Privacy Policy

1. What this policy covers

This Privacy Policy describes how we collect, use, store, protect, and disclose personal data in connection with Saaso. It applies to visitors of the public website, account owners, delegated users, demo access participants, message senders, and other individuals whose information is processed through Saaso.

This policy applies to the Saaso-branded product surface. If another branded surface or third-party service has separate privacy terms, those may also apply alongside this policy depending on how you interact with the product.

2. Data we collect

We may collect personal data that you provide directly, including your email address, name, delegated-user username, support message content, billing details, account preferences, and other information you choose to submit through forms, login flows, account settings, or feature usage.

We also collect product and technical data generated by use of the service, such as login timestamps, feature-activation history, workspace identifiers, message confirmations, payment and top-up records, demo-access activity, and operational records stored inside active features. Depending on the feature, that may include business contacts, vendors, scheduling information, bookings, tasks, comments, document metadata, and uploaded files.

3. How we use personal data

We use personal data to provide, secure, improve, and support Saaso. This includes account creation, login verification, delegated-user access management, feature billing, payment handling, customer support, legal compliance, fraud prevention, abuse prevention, system debugging, auditability, and service communications.

We may also use data to operate public messaging workflows, demo-access workflows, admin moderation actions, refund handling, verification reviews, and feature-level operational processes that are necessary to keep the service functioning safely and predictably.

4. Product data entered by customers

Saaso is a software platform with multiple feature surfaces. That means customers may enter personal or business-related information into the product as part of normal operational use. Depending on the feature, this may include names, email addresses, phone numbers, schedules, planning records, bookkeeping counterparties, booking details, comments, or attachments.

In many cases, the account owner or workspace operator determines what data is entered and why it is used. In that context, the workspace owner is responsible for ensuring they have an appropriate legal basis to use the information they place into the product.

5. Legal bases for processing

Where applicable law requires a legal basis, we generally process personal data because it is necessary to provide the service, perform a contract, comply with legal obligations, respond to support or security issues, pursue legitimate interests in keeping the platform secure and operational, or act on consent where consent is the appropriate basis.

Legitimate interests may include preventing abuse, monitoring system integrity, managing refunds and payment disputes, maintaining audit logs, and improving the usability and reliability of the product.

6. Payment and third-party providers

Some payment-related data may be processed by third-party providers, including merchant-of-record providers such as Paddle, depending on the checkout flow used. Those providers may independently process billing, tax, fraud-screening, chargeback, and transaction records under their own legal and compliance obligations.

We may also use third-party infrastructure providers for email delivery, file storage, application hosting, analytics, and security monitoring. We use such providers to operate Saaso, not to sell customer personal data as a data brokerage product. Saaso currently uses US-only hosting and does not offer EU, EEA, UK, or other non-US data residency.

7. Sharing and disclosure

We do not sell personal data in the ordinary commercial sense. We may disclose personal data where necessary to operate the service, complete payments, prevent fraud, respond to lawful requests, enforce our terms, protect users, or complete a business transfer such as a merger, acquisition, or asset sale.

Access to personal data may also be available to authorized administrators, support personnel, or processors who require it to perform support, security, moderation, or infrastructure duties. We try to limit access to what is reasonably necessary for the job being performed.

8. Data retention

We keep personal data for as long as reasonably necessary to operate Saaso, maintain account integrity, comply with legal obligations, resolve disputes, prevent abuse, and preserve financial or operational records where retention is required. Different categories of data may have different retention periods.

For example, payment-related records, billing records, refund records, and security logs may be retained longer than ordinary marketing inquiries. Data stored inside a workspace may also remain available for as long as the workspace remains active or as long as retention is reasonably required by the product flow and legal obligations.

9. Security

We use reasonable technical and organizational measures to protect personal data, including access controls, account verification flows, auditability, and infrastructure-level protections appropriate to the product. No internet-based system is perfectly secure, so we cannot guarantee absolute security.

You are responsible for protecting your own devices, email account, delegated-user invitations, and login workflows. If you believe your account or personal data has been compromised, you should contact us promptly through the Saaso support flow.

10. International use

Saaso may be accessed from different jurisdictions, and personal data may be transferred to, stored in, and processed in the United States. Our hosting model is US-only. If your organization requires data residency outside the United States, Saaso is not currently designed to meet that requirement.

Where required, we will rely on appropriate transfer mechanisms or operational safeguards suitable to the service structure and applicable law. You can also review the public Trust & Data Residency page for a direct summary of our current hosting position.

11. Your rights

Depending on your location and applicable law, you may have rights to request access to personal data, correction of inaccurate data, deletion, restriction of processing, objection to certain processing, or portability of certain information. You may also have rights to withdraw consent where processing relies on consent.

If you want to make a privacy-related request, you may contact us through the Saaso public message flow. We may need to verify your identity or authority before acting on a request.

12. Changes to this policy

We may update this Privacy Policy from time to time as Saaso evolves, legal obligations change, or processing practices become more specific. When we update the policy, we may revise the public page and the “last updated” date. Continued use of Saaso after an update takes effect means you accept the revised policy to the extent permitted by law.