, and other contact information. We collect these when you create an account,use the Services, or contact us for support.
  3. Customer Support and Communications: The content of your communications with us (such as via email, chat, or phone) and any additional information you chooseto provide when giving us feedback, responding to surveys, or participating in promotions.
  4. Information We Collect Automatically: When you use the Services and grant the necessarypermissions on your mobile phone or other device, we may automatically collect the following information:
  5. Call Logs: The Services may collect phone numbers associated with incoming and outgoing calls.
  6. Text Messages: The Services may collect information about incoming and outgoing text messages, including sender and recipient contact information and message contents.
  7. Notifications: The Services may collect notifications, banners, and alerts displayed on your device, including the name of the app from which the notifications originated and the notification contents.
  8. Web Addresses: When you click a hyperlink on your device the Services may collect the web address (also known as a “URL”) that the hyperlink points to.
  9. Usage and Device Data: This includes details about your visits and activity on our website or the Sardine Protect app, such as your IP address, browser type, operating system, referral website (the page you visited before coming to our website), pages or features you access, the dates/times of access, and other information about how you interact with our digital services. We use this information to understand user engagement and improve our services. This data is generally collected via cookies,
    server logs, and similar tracking technologies.
  10. Cookies and Similar Technologies: We use cookies (small text files stored on your browser or device) and related technologies to recognize you when you return to our website, remember your preferences, and gather analytics information. Cookies help us analyze website traffic and usage patterns so we can enhance user experience. Most browsers automatically accept cookies, but you can modify your browser settingto block or alert you about cookies. Note that if you disable cookies, some features of our website or service may not function properly. (See the Cookies and Tracking Technologies section for more details.)
  11. Information from Other Sources: In order to detect potential scams and other types of fraud, we may obtain information about you from data vendors and other third parties, including, but not limited to.
We limit our collection of personal information to what is relevant for the purposes described in this Policy. If you choose not to provide certain information (or ask us to delete it), we may not be able to offer you some features of our services.

How We Use Personal Information

SardineAI uses the personal information we collect for the following purposes, which we explain in more detail below. We always strive to use your information in fair and expected ways, and we will notprocess personal information in a manner incompatible with these purposes without your knowledge or consent.
Providing and Improving Our Services:
  1. To Perform Scam and Fraud Detection Services: We use your information to operate our scam and fraud detection services at your request. For example, we use information collectedto detect suspicious phone numbers, message contents, hyperlinks, and payment requests. We also use the information to send you alerts, updates, and administrative messages.
  2. Service Improvement and Analytics: We may analyze usage data and feedback to understand how our services are used and to make improvements, as well as to help identify scam and fraud patterns. This helps us troubleshoot issues, develop new features, and enhance the quality and user experience of SardineAI’s offerings. Where feasible, we use aggregated or de-identified data for analytics, to protect your privacy.
Communication and Marketing:
  1. Communicating with You: We may use your contact information to communicate with you about your account, respond to your inquiries, and fulfill your requests. If you contact our support team, we may use your name and email/phone to respond and will use the details of your issue to resolve it. We may also send notifications about important changes to our terms or this Policy, or other service-related announcements. These transactional or service communications are necessary for us to perform our contract with you or to meet legal obligations, so you may continue to receive these even if you opt out of marketing messages.
  2. Marketing and Promotional Messages: If you have agreed or if it is otherwise permitted by law, we may use your personal information to inform you about new or additional products, services, or promotions that might interest you. We will obtain your consent to send you marketing communications where required.
Legal Compliance and Security:
  1. Compliance with Laws and Regulations: We process personal information as necessary tocomply with our legal obligations. This includes using personal data to satisfy reporting obligations, comply with lawful requests and orders (such as court orders, subpoenas, or requests from regulatory authorities), and to meet obligations under privacy regulations.
  2. Protection of Rights, Security and Preventing Misuse: We may use and disclose personalinformation when we believe it’s necessary to protect the rights, property, or safety of SardineAI, our users, or the public. This can include investigating and mitigating fraudulent transactions or security incidents, detecting and preventing malicious or illegal activity (such as hacking, fraud, or other misuse of our services), and enforcing our terms of service or other agreements. For instance, we might use certain data to verify identity and prevent unauthorized access to accounts, or to monitor for suspicious activity.
  3. Data Security and Incident Response: Internally, information may be accessed and used tomaintain the security of our systems. In the event of a suspected data breach or security threat, we will use relevant personal data to investigate and respond, which might include informing affected individuals and authorities (as discussed in Data Security below)
Other Purposes (with Notice or Consent):
  1. If we intend to use your personal information for a purpose not described in this Policy, we willprovide you with additional notice. In some cases, we may also request your consent if required. We do not use your personal information for purposes that are unrelated to our business without telling you and obtaining your permission when required. We do not engage in automated decision-making or profiling that has legal or similarly significant effects without your knowledge and consent (if it ever becomes relevant, we will update you).
No Selling of Personal Data:
  1. We do not sell, license, or trade your personal information to third parties for their own marketing or other purposes. All uses of personal data are limited to SardineAI’s internal purposes as described above, or as otherwise disclosed to you.

