Download app
Sardine Shield Privacy Policy
Sardine Shield Privacy Policy
Last Updated: October 16, 2025
content

Introduction and Scope

SardineAI Corp. (“SardineAI,” “we,” or “us”) respects your right to privacy and is committed to safeguarding personal information. This Privacy Policy (this “Policy”) explains how we collect, use, store, and disclose personal information collected from users (“users” or “you”) of our SardineShield app, our website (https://www.sardine.ai/shield), and any related services, including customer support(collectively, the “Services”), in accordance with India’s Digital Personal Data Protection Act 2023, asand when brought into force (together with its implementing rules and regulations, the “DPDPA”), andany other applicable data privacy laws or regulations.
This Policy applies to all personal information we collect and process when you use the Services. For purposes of this policy, “personal information” means any information that identifies you or that can reasonably be used to identify you or relates to you.
By ticking the “I agree/I accept” checkbox, you acknowledge that you have read, understood, and agreed to this Policy and consent to the processing of your personal information in the manner provided under this Policy. If you do not agree with any part of this Policy, please do not use the Services orprovide personal information to us.

Personal Information We Collect

We collect personal information that is necessary for us to provide the Services and to operate ourbusiness. The types of personal information we collect, and how we collect it, include:
  1. Information You Provide Directly: When you interact with the Services or Sardine, you maygive us information such as:
  2. Identity and Contact Details: For example, your name, email address, phone number, and other contact information. We collect these when you create an account, use the Services, or contact us for support.
  3. Customer Support and Communications: The content of your communications withus (such as via email, chat, or phone) and any additional information you choose toprovide when giving us feedback, responding to surveys, or participating in promotions.
  4. Information We Collect Automatically: When you use the Services and grant the necessarypermissions on your mobile phone or other device, we may automatically collect the followinginformation:
  5. Call Logs: The Services may collect phone numbers associated with incoming andoutgoing calls.
  6. Text Messages: The Services may collect information about incoming and outgoing text messages, including sender and recipient contact information and message contents.
  7. Notifications: The Services may collect notifications, banners, and alerts displayed on your device, including the name of the app from which the notifications originated and the notification contents.
  8. Web Addresses: When you click a hyperlink on your device the Services may collect the web address (also known as a “URL”) that the hyperlink points to.
  9. Usage and Device Data: This includes details about your visits and activity on our website or the SardineShield app, such as your IP address, browser type, operating system, referral website (the page you visited before coming to our website), pages or features you access, the dates/times of access, and other information about how you interact   with   our   digital   services.   We   use   this   information   to   understand   user engagement and improve our Services. This data is generally collected via cookies, server logs, and similar tracking technologies.
  10. Cookies and Similar Technologies: We use cookies (small text files stored on your browser or device) and related technologies to recognize you when you return to our website, remember your preferences, and gather analytics information. Cookies helpus analyze website traffic and usage patterns so we can enhance user experience. Most browsers automatically accept cookies, but you can modify your browser setting to block or alert you about cookies. Note that if you disable cookies, some features ofour website or Service may not function properly. (See the Cookies and Tracking Technologies section for more details.)
  11. Information from Other Sources: In order to provide caller-ID features, detect potential scams and other types of fraud, we may obtain information about you from data vendors and other third parties, including, but not limited to SurePass and InstantPay.
We limit our collection of personal information to what is relevant for the purposes described in this Policy. If you choose not to provide certain information (or ask us to delete it), we may not be able tooffer you some or all features of our Services.

Processing of Third-Party Personal Information

To the extent you choose to provide us access to any third-party personal information in relation to the provision of Services, you here by represent that you are authorised to share such information with us.We use such information for providing and improving our Services in the manner explained in t his Policy.

