Privacy Policy

Effective Date: November 19, 2025

This Privacy Policy explains how Split Rock AI LLC, operating as Siren ("we," "our," or "us"), collects, uses, and protects your information when you use our incident management and alerting platform.

Information We Collect
Account Information (Encrypted at Rest)

When you create an account with Siren, we collect and encrypt the following personal information:

  • Email address - Used for authentication via magic links and important service notifications
  • Name (first and last) - Used to identify you within your organization
  • Phone number (optional) - Required only if you want to receive SMS incident alerts
Encryption: All personal information is encrypted at rest using AES-256 encryption with unique per-user encryption salts. This ensures your data is protected even in the unlikely event of a database breach.
Incident and Alert Data

To provide our incident management service, we collect and store:

  • Incident details - Titles, descriptions, status, timestamps, and acknowledgments
  • Alert signals - Email alerts forwarded from your monitoring systems
  • On-call rotation data - Team schedules and rotation configurations
Organization and Team Data

If you create or join an organization, we store:

  • Organization name and settings
  • Team member associations and roles
  • Service configurations (monitored applications/systems)
Billing Information

For organizations on our paid tier, we collect:

  • Stripe customer ID and payment method ID (we do NOT store credit card numbers)
  • Billing history (incident counts, charges, invoice IDs)
  • Payment status and billing tier information
Phone Numbers and SMS Consent (If You Enable SMS Alerts)

If you choose to receive SMS incident alerts, we collect and store your phone number (encrypted at rest) to send you text messages when critical incidents occur.

SMS and Mobile Information Privacy

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We collect and store the following SMS-related information solely for the purpose of providing our incident alerting service:

  • Mobile phone numbers (encrypted at rest)
  • SMS opt-in consent data and timestamps
  • IP addresses associated with consent

This information is used exclusively to:

  • Verify phone number ownership
  • Deliver service-related incident alert messages you have requested
  • Maintain compliance with telecommunications regulations
  • Honor opt-out requests (STOP commands)

We do not:

  • Sell or rent your mobile phone number to third parties
  • Share your mobile number with affiliates for marketing purposes
  • Use your number for promotional messaging
  • Share opt-in consent data with anyone except as required by law
How We Use Your Information
  • Authentication: To let you sign in securely using magic links sent to your email
  • Incident Management: To receive, track, and help you resolve incidents
  • SMS Notifications: To alert on-call engineers via text when critical incidents occur
  • Billing: To process payments for organizations using our paid tier
  • Service Improvement: To maintain and improve our platform
  • Support: To respond to your questions and troubleshoot issues
What We Do Not Do
  • We do not sell your personal information to anyone
  • We do not share your information with advertisers
  • We do not use your data for marketing purposes unrelated to Siren
  • We do not send you promotional emails or SMS messages
Data Sharing with Service Providers

We use trusted third-party service providers to operate Siren. These providers only process data on our behalf and under strict confidentiality agreements:

SMS Service Provider

When you enable SMS alerts, your encrypted phone number is sent to our SMS service provider to deliver incident alert text messages. Our provider also handles phone verification when you add or change your phone number.

Resend (Email Delivery)

We use Resend to:

  • Send magic link authentication emails
  • Receive inbound alert emails from your monitoring systems
  • Send service notifications (free tier exhausted, billing alerts, etc.)
Stripe (Payment Processing)

Stripe processes all payments securely. We do not store credit card numbers on our servers. Stripe receives your billing information when you add a payment method.

Cloud Infrastructure

Siren is hosted on enterprise-grade cloud infrastructure with:

  • Secure data storage with encryption at rest
  • Encrypted key storage in hardened key management systems
  • Regular security updates and monitoring
Data Security

We implement industry-standard security practices to protect your information:

  • Encryption at Rest: AES-256 encryption for all personal information (email, name, phone)
  • Encryption in Transit: TLS/HTTPS for all data transmission
  • Access Controls: Strict authentication and authorization on all systems
  • Monitoring: Continuous security monitoring and logging

However, no online service is ever completely secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention
  • Account Information: Retained until you delete your account (contact [email protected])
  • Phone Numbers: Retained while SMS alerts are enabled; deleted when you remove your phone number from your account
  • Incident Data: Retained indefinitely for historical analysis and operational reporting. Contact us to request deletion of specific incidents.
  • Billing Records: Retained for 7 years as required by tax and financial regulations
  • SMS Consent Records: Retained as required by telecommunications regulations (TCPA compliance)
Note: We do not currently implement automatic data deletion. If you need specific data removed, please contact us at [email protected].
Your Rights

Depending on your location, you may have rights to:

  • Access: Request a copy of the personal data we hold about you
  • Correct: Update inaccurate information through your account settings
  • Delete: Request deletion of your account and associated data
  • Opt-out of SMS: Remove your phone number or text STOP to any message
  • Data Portability: Request your data in a portable format (contact us)

To exercise these rights, contact us at [email protected].

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Children's Privacy

Siren is not directed at individuals under 18 years of age, and we do not knowingly collect information from anyone under 18. If you believe we have inadvertently collected information from someone under 18, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal/regulatory reasons. We will notify you of material changes via email or prominent notice in the application.

Your continued use of Siren after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Split Rock AI LLC

Email: [email protected]

Last Updated: November 19, 2025 | Version: 1.0