How We Share Personal Information

We understand the importance of keeping your personal information private. However, we may need to share certain personal information with others in the following circumstances:
  1. With Affiliated Companies: We may share personal information with our subsidiaries, and affiliates to provide our services and operate our business.  All entities within our corporate group follow this Policy and are bound to protect your information in the same manner. Access by our employees or personnel is controlled and subject to confidentiality obligations.
  2. Service Providers and Data Processors: We work with third-party service providers and data processors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, hosting, fraud detection, identity verification providers, and related services. When we disclose information with third-party service providers in this capacity, we require them to use your information on our behalf in accordance with our instructions and terms and only process your personal information as necessary to provide the Services to you pursuant to the terms of a binding contract between
    them and SardineAI.
  3. Legal Requirements and Safety: We may disclose personal information to courts, law enforcement, government authorities, or other third parties when we believe it is legally required to do so. Examples include:
  4. Responding to a subpoena, court order, or other binding request from authorities (after verifying its legitimacy);
  5. Sharing information to comply with the law or regulatory obligations (such as reporting requirements to regulators or auditors);
  6. Disclosing information if necessary to enforce our terms of service or other agreements, or to investigate and defend ourselves against any third-party claims or allegations;
  7. Sharing information to protect against fraud, credit risk, or security vulnerabilities; and
  8. In an emergency, sharing information if we believe it will help prevent physical harm or financial loss, or is necessary to protect someone’s vital interests (for instance, releasing information to law enforcement about a credible identity theft or cybercrime situation).
  9. Business Transfers: If SardineAI undergoes a business transition, such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, personal information may be transferred to the successor or acquiring entity as part of that transaction. We would ensure any such transfer is subject to appropriate confidentiality arrangements andthat your personal information remains protected. If a change of ownership occurs, we will provide notice on our website or by other means to inform you of any significant changes to how your personal information is handled (and if applicable, any choices you may have).
  10. With Your Consent or at Your Direction: Apart from the cases above, we will share your personal information with third parties only if you specifically request or consent to such sharing. No Third-Party Advertising Trackers: As stated in the Cookies section, we do not disclose your personal information to third-party ad networks or social media companies for advertising purposes. We also do not engage in “list sharing” with other companies for joint marketing.
We remain responsible for the handling of your personal information in accordance with this Policy, even when it is shared with or processed by third parties on our behalf. Any third-party with whom we share data (such as an infrastructure provider) must meet our standards for security and privacy and, where applicable, meet the requirements of relevant privacy laws.
International Data Access
SardineAI is a United States-headquartered company and operates internationally. Your personal information will be stored in India, but employees or personnel of SardineAI in different countries may have access to personal data on a limited basis. This means, for example, an engineer in the United States access data to fix a technical issue for a user in India. All such internal accesses are logged and controlled. By using our services or providing us with your information, you acknowledge that your personal information may be accessed from countries outside of your country of residence.

Cookies and Tracking Technologies

Like most online services, SardineAI uses cookies and similar tracking technologies on our website. Cookies are small data files placed on your computer or device when you visit a website. They allow the website to remember your actions or preferences over time
How We Use Cookies: We use cookies to make our website function properly, to provide a smooth user experience, and to gather analytics information:
  1. Some cookies are essential for the website to operate, such as those that keep you logged in or enable core features.
  2. Other cookies help us remember your preferences (for example, your language or region) to personalize your experience.
  3. We also use cookies (and similar technologies like local storage or pixels) to collect analytics data about website traffic and user interactions. For instance, cookies may record the pages you visited and the time you spent on the website. We use this information in aggregate form to analyze trends and statistics, so we can improve our website’s design and functionality. This helps us understand which features are popular or if users encounter errors.
Cookie Consent: Currently, we do not use a cookie “pop-up” banner on our website. We only use cookies in ways permitted by applicable law. By using our website without disabling cookies, you are effectively consenting to our use of cookies as described in this Policy.
Third-Party Cookies: SardineAI does not share personal data collected via cookies with third-party companies for their own use.
Your Choices for Cookies: Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or alert you when cookies are being sent. You have the right to control cookies and can delete cookies that have already been set. However, please be aware that if you disable or delete certain cookies, it may affect the functionality of our website – for example, you might not be able to use some features, or your preferences might not be remembered. For information on how to manage cookies in your browser, you can refer to your browser’s help documentation.
Do-Not-Track Signals: Some browsers offer a “Do Not Track” (DNT) setting that allows you to signal your privacy preference regarding tracking by websites. Currently, our website does not respond to DNT signals in any special way (there is no industry standard for DNT), but we only use your data as described in this Policy. We treat all users’ data in accordance with this Policy, and we do not alter ourpractices based on a DNT signal alone.

Data Security

We take steps to ensure that your information is treated securely and in accordance with this Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal information.  By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services or by sending an email to you

Data Retention

We retain personal information for as long as it is necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, which may be up to five years from the date of collectionIn some cases, we may convert personal information into anonymized (irreversibly de-identified) or aggregated form for statistical analysis, research, or business planning. Once data is anonymized so that it can no longer be associated with an individual, it is no longer considered personal information and we may retain and use it indefinitely without further notice to you.

