SonicLinker Pvt. Ltd. ("SonicLinker," "Company," "we," "our," or "us") builds agentic commerce infrastructure, including AI traffic analytics, an Agentic CDN, and Agentic Commerce APIs (beta). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our websites, dashboards, SDKs, APIs, and related services (collectively, the "Services").

Scope & Roles
• When you visit our websites or interact with us as a prospective or existing customer, we act as a controller of your personal information.
• When our customers deploy SonicLinker on their own properties (e.g., websites/apps) to measure or serve AI agents and users, we act as a processor/service provider to those customers. In that case, the customer's privacy policy governs, and we process data according to our Data Processing Addendum ("DPA").

1. Information We Collect

A. Business & Website Visitor Information (we are the Controller)

We collect information you provide and information collected automatically when you interact with our websites, demo pages, and sales/support channels:

• Contact & Account Data: name, email, company, role, phone; authentication and workspace settings.
  
  
  

• Billing Data: billing address, tax IDs, and limited payment details (processed by our payment provider; we do not store full card numbers).
  
  
  

• Communications: emails, support chats, meeting notes, feedback, and survey responses.
  
  
  

• Device & Usage Data: IP address (which may indicate approximate location), user‑agent, referrer, pages viewed, timestamps, product usage events, and cookies or similar technologies (see Cookies below).
  
  
  

B. Service Data From Customer Properties (we are the Processor)

When customers implement our SDKs, APIs, or server-side collectors on their sites/apps, we process the following categories of data on their behalf:

• Request Metadata: IP address, user‑agent and model signatures, referrer, URL path and query parameters (customers can mask or drop specific parameters), HTTP headers, timestamps, and response codes.
  
  
  

• Event & Performance Metrics: page loads, route changes, latency, error events, and dwell/engagement signals (e.g., time on page, re‑query rate).
  
  
  

• Derived Classifications: AI‑agent vs human detection, detected agent class/model where available (e.g., assistant/browser), intent categories (research vs transaction), and fraud/abuse risk scores.
  
  
  

• Identifiers: a first‑party cookie or local-storage ID and/or server-issued pseudonymous ID scoped to the customer’s domain; optional customer-provided user IDs or order IDs where configured.
  
  
  

• Content Served via Agentic CDN: machine-readable page variants, structured responses, and personalization rules applied to agents based on intent and context.
  
  
  

Important: We do not intentionally collect sensitive categories (e.g., government IDs, health, precise geolocation) via our SDKs. Customers should avoid sending such data and can configure field masking. We do not perform cross‑site tracking or fingerprinting for advertising; identifiers are scoped to the customer’s property.

C. Integrations & Sources You Connect

If you connect third‑party systems (e.g., Shopify, Cloudflare Workers, GTM, product catalogs, reviews/G2, or helpdesk/CRM tools), we receive the data necessary to provide the integration you enable (e.g., catalog metadata, content, or limited user context). The type and volume of data depend on your configuration and the permissions you grant.

D. Payment & Transaction Metadata (Agentic Commerce APIs - optional)

If you enable checkout or payments features powered by partners (e.g., card‑network agent payments), we process transaction metadata (order ID, amount, currency, non‑sensitive line items) as a processor. Sensitive payment data is handled by the payment provider under their policies.

2. How We Use Information

As Controller (Business & Website Data)

• Provide & Improve the Services: operate the website, authenticate accounts, troubleshoot, and enhance features.
  
  
  

• Communications: respond to inquiries, send service notices, onboarding guidance, and—where permitted—product updates and marketing. You can unsubscribe at any time.
  
  
  

• Security & Abuse Prevention: detect fraud, prevent misuse, and protect our users and Services.
  
  
  

• Legal & Compliance: enforce agreements, comply with laws, and defend legal claims.
  
  
  

As Processor (Service Data on Customer Properties)

We process Service Data strictly under the customer’s instructions to:

• Measure & Classify Traffic: detect AI agents vs humans, attribute visits, and compute engagement metrics (e.g., agent dwell time, reduced re‑query rate).
  
  
  

• Serve Content via Agentic CDN: generate machine‑readable or personalized responses/pages for agents and users per the customer’s configuration.
  
