Privacy Policy

Saygents ("Saygents," "we," "us," "our") provides AI customer-service agents that a business ("Customer") connects to its own communication channels. This policy explains what data we collect, how we use it, and what choices you have. If you interact with one of our Customers' AI agents (for example by sending a message to their Instagram or Facebook Page), you are an "End User" under this policy, and the Customer is the data controller — we process your data on their behalf.

1. Who we are

Saygents is operated by the legal entity identified at the bottom of this page. You can reach us at info@saygents.com for any question about this policy or your data.

2. Data we collect

From Customers (business accounts): name, business name, email, billing address, payment details (handled by Stripe — we never see card numbers), authentication credentials (handled by Clerk), and configuration data you enter in the dashboard.

From connected channels (Meta, SendGrid, Google, and similar): when a Customer connects their Facebook Page, Instagram Business account, WhatsApp number, email address, or web widget, we receive the content of messages sent to or from that channel, the sender's public profile info (name, platform user ID), attachments, and timestamps. We only receive data for the channels you explicitly connect.

From End Users: the content of messages you send to a Customer's AI agent, your display name and platform user ID as provided by the channel, and technical metadata such as timestamps and IP address.

Automatically: log data, device and browser information, and cookies required to run the service. We do not use advertising cookies.

3. How we use data

We use data only to (a) operate and improve the service, (b) generate AI replies on behalf of the Customer, (c) bill the Customer, (d) detect abuse and fraud, and (e) meet our legal obligations. We do not sell data, and we do not use message content to train third-party AI models.

Message content is sent to AI providers (currently Anthropic) strictly to generate a reply. Those providers process the data under their own privacy terms and do not retain it to train their models for our account.

4. Meta Platform data (Facebook, Instagram, WhatsApp)

When a Customer connects a Facebook Page or Instagram Business account, we request only the permissions required to operate the agent:

• pages_show_list — list the Customer's Pages so they can pick one.
• pages_manage_metadata — subscribe Saygents to messaging webhooks for the chosen Page.
• pages_messaging — receive and send Messenger DMs on the Page.
• instagram_basic — identify the Customer's Instagram Business account linked to the Page.
• instagram_manage_messages — receive and send Instagram DMs for that account.

We do not read Page posts, followers, ads, or insights. We do not access data from any Page or account the Customer has not explicitly connected. Customers can disconnect a channel at any time from the dashboard, which immediately revokes our access token and stops all data flow. You may also revoke Saygents directly from Facebook Business Integrations.

5. Google user data (Google Calendar integration)

Saygents offers one optional Google integration: Google Calendar, so the AI agent can book, reschedule, and cancel appointments on the Customer's behalf. The Customer chooses whether to enable it; we only request the scopes listed below when they do.

OAuth scopes we request:

• https://www.googleapis.com/auth/calendar.readonly — read existing events on the Customer's primary calendar to check availability before the agent offers a time slot, so it does not double-book.
• https://www.googleapis.com/auth/calendar.events — create, update, and cancel events on the Customer's primary calendar so the agent can book, reschedule, and cancel appointments on their behalf.
• https://www.googleapis.com/auth/userinfo.email — display the Customer's connected Google account email address in the Saygents dashboard so they can confirm which account they connected and disconnect or reconnect a different one.

Saygents' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we:

• use Google user data only to provide and improve the specific user-facing feature the Customer connected Google for — Calendar booking — and for nothing else;
• do not transfer Google user data to third parties except as necessary to provide or improve that user-facing feature, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to affected users;
• do not use Google user data to serve advertising of any kind, including retargeting, personalized, or interest-based ads;
• do not sell Google user data;
• do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine-learning models. Google Calendar event content is never used to train any model;
• do not allow humans to read Google user data, except (a) with the Customer's explicit consent for a specific support request, (b) where required for security investigations or to comply with law, or (c) where the data has been aggregated and anonymized so no individual user can be identified.

What we store: the OAuth refresh token plus the minimum event metadata required to track bookings the agent created (event ID, start and end time, attendee identifiers); and the connected Google account's email address, shown back to the Customer in the dashboard so they can verify or change which account is connected.

Customers can disconnect Google Calendar at any time from the Saygents dashboard, which immediately revokes our OAuth token and stops all data flow. You may also revoke Saygents directly from Google Account Permissions.

6. How we share data

We share data only with subprocessors we need to run the service:

• Supabase — database and file storage.
• Vercel — application hosting.
• Clerk — user authentication.
• Anthropic — AI model inference.
• Meta — Messenger, Instagram, and WhatsApp delivery.
• SendGrid — email delivery.
• Stripe — billing and payment processing.

We also disclose data if required by law, to defend legal claims, or to protect Saygents, our Customers, or the public from harm.

7. Data retention

We retain Customer account data for as long as the account is active and for up to 30 days after cancellation so you can reactivate. Message data is retained for 90 days by default to enable continuity, troubleshooting, and abuse detection, and then deleted. Customers can request a shorter retention window in writing. End Users can request deletion of their messages at any time via the process in Section 9.

8. Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest, scoped access tokens, least-privilege access to production systems, and audit logging. No system is perfectly secure; if we learn of a breach affecting your data we will notify affected users without undue delay.

9. Your rights and how to exercise them

Depending on your location, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. To exercise any of these rights:

• Email info@saygents.com with the subject "Data Request." We respond within 30 days.
• To delete data we received from Meta (Facebook, Instagram, WhatsApp), use our Data Deletion page.
• Customers can delete their account at any time from the dashboard; this deletes all associated Customer data within 30 days.

We will never retaliate against you for exercising a privacy right.

10. Children

Saygents is not directed to children under 16 and we do not knowingly collect their data. If you believe a child has sent data to a Saygents-powered agent, contact us and we will delete it.

11. International transfers

We are based in the United States and our subprocessors operate in the U.S. and EU. If you use Saygents from outside the U.S., your data will be transferred to and processed in the U.S. under appropriate safeguards.

12. Changes to this policy

We may update this policy to reflect changes in the service or the law. Material changes will be announced by email to Customers or a prominent notice on this page at least 14 days before they take effect.

13. Contact

Privacy questions or requests: info@saygents.com.