How We Use Personal Information

SardineAI uses the personal information we collect for the following purposes, which we explain in more detail below. We always strive to use your information in fair and expected ways, and we will not process personal information in a manner incompatible with these purposes without your knowledge and/or consent.
Personal Information Purposes Enabled
Name, email address, phone number, other contact information
  • For enabling you to create an account, to provide you and for you to use the Services
  • For communicating with you including responding to your inquiries, sending you alerts, updates and Service related communications
  • For marketing and promotional communications
  • For compliance with our legal obligations – including reporting obligations, responding to requests from legal authorities
  • To investigate data security incidents in relation to our Services and systems
Call logs (phone numbers associated with incoming and outgoing calls), phone books, messages (including message content, sender and recipient information), notifications, and web addresses
  • For enabling us to provide Services including scam and fraud detection services at your request. For example, we use information collected to detect suspicious phone numbers, message contents, hyperlinks, and payment requests, as well as to whitelist individuals in your phone book
  • For improving our Services, undertaking analytics, identify scam and fraud patterns, develop new features
  • Enhance quality and user experience of Sardine AI offerings
  • Compliance with our legal obligations where necessary including to satisfy reporting obligations, comply with lawful requests and orders (such as court orders, subpoenas, or requests from regulatory authorities)
  • Protect the rights, property, or safety of Sardine AI, our users or the public, including investigating and mitigating fraudulent transactions or security incidents, detecting and preventing malicious or illegal activity (such as hacking, fraud, or other misuse of our services), enforcing our terms of service or other agreements, to investigate and defend ourselves against any claims or allegations. For instance, we might use certain data to verify identity and prevent unauthorized access to accounts, or to monitor for suspicious activity
  • To investigate data security incidents in relation to our Services and systems
Usage data, cookies, and device data
  • To understand user engagement and improve our Services including how you access and interact with our services, remember your preferences
  • For assessing troubleshooting issues in relation to our Services and other such technical functions
  • For analysing feedback on our Services as well as identify and detect fraud patterns
  • Enhance your user experience on your device or browser
  • To investigate data security incidents in relation to our Services and systems
Personal Information provided to us as part of your communications with us
  • Responding to your communications, inquiries and requests
  • Processing any feedback, and improving our Services, undertaking analytics, identify scam and fraud patterns, develop new features
  • Responding to surveys, or participating in promotions
  • For enabling us to provide Services including scam and fraud detection services
  • Protect the rights, property, or safety of Sardine AI
  • Compliance with our legal obligations where necessary including to satisfy reporting obligations, comply with lawful requests and orders (such as court orders, subpoenas, or requests from regulatory authorities)
Where feasible, we use aggregated or de-identified data for carrying out analytics, to protect yourprivacy.
Other Purposes (with Notice or Consent):
  1. If we intend to use your personal information for a purpose not described in this Policy, we will provide you with additional notice. In some cases, we may also request your consent if required. We do not use your personal information for purposes that are unrelated to our business without telling you and obtaining your permission when required. We do not engage in automated decision-making or profiling that has legal or similarly significant effects without your knowledge and consent (if it ever becomes relevant, we will update you).
No Selling of Personal Data:
  1. We do not sell, license, or trade your personal information to third parties for their own marketingor other purposes. All uses of personal data are limited to SardineAI’s internal purposes as described above, or as otherwise disclosed to you.

How We Share Personal Information

We understand the importance of keeping your personal information private. However, we may need to share certain personal information with others in the following circumstances:
  1. With Affiliated Companies and Contractors: We may share personal information with our subsidiaries, affiliates, and third-party contractors, including Cheeni Labs Pvt. Ltd., to provide our Services and operate our business.  All entities within our corporate group, as well as our contractors, follow this Policy and are bound to protect your information in the same manner. Access by our employees or personnel is controlled and subject to confidentiality obligations.
  2. Service Providers and Data Processors: We work with third-party service providers and data processors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, hosting, fraud detection, identity verification providers, and related services. When we disclose information with third-party service providers in this capacity, we require them to use your information on our behalf in accordance with our instructions and terms and only process your personal information as necessary to provide the Services to you pursuant to the terms of a binding contract between them and SardineAI.
  3. Legal Requirements and Safety: We may disclose personal information to courts, law enforcement, government authorities, or other third parties when we believe it is legally requiredto do so. Examples include:
  4. Responding to a subpoena, court order, or other binding request from authorities (afterverifying its legitimacy);
  5. Sharing information to comply with the law or regulatory obligations (such as reporting requirements to regulators or auditors);
  6. Disclosing information if necessary to enforce our terms of service or other agreements, or to investigate and defend ourselves against any third-party claims or allegations;
  7. Sharing information to protect against fraud, credit risk, or security vulnerabilities; and
  8. In an emergency, sharing information if we believe it will help prevent physical harm or financial loss, or is necessary to protect someone’s vital interests (for instance, releasing information to law enforcement about a credible identity theft or cybercrime situation).
  9. Business Transfers: If SardineAI undergoes a business transition, such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, personal information may be transferred to the successor or acquiring entity as part of that transaction. We would ensure any such transfer is subject to appropriate confidentiality arrangements and that your personal information remains protected. If a change of ownership occurs, we will provide notice on our website or by other means to inform you of any significant changes to how your personal information is handled (and if applicable, any choices you may have).
  10. With Your Consent or at Your Direction: Apart from the cases above, we will share your personal information with third parties only if you specifically request or consent to such sharing.
  11. No Third-Party Advertising Trackers: As stated in the Cookies section, we do not disclose your personal information to third-party ad networks or social media companies for advertising purposes. We also do not engage in “list sharing” with other companies for joint marketing.
We remain responsible for the handling of your personal information in accordance with this Policy, even when it is shared with or processed by third parties on our behalf. Any third-party with whom we share data (such as an infrastructure provider) must meet our standards for security and privacy and, where applicable, meet the requirements of relevant privacy laws.
International Data Access
SardineAI is a United States-headquartered company and operates internationally. Your personal information will be stored in India, but employees or personnel of SardineAI in different countries may have access to personal data on a limited basis. This means, for example, an engineer in the United States access data to fix a technical issue for a user in India. All such internal accesses are logged and controlled. You hereby acknowledge that your personal information may be accessed from countries outside of your country of residence in relation to the provision of Services.

