← Back to homePrivacy Policy
Last updated: April 10, 2026
1. Data We Collect
When you use SayWhat Technology, we may collect:
- Account information (such as email address and user role)
- Documents you upload, including HOA governing documents (stored per community)
- User interactions, including questions submitted and responses generated
- Usage data, such as session timestamps and query counts, for billing, performance, and reliability purposes
2. How We Use Your Data
We use your data to:
- Provide document analysis and AI-powered assistance
- Enforce strict per-community data isolation
- Monitor and enforce plan limits and usage
- Improve service quality using aggregated and anonymized signals
We do not sell your data or use it for advertising.
3. AI Processing and Third-Party Sub-Processors
To provide AI-generated responses, certain data (such as user queries and relevant document excerpts) may be processed by third-party AI providers. We use the following sub-processors to deliver the service:
- OpenAI — AI processing (query answering, document analysis, and audio/video transcription via Whisper API). Data sent: document excerpts, user queries, and audio content from uploaded recordings. OpenAI does not use customer data to train models under our agreement.
- Amazon Web Services (AWS) — Cloud hosting, compute, and document storage (S3). All data is hosted in the US-East-1 (N. Virginia) region.
- Neon — Managed PostgreSQL database hosting. Stores user accounts, document metadata, and query history.
- Qdrant Cloud — Vector database for semantic search. Stores document embeddings with tenant isolation filters.
- Stripe — Payment processing. Processes billing information; SayWhat does not store credit card numbers.
- Better Stack — Monitoring, error tracking, and uptime monitoring. Receives anonymized error reports with no PII.
- DNSimple — DNS management for custom domain support.
- Resend — Transactional email delivery (invitations, magic links, notifications).
Each sub-processor processes data only as necessary to deliver the service and is subject to its own privacy policy and data processing agreements. We do not permit sub-processors to use your data for advertising or unrelated purposes.
4. Data Isolation
SayWhat Technology is designed with strict multi-tenant isolation. Each community's documents, user data, and interactions are logically separated and are not accessible to other communities. We do not share tenant data across communities.
5. Data Retention
Tenant data (including documents, messages, and user accounts) is retained while your subscription is active. Upon cancellation, data is deleted within 90 days, unless a longer retention period is required by law or for legitimate operational purposes (such as billing reconciliation or dispute resolution).
6. Data Security
We implement reasonable administrative, technical, and organizational safeguards designed to protect your data from unauthorized access, disclosure, alteration, or destruction. However, no system can be guaranteed to be completely secure.
7. Cookies and Usage Tracking
We may use cookies or similar technologies to:
- Maintain user sessions
- Support authentication and security
- Collect basic usage analytics to improve service performance
You can control cookie behavior through your browser settings.
8. Your Rights and Controls
- Administrators can export or delete community data via the admin dashboard
- Individual users may request account deletion by contacting us at privacy@saywhat.tech
We will respond to requests in accordance with applicable laws.
9. European Data Subject Rights (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data (“right to be forgotten”).
- Portability: Request a machine-readable export of your data.
- Restriction: Request that we limit how we process your data.
- Objection: Object to processing based on legitimate interest.
Our legal basis for processing personal data is contract performance (providing the service you subscribed to) and legitimate interest (improving service quality and maintaining security). To exercise any of these rights, contact privacy@saywhat.tech. We will respond within 30 days.
10. California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to delete: Request deletion of your personal information.
- Right to opt out: We do not sell personal information. No opt-out is necessary.
- Non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, contact privacy@saywhat.tech. We will verify your identity before processing the request.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Continued use of the service after changes are posted constitutes acceptance of the revised policy.
12. Contact
For privacy-related questions or requests, contact: privacy@saywhat.tech
See also: Terms of Service · Data Security