1. Scope
This Privacy Policy explains how SAGA AI collects, uses, stores, and shares personal and business data when you use our website, dashboards, APIs, and payment workflows.
2. Information we collect
We collect account information (such as name, email, and organization details), service usage data, integration metadata, and support communications.
When you connect third-party services such as HubSpot, Wix, Shopify, WordPress, Google, and similar providers, we may process account identifiers, site identifiers, OAuth tokens, refresh tokens, permissions metadata, and configuration details needed to keep those integrations working.
When you make payments, billing and transaction details are processed by payment providers such as Stripe, PayPal, and Cashfree. We do not store complete card numbers on our servers.
3. How we use information
We use data to provide and secure the service, process payments, manage subscriptions, respond to support requests, prevent abuse, and improve product performance.
We also use integration data to authenticate connected services, publish content when requested by you, sync account state, detect connection failures, and maintain reliable operation of connected features.
We may use operational telemetry and analytics for reliability, cost tracking, and feature quality monitoring.
4. Legal basis and consent
Where required, we process personal data based on contract necessity, legitimate interests, legal obligations, or your consent.
You can withdraw optional consents where applicable, but core service functionality may require certain data processing.
5. Data sharing
We share data with trusted processors and infrastructure providers only as needed to run the platform, including cloud hosting, managed databases, email delivery, analytics, authentication, payment processing, and background job infrastructure.
We may disclose information when required by law, legal process, or to protect rights, safety, and platform integrity.
6. Security and safeguards
We use reasonable technical and organizational measures designed to protect data against unauthorized access, misuse, disclosure, alteration, or destruction.
Data transmitted between browsers, connected platforms, and our services is intended to be protected in transit using HTTPS/TLS, and data stored with our managed infrastructure providers may be protected using provider-managed encryption and access controls.
Access to production systems and data is intended to be limited to authorized personnel and service components that require access for support, operations, security, and product functionality.
7. Data retention
We retain data for as long as needed for service delivery, legal compliance, audit, fraud prevention, and legitimate operational purposes.
You may request deletion of account data, subject to retention obligations for tax, billing, legal, and security records.
8. Sale of personal data
We do not sell personal data for money.
We do not share personal data as that term is defined under certain privacy laws except as needed to operate the platform, process transactions, deliver requested services, or comply with legal obligations.
9. International transfers
Your data may be processed in jurisdictions where our service providers operate. We take steps to use appropriate safeguards for cross-border transfers where required.
10. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or export personal data. We may need to verify identity before fulfilling requests.
11. Contact
For privacy requests or questions, contact us at team@reachsaga.com.