Privacy Policy

Saut Technologies Ltd. (“Saut,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use the Saut platform, including the website at saut.app, its subdomains, APIs, and all related services (the “Service”).

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not access or use the Service. This Policy should be read in conjunction with our Terms of Service and Cookie Policy.

Account Information. When you create a Saut account, we collect your name, email address, and profile information through our identity provider, Clerk. If you sign in via OAuth (Google, GitHub, Microsoft), we receive the profile information authorized by you on that platform.

User Content. Polls you create, votes you cast, search queries you perform, and any other content you submit to the Service.

Communications. When you contact us for support, provide feedback, or communicate with us by email, we collect the content of those communications along with associated metadata (timestamps, subject lines).

Payment Information. If you subscribe to a paid plan, payment information (credit card number, billing address) is collected and processed by our third-party payment processor (Stripe). Saut does not store full payment card details on its servers.

Usage Data. We automatically collect information about your interactions with the Service, including pages viewed, features accessed, polls created or voted on, time spent on pages, click patterns, and navigation paths.

Device and Connection Information. We collect your browser type and version, operating system, device type, screen resolution, IP address, referring URL, and general geographic location (derived from IP address, typically at the city or region level).

Cookies and Similar Technologies. We use essential cookies for authentication and session management. We may use analytics cookies to understand how the Service is used. See our Cookie Policy for full details.

The core function of Saut is to aggregate and analyze publicly available content from social media platforms and other public sources. This data includes:

• Public post text, comments, and replies
• Publicly displayed usernames, handles, and profile identifiers
• Public engagement metrics (likes, upvotes, shares, reply counts)
• Post timestamps and platform metadata

We do not access or collect private messages, direct messages, non-public posts, or any content behind privacy settings or login walls. We process only content that the original author voluntarily made available to the general public on their platform of choice.

We use the information we collect for the following purposes:

• Providing the Service: To operate, maintain, and deliver the features and functionality of Saut, including sentiment analysis, velocity tracking, AI-generated insights, alerts, and dashboards
• Authentication and Security: To verify your identity, protect your account, and detect and prevent fraud, unauthorized access, and other security incidents
• Personalization: To tailor your experience, including displaying relevant polls, adjusting content recommendations, and remembering your preferences
• Analytics and Improvement: To understand how users interact with the Service, identify usage trends, diagnose technical problems, and improve the platform
• Communication: To send you account-related notifications (security alerts, billing confirmations, policy updates). We do not send unsolicited marketing emails without your consent
• AI Processing: To train, evaluate, and improve our sentiment classification models, natural language processing systems, and AI-generated insight capabilities using aggregated and anonymized data
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases under the EU General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR):

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide you with the Service as described in our Terms of Service (account management, core functionality)
• Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, including platform security, fraud prevention, analytics, and product improvement, provided such interests are not overridden by your data protection rights. We conduct balancing tests for each legitimate interest processing activity
• Consent (Art. 6(1)(a)): Where you have given explicit consent to specific processing activities (e.g., marketing communications, optional analytics cookies). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
• Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with a legal obligation to which Saut is subject

Saut uses automated systems, including artificial intelligence and machine learning models, to process publicly available social data for sentiment classification, topic categorization, stance detection, and trend analysis. These automated processes are applied to public content — not to individual user profiles — and do not produce legal or similarly significant effects on individuals.

We do not use automated decision-making (as defined under GDPR Article 22) to make decisions based solely on automated processing that produce legal effects or similarly significant effects concerning you. If we ever introduce such features, we will provide you with meaningful information about the logic involved, the significance, and the envisaged consequences, as well as the right to obtain human intervention, express your point of view, and contest the decision.

Saut does not sell, rent, or trade your personal information. We may share information in the following circumstances:

Service Providers (Sub-processors). We engage third-party companies and individuals to perform services on our behalf. These providers are contractually obligated to use your information only as necessary to provide services to us and are bound by data processing agreements that include confidentiality and security obligations. Our current sub-processors include:

• Clerk — Authentication and identity management (United States)
• Vercel — Application hosting and edge compute (United States, global edge network)
• Supabase — Database hosting and storage (United States)
• Stripe — Payment processing (United States)
• OpenAI — AI/ML processing for sentiment analysis and insight generation (United States)

We maintain an up-to-date list of sub-processors, and enterprise customers may subscribe to receive notifications of changes. You may request the current sub-processor list at support@saut.app.

Enterprise Workspaces. If you are part of an enterprise organization on Saut, certain usage data and activity within the workspace may be visible to your organization's administrator. Administrators may have access to aggregate analytics for their workspace. Individual voting data is never exposed to other users.

