Security at Sardine

Security is baked into our DNA at Sardine. We don’t just make awesome products to fight fraud, we also ensure that our platform remains secure for your use and for your data. That is why we are committed to the highest standards of security. Our security and compliance teams are dedicated to maintaining parity with SOC2 and PCI frameworks.

Our information security program begins with NIST CSF (Cybersecurity Framework). We implement and maintain physical, administrative, and technical safeguards designed to protect the confidentiality, integrity, and availability of our services and your data. You can read more about our entire Security Program at our Security Portal and the data we collect here.

Here are some examples of the best practices we use to protect your data:

  • 2FA - two steps authentication adds a layer of protection to your data.
  • Encryption - your data is encrypted at rest and in transit so others can’t read it.
  • Passwords - we use complex passwords and store passwords hashed using industry best practices. We never store passwords in plain text.
  • Whitelisting - configurable whitelisting of IP addresses controls who has access to your data.
  • Penetration testing - we hire firms to test the security of our systems and SDKs.
  • Attestations - we regularly perform internal assessments of our systems and hire others to test our security controls to ensure we are using best practices to keep your data safe.

But don’t just take our word for it. We are audited annually by an independent accounting firm for our SOC 2 Type II report, which is available to our customers. We also have our products and services penetration tested by an independent security testing firm; the summary report is available to our customers.

Still have questions about our information security program? We love bragging about it, please reach out and we’ll be happy to do so.

Responsible Disclosure

Have you found a security issue with one of our products? You can drop us a note to vulnreport@sardine.ai or reach out to our dedicated security team at security@sardine.ai.

For Vermont Customers:
  • We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information with non-affiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.
  • Additional information concerning our privacy policies can be found at crypto.sardine.ai/privacy.
Reasons we can share your personal information
Does Sardine share?
Can you limit this sharing?
For our everyday business purposes—such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Yes
No
For our marketing purposes—to offer our products and services to you
Yes
No
For joint marketing with other financial companies
Yes
No
For our affiliates’ everyday business purposes— information about your transactions and experiences
Yes
No
For our affiliates’ everyday business purposes— information about your creditworthiness
No
We don’t share
For our affiliates to market to you
No
We don’t share
For nonaffiliates to market to you
No
We don’t share
Who we are
Who is providing this notice?
SardineAI Corp.
What we do
How does Sardine protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Sardine protect my personal information?
We collect your personal information, for example, when you:
  • Open an account or provide account information
  • Use your credit or debit card or give us your contact information
  • Tell us who receives the money or tell us where to send the money
We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?
Federal law gives you the right to limit only
  • sharing for affiliates’ everyday business purposes—information about your creditworthiness
  • affiliates from using your information to market to you
  • sharing for nonaffiliates to market to you
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.