Cookies and Tracking Technologies

Like most online services, SardineAI uses cookies and similar tracking technologies on our website. Cookies are small data files placed on your computer or device when you visit a website. They allow the website to remember your actions or preferences over time.
How We Use Cookies: We use cookies to make our website function properly, to provide a smooth user experience, and to gather analytics information:
  1. Some cookies are essential for the website to operate, such as those that keep you logged inor enable core features.
  2. Other cookies help us remember your preferences (for example, your language or region) topersonalize your experience.
  3. We also use cookies (and similar technologies like local storage or pixels) to collect analytics
    data about website traffic and user interactions. For instance, cookies may record the pages
    you visited and the time you spent on the website. We use this information in aggregate form to analyze trends and statistics, so we can improve our website’s design and functionality. This
    helps us understand which features are popular or if users encounter errors.
Cookie Consent: Currently, we do not use a cookie “pop-up” banner on our website. We only use cookies in ways permitted by applicable law. By using our website without disabling cookies, you are effectively consenting to our use of cookies as described in this Policy.
Third-Party Cookies: SardineAI does not share personal data collected via cookies with third-party companies for their own use.
Your Choices for Cookies: Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or alert you when cookies are being sent. You have theright to control cookies and can delete cookies that have already been set. However, please be aware that if you disable or delete certain cookies, it may affect the functionality of our website – for example, you might not be able to use some features, or your preferences might not be remembered. For information on how to manage cookies in your browser, you can refer to your browser’s help documentation
Do-Not-Track Signals: Some browsers offer a “Do Not Track” (DNT) setting that allows you to signal your privacy preference regarding tracking by websites. Currently, our website does not respond to DNT signals in any special way (there is no industry standard for DNT), but we only use your data as described in this Policy. We treat all users’ data in accordance with this Policy, and we do not alter our practices based on a DNT signal alone.

Data Security

We take steps to ensure that your information is treated securely and in accordance with this Policy and applicable data protection laws. Unfortunately, no system is 100% secure, and we cannot ensure orwarrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal information.You hereby agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services or by sending an email to you where required by applicable laws.

Data Retention

We retain personal information for as long as it is necessary to fulfill the purposes for which we collectedit, including for the purposes of satisfying any legal, accounting, or reporting requirements, which maybe up to five years from the date of collection or till you withdraw your consent to our processing of your personal data, whichever is earlier. Where you have withdrawn consent, we may nevertheless retain such data if it is required to comply with applicable laws. In some cases, we may convert personal information into anonymized (irreversibly de-identified) or aggregated form for statistical analysis, research, or business planning. Once data is anonymized so that it can no longer be associated with an individual, it is no longer considered personal information and we may retain and use it indefinitely without further notice to you.

