Privacy policy.

Sayso ("we", "our", "the app") is an iOS keyboard that helps you turn short voice or text prompts into polished replies. This policy explains what data we collect, where it goes, how long we keep it, and the choices you have. Plain language, no dark patterns.

1. What we collect

• Account data. If you sign up: email, a salted bcrypt hash of your password, and a server-assigned user ID. If you use Sign in with Apple: Apple's opaque user identifier and (if you don't use private relay) your email address. If you stay anonymous: a random device identifier we mint on first launch.
• Voice input. When you tap the mic, audio is transmitted to our speech-to-text provider to produce a transcript, then discarded. We do not retain raw audio on our servers.
• Generated text. The transcript plus your active Scene / Tone / Contact / Skill context is sent to the AI model provider to produce the reply. The reply is delivered to you; we log minimal metadata (model, timestamp, user ID, token count) for billing and abuse prevention.
• Your packs. Contacts, scenes, tones, and skills you create are stored on our servers so they can be used at generation time.
• Preferences. Your active contact, pack selection, output language, and appearance preference.
• Purchase data. For paid users we receive the original transaction ID, product ID, purchase date, and expiry from the Apple App Store. We do not receive your credit card, billing address, or full Apple ID — only an anonymous transaction identifier.
• Email delivery. Transactional emails (verify email, password reset) are sent via our email provider. Delivery metadata (sent timestamp, bounce status) is retained by that provider under their policy.
• Usage metrics. Per-day generation counts, per-day transcription seconds, and pack counts for quota enforcement.

2. What we do not collect

• We do not read or scrape the text fields of other apps. The keyboard only processes what you explicitly enter, paste, or dictate.
• We do not track your location.
• We do not use advertising SDKs or collect ad identifiers.
• We do not profile you for ads across other apps or websites.
• We do not sell your data.

3. Third-party processors

These providers process your data on our behalf. They are contractually bound not to retain your inputs for training or for their own purposes. We may change providers over time; material changes will be announced on this page before they take effect.

• Speech-to-text: OpenAI (Whisper-class transcription model, currently gpt-4o-mini-transcribe). Receives the audio recording only. Per OpenAI's API data policy your audio is not retained by OpenAI and is not used to train any model.
• Text generation — default for all users: Alibaba Cloud Model Studio (Qwen 3.5 Flash, US-region deployment). Receives the transcribed (or typed) text plus the scene / tone / contact labels you selected in Sayso. Not used for training.
• Text generation — fallback: Google Gemini (3.1 Flash Lite, via Google AI Studio). Used only when the default provider is unavailable or returns an error. Same data shape as above. Not used for training.
• Text generation — Premium Mode (Pro / Business opt-in): Anthropic (Claude Sonnet). Engaged per request when a Pro / Business subscriber explicitly turns on Premium Mode for that message. Same data shape as above. Not used for training.
• Payments & subscriptions: Apple (App Store in-app purchase).
• Email delivery: Resend (transactional email only — verification codes and password resets).
• Application hosting: Google Cloud Platform (Cloud Run, us-west1 Oregon).
• Database: Neon (managed Postgres, us-west-2 Oregon).
• Landing site hosting & DNS: Cloudflare (Pages + DNS + Email Routing for @usesayso.com inbound mail).

What we do not send to any AI provider: your email address, account ID, device identifiers (IDFA / IDFV), location, iPhone contacts, calendar, photos, browsing history, or content from apps other than what you explicitly type, paste, or dictate inside the Sayso keyboard.

In-app consent. The first time you launch Sayso you see a full-screen disclosure naming each of the AI providers above, describing exactly what data is sent to each one, and asking you to tap Agree & continue before any audio or text leaves your device. You can review the same disclosure and revoke your consent at any time from Settings → AI providers. While consent is revoked, the keyboard's voice / refine features stop reaching any AI provider, and Sayso prompts you to re-agree on next launch before continuing. If we add a new AI provider in the future or materially change what data is sent, we bump the consent version and the disclosure re-appears so you can review and re-agree.

4. Full Access (iOS keyboard permission)

Sayso requires "Allow Full Access" on iOS to reach our servers over the network and to generate replies. Without this permission the AI generation feature will not work. We still do not read content from other apps beyond what you explicitly type, paste, or dictate inside the Sayso keyboard.

5. Data retention

• Voice audio: discarded after transcription (seconds). Not stored.
• Transcripts and generated text: retained for up to 30 days for abuse investigation and debugging, then deleted.
• Usage logs: counts and timestamps retained for 12 months.
• Account data and uploaded packs: retained until you delete your account.
• Subscription records: retained as long as required by Apple's receipt-validation requirements and applicable tax law.
• Email delivery metadata: retained by Resend under their policy (typically 30–90 days).

6. Your rights

• Access / export. Email us and we will provide a copy of your stored data within 30 days.
• Delete. Open Settings → Delete my data in the app. Your server-side account and all content you created will be removed immediately. This does not cancel an active Apple subscription — manage that in your Apple ID settings.
• Correct. Most profile fields (name, email) can be edited in the app. For fields you can't edit directly, email us.
• Portability & objection. Residents of the EU / UK / Switzerland have GDPR rights of access, rectification, erasure, portability, restriction of processing, and objection. Residents of California have the equivalent CCPA / CPRA rights. Email us to exercise any of these rights — we respond within 30 days.
• Withdraw consent. Disable "Allow Full Access" in iOS Settings or uninstall Sayso at any time.

7. Children

Sayso is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, email us and we will delete it.

8. International transfers

Your data may be processed in countries other than the one you live in. Our application servers and database run in the United States (Oregon). Our AI processors also run in the United States (OpenAI for transcription, Alibaba Cloud Model Studio US-region for default text generation, Google for fallback text generation, Anthropic for Premium replies). Where we transfer data out of your home region, we rely on Standard Contractual Clauses or an equivalent legal mechanism. The same security practices described here apply regardless of where your data is processed.

9. Cookies & local storage on our website

usesayso.com is a marketing site. We keep it lean:

• Necessary: one localStorage entry (sayso.cookie) so we remember whether you accepted or declined this notice.
• Hosting: Cloudflare logs request metadata (IP, user agent, referrer) for up to 48 hours for abuse prevention. This is standard CDN behaviour and we do not link it to any Sayso account.
• No analytics, no ad pixels, no third-party trackers on the landing site. If that changes we will update this section before deploying.

The Sayso iOS app itself does not use cookies. It communicates with our API using a bearer JWT stored in the iOS keychain and shared app-group storage.

10. Security

We encrypt data in transit (TLS 1.2+) and at rest on our database. Passwords are stored as salted bcrypt hashes — we cannot recover your password, only issue a reset. We apply the principle of least privilege to internal access and we disclose material security incidents that affect you within the timelines required by applicable law.

11. Changes to this policy

We will post any changes on this page and update the "Last updated" date. Material changes will also be announced in-app or by email. Continued use of Sayso after changes become effective constitutes acceptance of the revised policy.

12. Contact

Questions, requests, or concerns: hello@usesayso.com.