Created on September 4, 2022
- The Company provides You with an option of using a mobile application, Siren, for the purpose of receiving alerts and automated blocks for communication via phone call, email and messages that Siren deems suspicious or dangerous, as they could potentially result in theft of your Personally Identifiable Information (PII). The data shared by You will be used by the Company to facilitate more accurate detection of potentially dangerous communication and content, and where applicable, to perform individual risk evaluations to underwrite the Siren Cyber Guarantee should you choose to purchase it (“The Guarantee”). The Company ensures the protection of your personal data and information by implementing strict contractual and technical measures to protect the confidentiality of your personal data and information.
- Section 43A of the Information Technology Act, 2000
- Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”); and
- Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.
- The Siren app records and retains the information You provide when You consent to granting the application access to your call, message and email logs. You generally provide (a) Your name, age, phone number, email address; (b) Payment information for the paid version of the application; (c) Device IP address; (d) incoming call logs and contact details, incoming email titles and sender information, incoming SMS message and provider details. The said information collected from the users could be categorized as “Personal Information”, “Sensitive Personal Information”. Personal Information, Sensitive Personal Information and Associated Information shall have the meaning as individually defined under this Policy.
Collection of Data
- The types or categories of Personal Information collected, the method of collection and the processing of the Personal Information by the Company will depend on your use of Siren and the requirements of applicable law. As part of Siren’s services, the Company will collect the following Personal Information from the Users (i) name, (ii) phone number, mobile network operator (iii) address, location info (iv) payment information at the point of purchase including billing address, and bank account details for the purposes of claims payment (v) IP address of the device, (vi) the device model, type and OS (vii) contact logs, email addresses, social media handles and (vii) other information as the User may provide, such as images provided through camera feature or user's camera roll settings.
Siren will also automatically track the following information while using the application:
i) Email Inbox, SMS Inbox and Contact List
Siren App monitors and screen identifies messages that originate from unknown senders (not in your device contacts) , and performs a risk analysis to determine if the SMS or email is fraudulent. We then automatically block high risk messages, and issue an alert to the user. Data from fraudulent messages are used to train our risk models and fraud detection models in order to improve our fraud prevention capabilities. The collection of information is only limited to the extent that such data is available in the relevant messages, and is only available to Siren with the User’s explicit consent and permissions. This information will never be shared or utilised for any purpose apart from risk assessment and training our fraud models.
ii) Device Information and Behavioural Biometrics
Siren receives log information from the App including the IP address, device’s name, type, device’s serial number, ADID of Android device, device operating system, among others. During app usage, Siren monitors User behaviour including typing speed, swiping patterns and looks for indications of potentially fraudulent behaviour, including the presence of bots, remote viewing tools and malware. This information will never be shared or utilised for any purpose apart from risk assessment and training our fraud models.
Our site may issue cookies via the browser to collect information to assign each visitor a unique, random number as a User Identification (User ID).
iv) App Performance Metrics
Siren uses Firebase Analytics to track usage of our application and to analyze users’ behavioural usage patterns and gather app performance metrics. This information is used to improve our application performance, and cannot be attributed to any individual user.
Access of Information
All the information, including Personal Information, provided by the Users (the“User Information”) is maintained by the Company in electronic form on online servers/cloud systems and shall be accessible by certain employees of the Company as mentioned below. The User Information may also be converted to physical form from time to time. Regardless of the manner of storage, the Company will keep all User Information confidential, and will only disclose User Information to the persons mentioned below:
- Its employees on a need-to-know basis. All the Company employees and data processors, who have access to, and are associated with the processing of User Information, are obliged to respect the confidentiality of User Information.
- Third party service providers only to the extent necessary to provide the Users with the Siren cyber protection and Guarantee service. The Company may provide the User Information to third party service providers to work on behalf of or with the Company to provide the Users with the Siren service who will have rights to use and disclose the User Information collected in connection with the provision of these services in accordance with their own privacy policies. The Company does not provide any Personal Information to advertisers for promotional purposes.
- Notwithstanding the above, the Company shall not be responsible for any breach of security or for any actions of any third parties that receive the User Information or events that are beyond the reasonable control of the Company including, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, etc.
- The Company may access, preserve and disclose any User Information in order to (i) comply with law enforcement or national security requests (ii) protect Yours’, Ours’ or others’ rights, property, or safety; (iii) enforce the Company’s policies or contracts; (iv) to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (v) to carry out actions that the Company believes to be necessary or advisable.
- If the Company undergoes any merger, acquisition, reorganization or bankruptcy then the User Information may be sold or transferred as part of such a transaction as permitted by law and/or contract. be transferred, processed and stored in accordance with the applicable data protection laws of India.
- The Company uses a third party payment gateway company to provide you with payment options for the products purchased by You. These companies do not retain, share, store or use personally identifiable information belonging to You for any other purpose than for providing the payment related services and the Company does not take any responsibility and liability with respect to the use of such personally identifiable information whatsoever.
- The Company may retain records of Personal Information received from the Users for the purpose of (i) monitoring and assessing the risk of incoming communication and providing alerts and blocks (ii) purchase of the Siren application and Guarantee (iii) research and development, (iv) business development, (v) submission of claims (vi) using such Personal Information to contact the User to provide details about the Services or (vi) for User administration
- The Company has implemented Indian legal industry standard security policies, rules and technical measures to protect the personal data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. It is expressly stated that the Company shall not be responsible for any breach of security or for any actions of any third parties that receive the Users’ personal data or events that are beyond the reasonable control of the Company including, acts of government, computer hacking, unauthorized access to computer data and storage device, computer crashes, breach of security and encryption, etc.
Use of Personal Information
The Company will use your Personal Information for assessing the potential risk of incoming communications to You via call, email and messages via Siren and for other administrative purposes. Specifically, the data shared by You will be used to:
- Monitor incoming calls , SMS messages and emails to Your device
- Assess the risk levels of the individual communications , block delivery of any incoming communications that are deemed high risk, and providing You with alerts on such activity
- Improve Siren’s detection capabilities with regards to risky communications as described earlier
- Assessing Your individual risk level with regard to the cost and coverage of the Cyber Guarantee (Underwriting)
- Processing of the purchase of the Siren app with Cyber Guarantee
- Evaluation of Claims made by You to avail of the Siren Guarantee
- Share the data given by the Users with third parties only for the purpose of providing Users with notifications in the form of alerts and/or emails for intimation about the status of the product and/or its delivery.
- For administrative purposes such as to making improvements to the checkout experience by detecting and preventing of cyber threats, frauds and other quality control purposes, to respond to any questions, comments, requests for customer support and generally administer the Siren services
- You must not create or otherwise disseminate any information which is incorrect, false, stolen or detrimental to any other User.
Discrepancy and Grievance Redressal
The Company shall address any discrepancies and grievances of all Users with respect to processing of information in a time bound manner. For this purpose, the Company has designated Parag Modi as the ‘Grievance Officer’, who will redress the grievances of the Users expeditiously but within 1 (one) month from the date of receipt of grievance, and who can be reached by:
- Sending a letter marked to the attention of Parag Modi
- Sending an email to firstname.lastname@example.org