Siren

PRIVACY POLICY

Created on September 4, 2022

Introduction
1. This privacy policy (“Privacy Policy”), read together with the terms of use located at (“End User Licence Agreement, EULA”) constitute a legal and binding agreement (“Agreement”) between You (hereinafter referred to as “You”, or “Your” or “User(s)” and Bureau Inc. (the “Company”), having its registered office at (“Flat No.1002, 10th Floor, Safal heights, Moti Baug, Next to Ratna Market, Chembur, Mumbai City MH 400071 IN”) and provides, inter alia, the terms that govern Your access and use of the Company’s mobile application for personal cybersecurity, and associated website (“SirenID).”
2. The Company provides You with an option of using a mobile application, Siren, for the purpose of receiving alerts and automated blocks for communication via phone call, email and messages that Siren deems suspicious or dangerous, as they could potentially result in theft of your Personally Identifiable Information (PII). The data shared by You will be used by the Company to facilitate more accurate detection of potentially dangerous communication and content, and where applicable, to perform individual risk evaluations to underwrite the Siren Cyber Guarantee should you choose to purchase it (“The Guarantee”). The Company ensures the protection of your personal data and information by implementing strict contractual and technical measures to protect the confidentiality of your personal data and information.
3. This Privacy Policy describes the Company’s policies and procedures on the collection and procedures on the collection, use and disclosure of the information provided by the users of Siren (together referred to as the “Users”). The Company shall not use the User’s information in any manner except as provided under this Privacy Policy. Every User who accesses or uses Siren agrees to be bound by the terms of this Privacy Policy and terms of service.
4. This Privacy Policy is published in compliance of:
  - Section 43A of the Information Technology Act, 2000
  - Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”); and
  - Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.
5. The Siren app records and retains the information You provide when You consent to granting the application access to your call, message and email logs. You generally provide (a) Your name, age, phone number, email address; (b) Payment information for the paid version of the application; (c) Device IP address; (d) incoming call logs and contact details, incoming email titles and sender information, incoming SMS message and provider details. The said information collected from the users could be categorized as “Personal Information”, “Sensitive Personal Information”. Personal Information, Sensitive Personal Information and Associated Information shall have the meaning as individually defined under this Policy.
Collection of Data
- The types or categories of Personal Information collected, the method of collection and the processing of the Personal Information by the Company will depend on your use of Siren and the requirements of applicable law. As part of Siren’s services, the Company will collect the following Personal Information from the Users (i) name, (ii) phone number, mobile network operator (iii) address, location info (iv) payment information at the point of purchase including billing address, and bank account details for the purposes of claims payment (v) IP address of the device, (vi) the device model, type and OS (vii) contact logs, email addresses, social media handles and (vii) other information as the User may provide, such as images provided through camera feature or user's camera roll settings.
  
  Siren will also automatically track the following information while using the application:
  
  i) Email Inbox, SMS Inbox and Contact List
  ‍
  Siren App monitors and screen identifies messages that originate from unknown senders (not in your device contacts) , and performs a risk analysis to determine if the SMS or email is fraudulent. We then automatically block high risk messages, and issue an alert to the user. Data from fraudulent messages are used to train our risk models and fraud detection models in order to improve our fraud prevention capabilities. The collection of information is only limited to the extent that such data is available in the relevant messages, and is only available to Siren with the User’s explicit consent and permissions. This information will never be shared or utilised for any purpose apart from risk assessment and training our fraud models.
  
  ii) Device Information and Behavioural Biometrics
  
  Siren receives log information from the App including the IP address, device’s name, type, device’s serial number, ADID of Android device, device operating system, among others. During app usage, Siren monitors User behaviour including typing speed, swiping patterns and looks for indications of potentially fraudulent behaviour, including the presence of bots, remote viewing tools and malware. This information will never be shared or utilised for any purpose apart from risk assessment and training our fraud models.
  
  iii) Cookies
  
  Our site may issue cookies via the browser to collect information to assign each visitor a unique, random number as a User Identification (User ID).
  