Your Rights and Choices

You have important rights regarding your personal information, including under DPDPA. SardineAI is committed to honouring these rights and providing you with control over your data.
Your key data protection rights include:
  1. Right to Access: You have the right to request confirmation of whether we are processing your personal information, and if so, to access that information. This includes the right to ask for a copy of the personal data we hold about you. We will provide this in a reasonable format (usually electronic). We will respond to access requests as soon as possible, and within any timeframe required by law. In some cases, we may charge a reasonable administrative fee if a request is manifestly unfounded or excessive, or for additional copies as permitted by law, but we will inform you in advance if any fee applies.
  2. Right to Correction: We want to ensure that the personal information we hold is accurate, up-to-date, and complete. If you believe any of your information is incorrect, incomplete, or out of date, you have the right to request that we correct or update it. If for some reason we cannot comply (for instance, if we disagree that the data is incorrect), we will explain why and how you can object.
  3. Right to Erasure: You may have the right to request that we delete your personal information. The DPDPA provides a right of erasure, subject to certain conditions. If you request deletion, we will assess whether the data can be deleted. We will honor deletion requests provided: (a) the data is no longer needed for the purpose it was collected, (b) we have no further legal or contractual obligation to keep it, and (c) no other exceptions apply. If we have shared your data with any service providers, we will take reasonable steps to notify them of the deletion request as well.
  4. Right to Withdraw Consent: Where we rely on your consent to process personal information(for example, for sending marketing emails or for certain optional data collections), you have the right to withdraw that consent at any time. Your withdrawal will not affect the lawfulness of any processing done before the withdrawal, but it will stop the relevant processing going forward. In the context of the DPDPA, consent can be withdrawn by the data principal, and wemust honour that decision.  Additionally, we will make it as easy to withdraw consent as it is togive consent. To withdraw consent for any other processing, simply contact us and specify which consent you are withdrawing. We will then cease processing your data for that purpose,unless we have an alternate legal basis to continue (which we will inform you about if applicable).
  5. Right to Nominate a Representative: You may nominate a representative to exercise your rights on your behalf in case of your death or incapacity. If you choose to do so, please informus in writing (with appropriate verification and legal documentation), and we will work with your nominee as required by law.
How to Exercise Your Rights: To exercise any of your rights, please contact us using the contact information in the next section (Contact Us and Grievances). Provide sufficient information for us to verify your identity (we need to make sure we’re giving data to the right person) and to process your request. For example, we may ask you to confirm control of the email associated with your account orprovide some identifying details. You do not have to use any specific form to make a request; a clear written request via email is often sufficient.
We will respond to your request as quickly as we can and, in any event, within the timeline provided by the DPDPA. If we cannot fulfill your request, we will explain the reasons (for instance, if the requestis unfounded, excessive, or if an exemption applies). In some cases, we may refuse certain requests in accordance with law – for example, we might decline an access request if providing the information would reveal personal data about another person or if a legal exception applies. If so, we will explain our justification and any options you have to challenge the decision.
We will not discriminate against you for exercising your rights. Our services and prices will remain the same for you regardless of whether you choose to exercise privacy rights.
Accessing and Updating Your Information: We encourage you to keep your information up to date.For any information not editable through the account portal, please contact us and we will make the changes for you were feasible.
Contact Us and Grievance Redressal
We welcome any questions, concerns, or requests you may have regarding this Policy or how we handle your personal information. Our goal is to address your inquiries and resolve any issues to yoursatisfaction.
Contact Point:
The primary point of contact for privacy matters at SardineAI is our Privacy Team, which can be contacted at:
SardineAI Corp.
382 NE 191st St, #58243
Miami, Florida
33179-3899
dataprotection@sardine.ai
When we receive a privacy inquiry or complaint, our privacy team will review it and respond as soon as possible. We may ask you to verify your identity if your request involves access to personal data (to ensure we don’t disclose data to the wrong person). We take all privacy complaints seriously and will do our best to resolve any issues directly with you.
Grievance Redressal: If you are in India and have a specific grievance under the DPDPA, you can also use the contact information above to lodge your grievance. In your email or letter, please mentionthat it is a “DPDPA grievance” and describe the issue in detail. We will acknowledge your complaint and strive to resolve it within the timeframe prescribed by Indian law or as soon as possible. Currently,we do not have a designated “Grievance Officer,” but our Privacy Team fulfills this function.
Language: We can communicate with you in English. If you require another language, we will do our best to accommodate or provide translation, especially for requests from India where local language support may be needed.
Changes to this Policy
We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we do make changes, we will post the updated Policy on our website and change the “Last updated” date at the top. If the changes are significant, we will also take additional steps to notify you of the updates. This could include posting a prominent notice on our website or sending you a direct notification (such as an email or in-app alert) explaining the changes.
We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of the Services after any changes to this Policy will be deemed acceptance of those changes, to the extent permitted by law.
If we were to materially change the purposes for which we use your personal information or the way we collect or process that information, we would seek your consent again where required by law
© 2025 SardineAI Corp.
PRIVACY POLICY
TERMS OF SERVICE
FAQS
SARDINE.AI