Privacy Policy

1. Who we are

Saidly is operated by Woodfire Digital, LLC, the controller of the personal information described here. You can reach us at privacy@saidly.ai or by mail at PO Box 20, Lithopolis, OH 43136.

Saidly monitors what large language models and AI assistants say about a company, product, person, organization, campaign, or topic that you choose to track, and delivers reports on that perception.

EU and UK representative

Where required by Article 27 of the GDPR and the UK GDPR, we will designate representatives in the European Union and the United Kingdom and publish their contact details here. Until then, EEA and UK individuals may contact us at privacy@saidly.ai.

2. Information we collect

• Account information: your email address, and optionally your name and company or organization name.
• Authentication data: one-time sign-in links and session identifiers. We do not use passwords.
• Billing information: your subscription plan and billing status. Payments are processed by Paddle, which acts as the merchant of record; we do not receive or store full card numbers, only limited details such as the card brand and last four digits and the result of the charge.
• Service content: the entities and topics you choose to monitor, your settings, report recipients you add, and the reports we generate.
• Usage and device data: IP address, browser and device information, pages viewed, and security signals from our bot protection (Cloudflare Turnstile) and hosting provider. We also collect site-usage analytics through Google Analytics (see Cookies below).

Under California law these map to the statutory categories of identifiers (email, name, IP), commercial information (subscription and billing status), and internet or other network activity (usage and device data). We do not seek to collect sensitive personal information, and we ask that you not enter it into the entities or topics you track.

3. Where we get it

We collect personal information from three sources: directly from you when you sign up and use the service; automatically through your use of the service and our hosting and bot-protection providers; and from our payment provider (Paddle, our merchant of record) regarding the status of your payments.

4. How we use it

• Provide, operate, and secure the service and your account.
• Query AI models about the entities you track and generate your reports.
• Authenticate you through sign-in links and sessions.
• Process subscriptions, trials, and payments, and prevent abuse such as repeated free trials.
• Send transactional messages and the reports you have subscribed to.
• Detect, prevent, and respond to fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our terms.
• Improve the service, using aggregated or de-identified data where possible.

5. Legal bases (EEA and UK)

If you are in the EEA or UK, we rely on these legal bases, mapped to purpose:

• Performance of a contract to create your account, run reports, and process subscriptions.
• Legitimate interests to secure the service, prevent fraud and trial abuse, process IP address and Cloudflare bot-protection signals, and improve our product. You may object to this processing (see your rights).
• Consent for any optional communications, which you may withdraw at any time without affecting prior processing.
• Legal obligation for tax, accounting, and compliance.

6. How we share it (service providers and recipients)

We share personal information with vendors who process it on our behalf under contract. We do not sell your personal information, and we do not share it for cross-context behavioral or targeted advertising. Our key processors are:

• Cloudflare for hosting, content delivery, database, and bot protection.
• Paddle as our merchant of record for payment processing, subscription billing, and sales-tax handling.
• Brevo for sending sign-in links and report emails.
• AI model providers we query to build your reports, currently Anthropic, OpenAI, Google, and xAI. We send them the prompt about the entity you track, not your account credentials or billing data, and we use their business or API offerings under terms that restrict use of the prompts we send.
• Google Analytics (provided by Google) for website analytics, so we can understand how visitors find and use our site. It receives usage and device data such as pages viewed, device and browser information, and approximate location derived from your IP address; Google processes this under its own terms and privacy policy.

If you add report recipients, we send the report to the email addresses you provide; those recipients receive the report you direct to them. We may also disclose information to comply with law or legal process, to protect rights and safety, or in connection with a merger, acquisition, or sale of assets, in which case we will continue to protect your information.

7. International data transfers

We are based in the United States and our providers may process data in the United States and other countries. Where we transfer personal information out of the EEA we use the European Commission's Standard Contractual Clauses; for the United Kingdom we use the UK International Data Transfer Agreement or the UK Addendum to the SCCs. Where a provider is certified under the EU-US Data Privacy Framework, we may rely on that framework. Contact us for more information about these safeguards.

8. Data retention

We keep account and service content for as long as your account is active and then delete or de-identify it within a reasonable period after closure, except where longer retention is required. We keep billing and tax records for the period required by law, generally up to seven years. We retain a minimized record of prior trial sign-ups (a hashed email address) on the basis of our legitimate interest in preventing trial abuse, for up to 24 months after an account is deleted. Security logs are kept for a limited period sufficient to investigate incidents.

9. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit, passwordless sign-in, scoped access, and bot protection. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.

10. Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, or receive a portable copy of your personal information, to opt out of certain processing, and to not be discriminated against for exercising your rights. To make a request, email privacy@saidly.ai. We will verify your request and respond within the time required by law. You may use an authorized agent where the law allows; we may require written authorization from you and verification of your identity before acting.

11. EEA and UK rights (GDPR)

If you are in the EEA or UK, you have the rights to access, rectification, erasure, restriction, data portability, and objection (including the right to object to processing based on legitimate interests and to direct marketing), and the right to withdraw consent at any time. We do not make decisions with legal or similarly significant effects about you using solely automated processing. You have the right to lodge a complaint with your local data protection supervisory authority. We will respond to verified requests within one month, subject to extensions permitted by law.

12. US state privacy rights

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have rights to confirm whether we process their personal information, to access, correct, and delete it, to obtain a portable copy, and to opt out of the sale of personal information, targeted advertising, and certain profiling.

We do not sell personal information, we do not share it for cross-context behavioral or targeted advertising, and we do not use it for profiling that produces legal or similarly significant effects. Because we do not engage in these activities, there is nothing to opt out of. Where applicable, we recognize the Global Privacy Control and similar opt-out preference signals.

California residents (CCPA/CPRA): in the prior 12 months we collected the categories of identifiers, commercial information, and internet or other network activity described above, from the sources listed in section 3, for the purposes in section 4, and disclosed them only to the service-provider categories listed in section 6 (hosting and security, payments, email delivery, and AI model providers) for those business purposes. You have the rights to know, delete, correct, and the right to limit the use of sensitive personal information; we do not use or disclose sensitive personal information for any purpose that would require us to offer a right to limit. We will not discriminate against you for exercising your rights.

Appeals: if we deny your request, you may appeal by emailing privacy@saidly.ai with "Appeal" in the subject line. We will respond in writing with our reasons within the period required by your state's law (generally 45 to 60 days). If we deny your appeal, you may contact your state Attorney General.

13. Cookies and similar technologies

We use a small number of strictly necessary cookies and similar technologies to keep you signed in and to protect the service from automated abuse (including Cloudflare Turnstile). We also use Google Analytics to understand how visitors find and use our site; it sets analytics cookies (for example the _ga cookie) and processes the usage and device data described above. These analytics cookies are not strictly necessary, and we do not use advertising or cross-site advertising cookies. When you first visit we ask for your consent before these analytics cookies are set; until you accept, Google Analytics runs with analytics storage denied (Google Consent Mode) and sets no cookies. You can change or withdraw your choice at any time using the Cookie preferences link in our footer. You can also control or block cookies through your browser settings, and opt out of Google Analytics on any site using Google's opt-out browser add-on; note that blocking strictly necessary cookies may break sign-in.

14. Children's privacy

Saidly is a business tool that is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, contact us and we will delete it.

15. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the effective date above and, where appropriate, notify you. Your continued use of Saidly after an update means you accept the revised policy.

16. Contact us

Questions or requests about this policy can be sent to privacy@saidly.ai or to Woodfire Digital, LLC, PO Box 20, Lithopolis, OH 43136.