  
  

• Analytics & Reporting: provide dashboards, alerts, and export APIs.
  
  
  

• Reliability & Security: monitor performance, detect anomalies/abuse, and maintain audit logs.
  
  
  

• Aggregated Insights: produce aggregated, de‑identified benchmarks (e.g., category‑level trends) that do not identify individuals or customers.
  
  
  
  

3. Cookies & Similar Technologies

We use first‑party cookies and similar technologies to remember preferences, keep you signed in, and analyze product usage. Customers may deploy our analytics cookies on their own properties. Where required by law, we or our customers will obtain consent. We respect supported browser signals such as Global Privacy Control (GPC) for opt‑out where applicable.

4. How We Share Information

We do not sell or "share" personal information for cross‑context behavioral advertising.
We share information as follows:

• Service Providers/Sub‑processors: cloud hosting, security, logging/monitoring, email and support, and payments—bound by confidentiality and data protection terms. A current list is available upon request.
  
  
  

• Customer‑Directed Disclosures: with third parties you instruct us to connect (e.g., your data warehouse, CDP, or ad‑hoc integrations).
  
  
  

• Legal, Safety, and Compliance: to comply with law, enforce agreements, or protect rights and safety.
  
  
  

• Business Transfers: in connection with a merger, acquisition, or asset sale (we will notify you of any material changes).
  
  
  

5. Data Retention

• Business & Website Data (Controller): retained for as long as your account is active and as necessary for the purposes above; marketing data is retained until you unsubscribe or request deletion.
  
  
  

• Service Data (Processor): retention is customer‑configurable. If not configured, our default retention is 13 months for event‑level logs, after which we delete or aggregate the data. Aggregated, de‑identified reports may be retained to improve the Service.
  
  
  

6. Security

We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, least‑privilege access controls, and regular monitoring. No security measures are perfect, but we continuously improve our safeguards.

7. International Data Transfers

We may process and store information in countries other than where it is collected. Where required, we use appropriate transfer mechanisms, such as Standard Contractual Clauses (SCCs). For processor activities, our DPA governs transfers and sub‑processors.

8. Your Rights & Choices

Your rights depend on your location and role:

• Website Visitors & Business Contacts (Controller): You may request access, correction, deletion, restriction, portability, or object to processing. You can opt out of marketing at any time.
  
  
  

• End Users & AI Agents on Customer Properties (Processor): Please contact the relevant customer (the site/app owner) to exercise your rights; we will assist them as required by law and our DPA.
  
  
  

• California and other U.S. State Rights: you may have rights to access/know, delete, correct, and opt out of certain processing. We do not sell or share personal information for targeted advertising. We will not discriminate for exercising your rights.
  
  
  

To make a request, email us at privacy@soniclinker.com. We may take steps to verify your identity and relationship to a customer.

9. Children’s Privacy

Our Services are not directed to children under 16, and we do not knowingly collect personal information from them.

10. Third‑Party Links

Our websites and dashboards may link to third‑party sites or services. Their privacy practices are governed by their own policies.

11. Changes to This Policy

We may update this Policy from time to time. We will post the updated version with a new effective date and, if changes are material, provide additional notice.

12. Contact Us

If you have questions, requests, or complaints about this Policy or our data practices, contact:
Email: hello@soniclinker.com
Address: A-403 Silver Crown Apartment, Silver County Road, Kudlu Village, Bangalore

Processor Annex (Summary)

For customers using SonicLinker on their properties:

• Nature/Purpose: measurement and classification of AI agents and users; content delivery via Agentic CDN; optional commerce/checkout integrations.
  
  
  

• Types of Data: request metadata, event metrics, derived classifications, pseudonymous identifiers, customer-provided fields; optional transaction metadata.
  
  
  

• Data Subjects: visitors and users of your properties; AI agents interacting with your properties.
  
  
  

• Retention: customer‑configurable; default 13 months for event‑level logs.
  
  
  

• Security Measures: encryption in transit/at rest, access controls, monitoring, and vulnerability management.
  
  
  

• Sub‑processors: standard cloud infrastructure and service vendors; list available upon request.
  
  
  

Note: This Privacy Policy is a general description of our practices and is not legal advice. Customers should consult their counsel when configuring SonicLinker and updating their own privacy notices.