Your Rights and Choices

You have important rights regarding your personal information, including under DPDPA. SardineAI is committed to honouring these rights and providing you with control over your data.
Your key data protection rights include:
  1. Right to Access: You have the right to request confirmation of whether we are processing your
    personal information, and if so, to access that information. This includes the right to ask for a copy of the personal data we hold about you. We will provide this in a reasonable format (usually electronic). We will respond to access requests as soon as possible, and within any timeframe required by law, if any. In some cases, we may charge a reasonable administrative fee if arequest is manifestly unfounded or excessive, or for additional copies as permitted by law, but we will inform you in advance if any fee applies.
  2. Right to Correction: We want to ensure that the personal information we hold is accurate, up-to-date, and complete. If you believe any of your information is incorrect, incomplete, or out of date, you have the right to request that we correct or update it. If for some reason we cannot comply (for instance, if we disagree that the data is incorrect), we will explain why and how you can object.
  3. Right to Erasure: You may have the right to request that we delete your personal information.The DPDPA provides a right of erasure, subject to certain conditions. If you request deletion,we will assess whether the data can be deleted. We will honor deletion requests provided: (a)the data is no longer needed for the purpose it was collected, (b) we have no other legal basis to keep it, and (c) no other exceptions apply. If we have shared your data with any service providers, we will take steps to notify them of the deletion request as well, and ensure that they have deleted your data (unless the above exceptions apply).
  4. Right to Withdraw Consent: Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. Your withdrawal will not affect the lawfulness of any processing done before the withdrawal, but it will stop the relevant processing going forward. In the context of the DPDPA, consent can be withdrawn by the data principal, and we must honour that decision.  Additionally, we will make it as easy to withdraw consent as it is to give consent. To withdraw consent, simply contact us and specify which consent you are withdrawing. We will then cease processing your data for that purpose, unless we have an alternate legal basis to continue (which we will inform you about if applicable).
  5. Right to Nominate a Representative: You may nominate a representative to exercise your rights on your behalf in case of your death or incapacity. If you choose to do so, please informus in writing (with appropriate verification and legal documentation, where applicable), and w ewill work with your nominee as required by law.
  6. Right to Grievance Redressal: If you have any questions, concerns, or requests regarding this Policy or how we handle your personal information, you can use the contact information below to lodge your grievance.
How to Exercise Your Rights: o exercise any of your rights, please contact us using the contact information in the next section (Contact Us and Grievances). Provide sufficient information for us to verify your identity (we need to make sure we’re giving data to the right person) and to process you rrequest. For example, we may ask you to confirm control of the email associated with your account or provide some identifying details. You do not have to use any specific form to make a request; a clear written request via email is often sufficient.
We will respond to your request as quickly as we can and, in any event, within the timeline provided under applicable data protection laws. If we cannot fulfill your request, we will explain the reasons (for instance, if the request is unfounded, excessive, or if an exemption applies). In some cases, we may refuse certain requests in accordance with law – for example, we might decline an access request if providing the information would reveal personal data about another person (where applicable) or if alegal exception applies. If so, we will explain our justification and any options you have to challenge the decision.
We will not discriminate against you for exercising your rights. Our Services and prices will remain the same for you regardless of whether you choose to exercise privacy rights, unless such exercise of rights impacts our ability to provide the Services.
Accessing and Updating Your Information: We encourage you to keep your information up to date. For any information not editable through the account portal, please contact us and we will make the changes for you, where feasible.
Contact Us and Grievance Redressal
We welcome any questions, concerns, or requests you may have regarding this Policy or how we handle your personal information. Our goal is to address your inquiries and resolve any issues to your satisfaction.
Contact Point:
The primary point of contact for privacy matters at SardineAI is our Privacy Team, which can be contacted at:
SardineAI Corp.
Attn: Legal Department
382 NE 191st St, #58243
Miami, Florida
33179-3899
privacy@sardine.ai
When we receive a privacy inquiry or complaint, our privacy team will review it and respond as soon as possible. We may ask you to verify your identity if your request involves access to personal data (to ensure we don’t disclose data to the wrong person). We take all privacy complaints seriously and will do our best to resolve any issues directly with you.
Language: We can communicate with you in English. If you require another language, we will do our best to accommodate or provide translation, especially for requests from India where translated versions of this Policy may be made available upon a user’s request.
Changes to this Policy
We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we do make changes, we will post the updated Policy on our website and change the “Last updated” date at the top. If the changes are significant, we will also take additional steps to notify you of the updates. This could include posting a prominent notice on our website or sending you a direct notification (such as an email or in-app alert) explaining thechanges.
We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of the Services after any changes to this Policy will be deemed acceptance of those changes, to the extent permitted by law.
If we were to materially change the purposes for which we use your personal information or the way we collect or process that information, we would seek your consent again where required by law.
© 2025 SardineAI Corp.
PRIVACY POLICY
TERMS OF SERVICE
FAQS
SARDINE.AI