Legal Requirements. We may disclose your information if we are required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to (a) comply with a legal obligation, (b) protect and defend the rights or property of Saut, (c) prevent or investigate possible wrongdoing in connection with the Service, (d) protect the personal safety of users of the Service or the public, or (e) protect against legal liability.

Business Transfers. In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

Aggregated and Anonymized Data. We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, or other purposes.

We retain your information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account Data: Retained for the duration of your active account plus 30 days following deletion to allow for account recovery. After this period, account data is permanently deleted or anonymized
• Usage Logs: Retained for up to 24 months for analytics and security purposes, then aggregated or deleted
• Public Social Data: Retained in accordance with the source platform's terms and applicable law. Content that has been deleted from the original platform is removed from Saut within a reasonable timeframe
• Aggregated Analytics: Anonymized, aggregated data may be retained indefinitely as it cannot be linked to any individual
• Legal and Compliance Records: Retained as required by applicable law, which may extend beyond the periods above

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your information. These measures include:

• Encryption of data in transit using TLS 1.3 for all connections
• Encryption of data at rest using AES-256
• Authentication via Clerk with support for multi-factor authentication (MFA) and enterprise SSO
• Row-level security (RLS) in our database ensuring workspace isolation for enterprise customers
• Regular security audits and automated vulnerability scanning
• Access controls limiting employee access to personal data on a need-to-know basis
• Incident response procedures for detecting, reporting, and addressing security breaches

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. For more information, see our Security page.

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data (subject to certain exceptions required by law)
• Right to Restriction: Request restriction of processing of your personal data under certain circumstances
• Right to Data Portability: Request transfer of your personal data to another service in a structured, commonly used, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
• Right Not to Be Subject to Automated Decision-Making: Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects concerning you
• Right to Lodge a Complaint: Lodge a complaint with a supervisory authority in your jurisdiction. For the EU, a list of supervisory authorities is available at edpb.europa.eu. For the UK, you may contact the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, contact us at support@saut.app. We will respond to your request within 30 days (or sooner if required by applicable law). We may request verification of your identity before processing your request. We will not charge a fee for processing your request unless the request is manifestly unfounded or excessive.

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information. In the preceding 12 months, we have collected the categories of personal information described in Section 1. We do not sell or share personal information as defined under the CCPA/CPRA. We do not use or disclose sensitive personal information for purposes other than those permitted under the CPRA.

California residents have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by us and by extension our service providers
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information (we do not sell or share personal information)
• Limit the use of sensitive personal information
• Non-discrimination for exercising their privacy rights

To exercise your rights, contact us at support@saut.app. We will not discriminate against you for exercising your CCPA/CPRA rights.

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon (OCPA), Texas (TDPSA), Montana (MCDPA), and other states with comprehensive privacy legislation may have additional rights, including the right to access, correct, delete, and obtain a copy of personal data, as well as the right to opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise these rights, contact us at support@saut.app.

If we deny your request, you may appeal the decision by contacting us at the same email address. We will respond to your appeal within the timeframe required by applicable state law.

Some web browsers transmit “Do Not Track” (DNT) signals to the websites and other online services you visit. There is currently no universally accepted standard for how to respond to DNT signals. At this time, we do not respond to DNT signals. However, we do not engage in cross-site tracking of our users. When a Global Privacy Control (GPC) signal is detected, we treat it as a valid opt-out request for the sale or sharing of personal information under applicable state laws.

We use the following categories of cookies:

• Strictly Necessary Cookies: Required for the Service to function (authentication sessions, CSRF protection, load balancing). These cannot be disabled
• Analytics Cookies: Help us understand how users interact with the Service so we can improve it. These collect aggregated, anonymous usage data

We do not use advertising cookies or third-party tracking pixels. For full details on the specific cookies we use, their purposes, and how to manage them, please see our Cookie Policy. You can also control cookies through your browser settings, but disabling strictly necessary cookies may impair the functionality of the Service.

Saut operates globally and your information may be transferred to and processed in countries other than your country of residence, including the United States, where data protection laws may differ from those of your jurisdiction. Where we transfer personal data outside the EEA, UK, or Switzerland, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914)
• The UK International Data Transfer Addendum to the EU SCCs
• Adequacy decisions of the relevant authority where applicable
• The EU-U.S. Data Privacy Framework where certified by the receiving party

You may request a copy of the relevant transfer safeguards by contacting support@saut.app.

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have inadvertently collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at support@saut.app.

The Service may contain links to third-party websites, services, or platforms that are not operated or controlled by Saut. This Privacy Policy does not apply to third-party services. We are not responsible for the content, privacy policies, or practices of any third-party services. We encourage you to review the privacy policies of any third-party services you access through the Service.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on this page and updating the “Effective date” above. For material changes that reduce your rights or expand our use of your data, we will provide at least 30 days' notice via email or a prominent notice on the Service before the changes take effect. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.