Legal

Privacy Policy

Last updated: May 19, 2026

Sapiensify processes all text locally inside your browser. No text you enter is ever transmitted to our servers or any third party. Your content stays entirely on your device while you work.

1. Who We Are

Sapiensify, Inc. ("Sapiensify", "we", "our", or "us") operates the website sapiensify.org and the web application at app.sapiensify.org (together, the "Service"). We are the data controller for the personal data described in this policy.

Registered address: 2093 Philadelphia Pike #8152, Claymont, DE 19703, United States.
Privacy contact: privacy@sapiensify.org

2. Data We Collect

2a. Account information

The only personal data we store on our servers is your account email address, collected when you create an account. We use it to:

  • Send transactional emails (receipts, password resets, product updates you opt into).
  • Identify your account for billing and support purposes.
  • Comply with legal obligations.

Legal basis (GDPR Article 6): Contract performance (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)) for security and fraud prevention.

2b. Content you create

All text, briefs, outlines, and drafts you compose in Sapiensify are processed entirely inside your browser using client-side JavaScript. Nothing you type is sent to our servers, indexed, or used to train any AI model. When you choose to export or publish content, only the data you explicitly share leaves your device — directly to the destination you select (e.g., your CMS).

2c. Usage data

We collect anonymised, aggregated product-usage events (e.g., "pipeline board opened", "export triggered") through PostHog, configured in privacy-first mode: IP addresses are not stored, and no cross-site tracking occurs. This data cannot be linked back to an individual.

2d. Payment data

Billing is handled entirely by Stripe, Inc. We never see or store raw payment card numbers. Stripe's privacy policy applies to payment data: stripe.com/privacy.

2e. Support communications

If you contact us by email, we retain the content of that correspondence to resolve your inquiry and improve our support. We do not share support emails with third parties except as required by law.

3. How We Use Your Data

Purpose Data used Legal basis
Provide and maintain the Service Email Contract (Art. 6(1)(b))
Process subscription payments Email (Stripe handles card data) Contract (Art. 6(1)(b))
Send transactional emails Email Contract (Art. 6(1)(b))
Improve the product (aggregated analytics) Anonymous usage events Legitimate interests (Art. 6(1)(f))
Prevent fraud and abuse Email, server logs (7-day retention) Legitimate interests (Art. 6(1)(f))
Comply with legal obligations Email, billing records Legal obligation (Art. 6(1)(c))

4. Data Retention

  • Account email: retained while your account is active and for 30 days after deletion to allow reinstatement.
  • Billing records: retained for 7 years to comply with US tax and accounting requirements.
  • Server access logs: retained for 7 days, then automatically purged.
  • Aggregated analytics: retained indefinitely (contains no personal data).
  • Support emails: retained for 2 years after the inquiry is closed.

5. Cookies

We use a minimal set of cookies:

Cookie Purpose Duration Party
__session Authentication (Clerk) Session 1st
__clerk_* Authentication state 30 days 1st
ph_* Anonymous analytics (PostHog) 1 year 1st
__stripe_* Fraud prevention (Stripe) Session 3rd

Strictly necessary cookies (authentication) do not require consent. Analytics cookies are loaded only after you accept our cookie banner, or when your browser does not send a DNT: 1 header. You can clear cookies at any time in your browser settings.

6. Data Sharing

We do not sell, rent, or trade your personal data. We share it only with the sub-processors listed below, each bound by data processing agreements (DPAs) and, where applicable, EU Standard Contractual Clauses (SCCs):

  • Clerk, Inc. — authentication & user management
  • Stripe, Inc. — payment processing
  • PostHog, Inc. — anonymous product analytics
  • Resend, Inc. — transactional email delivery
  • Sentry, Inc. — error monitoring (no PII in error payloads)
  • Cloudflare, Inc. — CDN, DDoS protection, edge hosting
  • Vercel, Inc. — application hosting

We may also disclose data when required by law, court order, or to protect the rights and safety of Sapiensify, its users, or the public.

7. International Data Transfers

Sapiensify is based in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data is transferred to the US under the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) where our sub-processors participate. You may request a copy of the applicable SCCs by emailing privacy@sapiensify.org.

8. Your Rights

GDPR rights (EEA / UK residents)

You have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten"), subject to legal retention obligations.
  • Restrict processing in certain circumstances.
  • Portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local supervisory authority.

CCPA / CPRA rights (California residents)

You have the right to:

  • Know what personal information we collect, use, disclose, and sell.
  • Delete personal information we have collected (with exceptions).
  • Opt-out of sale or sharing — we do not sell or share your personal information, so this right does not currently apply.
  • Correct inaccurate personal information.
  • Limit use of sensitive personal information — we collect none.
  • Non-discrimination for exercising your rights.

To exercise any of these rights, email privacy@sapiensify.org from the address associated with your account. We will respond within 30 days (GDPR) or 45 days (CCPA), extendable by an additional 45 days with notice.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including TLS 1.3 in transit, AES-256 encryption at rest, role-based access controls, and regular security reviews. No transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us at privacy@sapiensify.org and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email (at the address on your account) at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

12. Contact

For privacy-related questions, requests, or complaints:

Sapiensify, Inc.
Attn: Privacy Team
2093 Philadelphia Pike #8152, Claymont, DE 19703, United States
Email: privacy@sapiensify.org

EEA residents may also contact our EU representative or lodge a complaint with the supervisory authority in their Member State. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.

← Home Terms of Service