Privacy Policy

1. Introduction

This Privacy Policy explains how we collect, use, disclose, and safeguard personal information across our web and mobile experiences, APIs, support channels, and backend services (collectively, the "Service"). It should be read together with our Terms & Conditions. By accessing or using the Service or otherwise interacting with Sagesight Ltd. you acknowledge that your information will be processed in accordance with this Policy and the third-party providers listed herein.

2. Information We Collect

2.1 Information You Provide

• Account Details: Name, email address, and profile information collected through Apple Sign-In, Google Sign-In, or email based passwords.
• Workspace Content: Prompts, messages, files, media uploads, and configuration settings submitted while using the Service.
• Browser Extension Content: When you use the Ryddle browser extension, we collect selected text, current page text, page title, page URL, uploaded files, and related prompts only after you invoke a page-aware or selected-text action.
• ChatGPT Extension Mode: If you connect ChatGPT Plus/Pro in the browser extension, OpenAI/Codex tokens are stored locally by the extension and used for direct ChatGPT requests. Prompts, page context, and file attachments used in that mode are sent directly to OpenAI, not to Ryddle servers. These tokens are not sent to Ryddle servers.
• Support Requests: Information you provide when contacting customer support or submitting feedback.

2.2 Automatically Collected Information

• Usage Data: Interactions with features, session activity, and model selections to help us improve performance and reliability.
• Device & Log Data: IP address, device identifiers, browser type, operating system, timestamps, and diagnostic logs.
• Cookies & Tokens: Authentication tokens and similar technologies required for designated sessions and security functions. ChatGPT Plus/Pro extension tokens are stored locally in the browser extension when you choose that mode.

2.3 Information from Third Parties

• Authentication providers share basic profile attributes needed to create and secure your account.
• Payment processors such as Stripe, RevenueCat, Apple, and Google provide transaction identifiers, subscription status, and limited billing metadata. We do not store full payment card numbers on our systems.
• AI model partners may supply usage metrics to help enforce quotas and troubleshoot issues.

3. How We Use Information

• Authenticate users and maintain secure sessions
• Deliver conversational AI experiences and manage workspaces
• Process browser extension requests that you initiate, including selected-text actions, page summaries, current-tab context, and file uploads
• Enable optional ChatGPT Plus/Pro extension mode by storing OpenAI/Codex tokens locally and sending your initiated prompts directly to OpenAI
• Process payments, subscriptions, and quota allocations
• Monitor performance, troubleshoot issues, and enhance product capabilities
• Detect, investigate, and prevent fraud, abuse, or harmful activity
• Comply with legal obligations, regulatory requirements, and enforcement requests
• Communicate updates, respond to support requests, and provide important notices

4. How We Share Information

4.1 AI & Infrastructure Partners

To deliver model outputs and maintain infrastructure, we share relevant data with partners such as OpenAI, Anthropic, Google Gemini, OpenRouter, Firebase, Railway, and similar providers. These parties process information under their own privacy policies and terms.

4.2 Payment & Analytics Vendors

We use vendors including Stripe, RevenueCat, Apple, Google, Firebase Crashlytics, Sentry, PostHog, and Meta / Facebook App Events for billing, analytics, attribution, and crash reporting. Only the data necessary to perform contracted services is shared, and payment credentials are handled directly by the applicable processor.

4.3 Legal & Compliance

We may disclose information if required by law, to respond to lawful requests, enforce our agreements, or protect the rights and safety of Sagesight, our users, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, or asset sale, personal information may be transferred subject to the existing commitments in this Policy.

4.5 No Data Sales

Sagesight does not sell personal information.

4.6 Browser Extension Limited Use

Information received through browser extension permissions is used only to provide or improve Ryddle's user-facing assistant features. We do not use browser extension data for personalized advertising, and we do not transfer or sell it to data brokers or advertising platforms. The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

5. Data Security

We employ industry-standard safeguards including encrypted transport (TLS), access controls, secure cloud infrastructure, and routine monitoring. No transmission or storage system is completely secure; use the Service with awareness of inherent risks.

6. Data Retention

• Account information remains while your account is active and for a limited period afterward as required by law or legitimate business needs.
• Prompt and chat history persists until you delete it or close your account.
• Diagnostic logs typically persist for up to 90 days unless longer retention is needed for security or compliance.
• Following account closure we delete or anonymize personal data within commercially reasonable timeframes unless retention is legally mandated.

7. Your Rights & Choices

• Access and export account information through the Service or by contacting us.
• Update profile details directly or request corrections.
• Delete chats, files, or your entire account by contacting privacy@sagesight.io or ryddle@sagesight.io.
• Manage marketing preferences and certain analytics via in-app controls or device settings.
• Residents of the UK/EU have GDPR rights including access, rectification, erasure, restriction, objection, and portability. California residents have CCPA rights including access, deletion, and non-discrimination.

8. Cookies & Similar Technologies

We use essential cookies to maintain sessions and security. Analytics or performance cookies help us upload stability insights. You can manage cookies through browser settings, though disabling essential cookies may impair functionality.

9. Children's Privacy

The Service is not intended for individuals under 18. If we learn that a child has provided personal information, we will take steps to delete it promptly.

10. International Transfers

Your information may be processed outside your country of residence, including in the United Kingdom, the European Union, and the United States. We rely on appropriate safeguards to protect personal data during cross-border transfers.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material updates will be communicated through the Service or by email, and the "Last Updated" date will reflect the latest revision. Continued use after changes indicates acceptance of the revised Policy.

12. Contact

For privacy inquiries, data requests, or questions about this Policy, contact Sagesight Ltd. at:

• Email: privacy@sagesight.io
• Support: ryddle@sagesight.io

Please include "Privacy Request" or the relevant jurisdiction in your subject line when applicable.