Legal · Privacy

Privacy policy.

Last updated · 24 April 2026

Sayso ("we", "our", "the app") is an iOS keyboard that helps you turn short voice or text prompts into polished replies. This policy explains what data we collect, where it goes, how long we keep it, and the choices you have. Plain language, no dark patterns.

1. What we collect

Account data. If you sign up: email, a salted bcrypt hash of your password, and a server-assigned user ID. If you use Sign in with Apple: Apple's opaque user identifier and (if you don't use private relay) your email address. If you stay anonymous: a random device identifier we mint on first launch.
Voice input. When you tap the mic, audio is transmitted to our speech-to-text provider to produce a transcript, then discarded. We do not retain raw audio on our servers.
Generated text. The transcript plus your active Scene / Tone / Contact / Skill context is sent to the AI model provider to produce the reply. The reply is delivered to you; we log minimal metadata (model, timestamp, user ID, token count) for billing and abuse prevention.
Your packs. Contacts, scenes, tones, and skills you create are stored on our servers so they can be used at generation time.
Preferences. Your active contact, pack selection, output language, and appearance preference.
Purchase data. For paid users we receive the original transaction ID, product ID, purchase date, and expiry from the Apple App Store. We do not receive your credit card, billing address, or full Apple ID — only an anonymous transaction identifier.
Email delivery. Transactional emails (verify email, password reset) are sent via our email provider. Delivery metadata (sent timestamp, bounce status) is retained by that provider under their policy.
Usage metrics. Per-day generation counts, per-day transcription seconds, and pack counts for quota enforcement.

2. What we do not collect

We do not read or scrape the text fields of other apps. The keyboard only processes what you explicitly enter, paste, or dictate.
We do not track your location.
We do not use advertising SDKs or collect ad identifiers.
We do not profile you for ads across other apps or websites.
We do not sell your data.

3. Third-party processors

These providers process your data on our behalf. They are contractually bound not to retain your inputs for training or for their own purposes.

Speech-to-text: ByteDance (Doubao ASR).
Text generation: Anthropic (Claude), Alibaba Cloud (Qwen), ByteDance (Doubao). Which provider handles your request depends on your tier and the "Premium Mode" preference.
Payments & subscriptions: Apple (App Store in-app purchase).
Email delivery: Resend (transactional email only).
Infrastructure: Cloud server infrastructure in Asia-Pacific and the United States. We are in the process of migrating to a single US region hosted on Google Cloud Platform.
Landing site hosting & DNS: Cloudflare.

4. Full Access (iOS keyboard permission)

Sayso requires "Allow Full Access" on iOS to reach our servers over the network and to generate replies. Without this permission the AI generation feature will not work. We still do not read content from other apps beyond what you explicitly type, paste, or dictate inside the Sayso keyboard.

5. Data retention

Voice audio: discarded after transcription (seconds). Not stored.
Transcripts and generated text: retained for up to 30 days for abuse investigation and debugging, then deleted.
Usage logs: counts and timestamps retained for 12 months.
Account data and uploaded packs: retained until you delete your account.
Subscription records: retained as long as required by Apple's receipt-validation requirements and applicable tax law.
Email delivery metadata: retained by Resend under their policy (typically 30–90 days).

6. Your rights

Access / export. Email us and we will provide a copy of your stored data within 30 days.
Delete. Open Settings → Delete my data in the app. Your server-side account and all content you created will be removed immediately. This does not cancel an active Apple subscription — manage that in your Apple ID settings.
Correct. Most profile fields (name, email) can be edited in the app. For fields you can't edit directly, email us.
Portability & objection. Residents of the EU / UK / Switzerland have GDPR rights of access, rectification, erasure, portability, restriction of processing, and objection. Residents of California have the equivalent CCPA / CPRA rights. Email us to exercise any of these rights — we respond within 30 days.
Withdraw consent. Disable "Allow Full Access" in iOS Settings or uninstall Sayso at any time.

7. Children

Sayso is rated 17+ and is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, email us and we will delete it.

8. International transfers

Your data may be processed in countries other than the one you live in, including the United States and Asia-Pacific. Where we transfer data out of your home region, we rely on Standard Contractual Clauses or an equivalent legal mechanism. The same security practices described here apply regardless of where your data is processed.

9. Cookies & local storage on our website

usesayso.com is a marketing site. We keep it lean:

Necessary: one localStorage entry (sayso.cookie) so we remember whether you accepted or declined this notice.
Hosting: Cloudflare logs request metadata (IP, user agent, referrer) for up to 48 hours for abuse prevention. This is standard CDN behaviour and we do not link it to any Sayso account.
No analytics, no ad pixels, no third-party trackers on the landing site. If that changes we will update this section before deploying.

The Sayso iOS app itself does not use cookies. It communicates with our API using a bearer JWT stored in the iOS keychain and shared app-group storage.

10. Security

We encrypt data in transit (TLS 1.2+) and at rest on our database. Passwords are stored as salted bcrypt hashes — we cannot recover your password, only issue a reset. We apply the principle of least privilege to internal access and we disclose material security incidents that affect you within the timelines required by applicable law.

11. Changes to this policy

We will post any changes on this page and update the "Last updated" date. Material changes will also be announced in-app or by email. Continued use of Sayso after changes become effective constitutes acceptance of the revised policy.

12. Contact

Questions, requests, or concerns: hello@usesayso.com.

← Back to sayso. Terms of use · read them here