Privacy Policy

—Our Privacy Commitment

Sorinify is built with privacy as a core principle. To protect you from phishing and malicious websites, we analyse the URLs you visit using our machine learning API hosted in Germany. This analysis is ephemeral — URLs are processed in real-time and immediately discarded. We never log, store, or associate visited URLs with your account. Your browsing history, threat statistics, and analysis logs remain on your device at all times.

—Data Controller

The data controller responsible for the processing of your personal data is Sorinify. For all data protection enquiries, please contact us at [email protected].

—Data Hosting and Infrastructure

All Sorinify servers and databases are hosted exclusively in Germany by Hetzner Online GmbH, a German hosting provider subject to strict German and European data protection laws. Cloudflare, Inc. is used for CDN delivery and DDoS protection; Cloudflare is certified under the EU-US Data Privacy Framework and we have a Data Processing Agreement (DPA) in place. Your account data never leaves the European Union. No data is transferred to third countries or international organisations outside the EU/EEA without adequate safeguards.

—Legal Basis for Processing

—What We Collect

We store only the minimum information necessary to provide our service: your first name and last name (used solely for display purposes), your email address for account creation, your subscription status to manage your plan, and your language preference for the interface. In addition, when you visit a website, the URL, your browser's User Agent, and the referring URL are transmitted to our threat detection API for real-time analysis. This data is processed in memory only and is never written to disk, logged, or linked to your account — it is discarded immediately after analysis. We do not collect IP addresses for analytics, do not use cookies for tracking, and do not employ any third-party analytics tools.

—How We Use Your Data

We use your data solely to provide the Sorinify service: your email and name for your account, your subscription status to manage your plan, and URL data for real-time threat detection — immediately discarded after analysis. We never use your data for advertising, profiling, or any purpose beyond service delivery.

—What Stays on Your Device

All browsing statistics, threat history, and analysis logs remain stored locally on your device using the browser's built-in storage. Your whitelist preferences and local security settings never leave your browser. We believe your data belongs to you — and we built our architecture to enforce that principle.

—How Threat Detection Works

When you visit a website, Sorinify sends the URL, your browser's User Agent string, and the referring URL to our machine learning API hosted in Germany. The URL is needed to assess whether the site is malicious. The User Agent and Referrer provide context that improves detection accuracy — for example, phishing sites often behave differently depending on the browser or the link that led to them. We do not log, store, or associate any of this data with your account on our servers. The analysis happens entirely in memory, in real-time, and all transmitted data is discarded immediately after processing — it is never written to disk or any persistent storage.

—Payment Processing

Payments are processed by Stripe, Inc., which is certified under the EU-US Data Privacy Framework. We never receive, store, or have access to your full credit card number. Stripe processes payments in compliance with PCI DSS Level 1 standards. Only your subscription status and billing period are stored on our servers in Germany. Transactional emails (such as account verification and password resets) are sent through Maileroo, with a Data Processing Agreement (DPA) in place.

—Data Retention

Your account data is retained for as long as your account is active. If you delete your account, all personal data is permanently erased from our servers.

—Sub-Processors

To provide the Sorinify service, we use the following sub-processors. A Data Processing Agreement (DPA) is in place with each provider to ensure your data is handled in compliance with the GDPR: Hetzner Online GmbH (Germany) — server and database hosting; Cloudflare, Inc. (EU-US Data Privacy Framework) — CDN delivery and DDoS protection; Stripe, Inc. (EU-US Data Privacy Framework) — payment processing; Maileroo (DPA in place) — transactional email delivery. We regularly review our sub-processors and their compliance with applicable data protection standards.

—Data Sharing and Third Parties

We do not sell or rent your personal data. Your data is shared only with the sub-processors listed above, strictly to deliver the service — for example, your email is passed to Stripe when you make a purchase, and to Maileroo to send transactional emails. We may disclose data if required by law or court order. In the event of a business transfer, data would be passed only to a successor that agrees to honour this Privacy Policy.

—Data Security

All data is transmitted over encrypted HTTPS connections. Our servers in Germany enforce strict access controls, and URL analysis is processed entirely in memory — never written to disk. In the event of a data breach affecting your rights, we will notify the competent supervisory authority and impacted users as required by GDPR.

—Browser Extension Permissions

The Sorinify Chrome extension requires certain browser permissions to provide real-time phishing protection. The host permission (access to all URLs) is needed so that every website you visit can be checked for threats before it loads. The webNavigation permission allows the extension to intercept page loads and block dangerous sites in real-time. The tabs permission is used to read the current tab URL for threat analysis and to open the dashboard or redirect blocked pages. The declarativeNetRequest permission is used to redirect you to a warning page when a threat is detected. The storage permission is used to save your settings, whitelist, and threat statistics locally on your device. The alarms permission is used to schedule periodic background tasks such as session maintenance and daily statistics reset. None of these permissions are used to collect, track, or profile your browsing behaviour. The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

—Cookies

Sorinify does not use any first-party cookies for tracking or analytics. Our CDN provider Cloudflare, Inc. may set strictly necessary security cookies to protect against DDoS attacks and bot traffic. These cookies contain no personal information and cannot be used to identify you.

—Your Rights Under GDPR

Under the General Data Protection Regulation (EU) 2016/679, you have the following rights regarding your personal data. To exercise any of these rights, contact us at [email protected] and we will respond within 30 days.

—Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully. Contact us at [email protected] for information about the competent supervisory authority in your jurisdiction.

—Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or applicable law. The “Last updated” date at the top of this page will reflect any revisions. Continued use of Sorinify after changes are posted constitutes acceptance of the updated policy.

—Language

This Privacy Policy may be available in multiple languages. In the event of any discrepancy between the English version and a translated version, the English version shall prevail.

—Contact Us

Questions about this Privacy Policy or your data? Contact us at [email protected].