  iv) App Performance Metrics
  
  Siren uses Firebase Analytics to track usage of our application and to analyze users’ behavioural usage patterns and gather app performance metrics. This information is used to improve our application performance, and cannot be attributed to any individual user.
- The information specified in clause II(1) above is collected for reasons limited to (i) customer identification, (ii) customer risk profiling in service of underwriting a cyber security guarantee (iii) to screen for and flag potentially suspicious or dangerous communications in the form of SMS, email or phone calls, (iv) to trigger notifications using the User’s device only for the purposes of informing and alerting the User to potential threats, and/or (v) to make improvements to the Siren experience including detecting and preventing of cyber threats, frauds and other such attacks. The Users of Siren agree to be bound by the terms of this Privacy Policy and terms of service.
- By granting Siren the requested in application access permissions,, You are expressly consenting to its collection, processing, storing, disclosing and handling of Your information as set forth in this Privacy Policy now and as amended by the Company. Processing of Your information in any way, including, but not limited to, collecting, storing, deleting, using, combining, sharing, transferring and disclosing information, all of which activities will take place in India. If You reside outside India Your information will be transferred, processed and stored in accordance with the applicable data protection laws of India.
Access of Information
- All the information, including Personal Information, provided by the Users (the“User Information”) is maintained by the Company in electronic form on online servers/cloud systems and shall be accessible by certain employees of the Company as mentioned below. The User Information may also be converted to physical form from time to time. Regardless of the manner of storage, the Company will keep all User Information confidential, and will only disclose User Information to the persons mentioned below:
  - Its employees on a need-to-know basis. All the Company employees and data processors, who have access to, and are associated with the processing of User Information, are obliged to respect the confidentiality of User Information.
  - Third party service providers only to the extent necessary to provide the Users with the Siren cyber protection and Guarantee service. The Company may provide the User Information to third party service providers to work on behalf of or with the Company to provide the Users with the Siren service who will have rights to use and disclose the User Information collected in connection with the provision of these services in accordance with their own privacy policies. The Company does not provide any Personal Information to advertisers for promotional purposes.
  - Notwithstanding the above, the Company shall not be responsible for any breach of security or for any actions of any third parties that receive the User Information or events that are beyond the reasonable control of the Company including, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, etc.
- The Company may access, preserve and disclose any User Information in order to (i) comply with law enforcement or national security requests (ii) protect Yours’, Ours’ or others’ rights, property, or safety; (iii) enforce the Company’s policies or contracts; (iv) to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (v) to carry out actions that the Company believes to be necessary or advisable.
- If the Company undergoes any merger, acquisition, reorganization or bankruptcy then the User Information may be sold or transferred as part of such a transaction as permitted by law and/or contract. be transferred, processed and stored in accordance with the applicable data protection laws of India.
Privacy Statements
- A condition of each User’s use of and access to the Siren services is their acceptance of the EULA, which also involves acceptance of the terms of this Privacy Policy. Any User that does not agree with any provisions of the same is required to not avail Siren for cybersecurity protection or other services.
- The Company uses a third party payment gateway company to provide you with payment options for the products purchased by You. These companies do not retain, share, store or use personally identifiable information belonging to You for any other purpose than for providing the payment related services and the Company does not take any responsibility and liability with respect to the use of such personally identifiable information whatsoever.
- The Company may retain records of Personal Information received from the Users for the purpose of (i) monitoring and assessing the risk of incoming communication and providing alerts and blocks (ii) purchase of the Siren application and Guarantee (iii) research and development, (iv) business development, (v) submission of claims (vi) using such Personal Information to contact the User to provide details about the Services or (vi) for User administration
- The Company has implemented Indian legal industry standard security policies, rules and technical measures to protect the personal data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. It is expressly stated that the Company shall not be responsible for any breach of security or for any actions of any third parties that receive the Users’ personal data or events that are beyond the reasonable control of the Company including, acts of government, computer hacking, unauthorized access to computer data and storage device, computer crashes, breach of security and encryption, etc.
- The Company will not disclose any Personal Information or data to governmental institutions or authorities unless such disclosure is requisitioned under any Indian law or judicial decree or when the Company, in its sole discretion, deems it necessary in order to protect its rights or the rights of others, to prevent harm to persons or property, to fight fraud and credit risk, or to enforce or apply our Terms of Use.
Use of Personal Information
- The Company will use your Personal Information for assessing the potential risk of incoming communications to You via call, email and messages via Siren and for other administrative purposes. Specifically, the data shared by You will be used to:
  - Monitor incoming calls , SMS messages and emails to Your device
  - Assess the risk levels of the individual communications , block delivery of any incoming communications that are deemed high risk, and providing You with alerts on such activity
  - Improve Siren’s detection capabilities with regards to risky communications as described earlier
  - Assessing Your individual risk level with regard to the cost and coverage of the Cyber Guarantee (Underwriting)
  - Processing of the purchase of the Siren app with Cyber Guarantee
  - Evaluation of Claims made by You to avail of the Siren Guarantee
  - Share the data given by the Users with third parties only for the purpose of providing Users with notifications in the form of alerts and/or emails for intimation about the status of the product and/or its delivery.
  - For administrative purposes such as to making improvements to the checkout experience by detecting and preventing of cyber threats, frauds and other quality control purposes, to respond to any questions, comments, requests for customer support and generally administer the Siren services
Change to privacy policy
- The Users acknowledge that this Privacy Policy is part of the Terms of Use (EULA) and unconditionally agree that becoming a User of Siren signifies their assent to this Privacy Policy. User’s visit and any dispute over privacy is subject to this policy and Terms of Use. The Company may update this Privacy Policy at any time, with or without advance notice. If a User uses the Service after changes have been made to the Privacy Policy, such User hereby provides his/her/its consent to the changed practices.
Users Obligations
- You must, at all times, adhere to the EULA and this Privacy Policy. This includes not misusing all intellectual property rights which may belong to the Company or third parties.
- You must not create or otherwise disseminate any information which is incorrect, false, stolen or detrimental to any other User.
- Any violation of this Privacy Policy may lead to the restriction, suspension or termination of Your access to Siren by the Company, as we take these principles seriously and consider them to be the basis on which our Users adhere to the Company policies and the Services which it offers.
Data Retention
- The Company reserves the right to retain the User Information received by it and described in this Privacy Policy for as long as You use Siren or as necessary to fulfil the purpose(s) for which it was collected, to resolve disputes, conduct audits, enforce agreements, and comply with applicable laws.
Discrepancy and Grievance Redressal
- The Company shall address any discrepancies and grievances of all Users with respect to processing of information in a time bound manner. For this purpose, the Company has designated Parag Modi as the ‘Grievance Officer’, who will redress the grievances of the Users expeditiously but within 1 (one) month from the date of receipt of grievance, and who can be reached by:
  - Sending a letter marked to the attention of Parag Modi
  - Sending an email to privacy@bureau.id

Siren

PRIVACY POLICY

Introduction

Collection of Data

Access of Information

Privacy Statements

Use of Personal Information

Change to privacy policy

Users Obligations

Data Retention

Discrepancy and Grievance Redressal