Privacy Policy

Effective date: April 17, 2026  ·  Last updated: April 18, 2026

Saygents ("Saygents," "we," "us," "our") provides AI customer-service agents that a business ("Customer") connects to its own communication channels. This policy explains what data we collect, how we use it, and what choices you have. If you interact with one of our Customers' AI agents (for example by sending a message to their Instagram or Facebook Page), you are an "End User" under this policy, and the Customer is the data controller — we process your data on their behalf.

1. Who we are

Saygents is operated by the legal entity identified at the bottom of this page. You can reach us at info@saygents.com for any question about this policy or your data.

2. Data we collect

From Customers (business accounts): name, business name, email, billing address, payment details (handled by Stripe — we never see card numbers), authentication credentials (handled by Clerk), and configuration data you enter in the dashboard.

From connected channels (Meta, Twilio, SendGrid, and similar): when a Customer connects their Facebook Page, Instagram Business account, WhatsApp number, phone number, email address, or web widget, we receive the content of messages sent to or from that channel, the sender's public profile info (name, platform user ID), attachments, and timestamps. We only receive data for the channels you explicitly connect.

From End Users: the content of messages you send to a Customer's AI agent, your display name and platform user ID as provided by the channel, and technical metadata such as timestamps and IP address.

Automatically: log data, device and browser information, and cookies required to run the service. We do not use advertising cookies.

3. How we use data

We use data only to (a) operate and improve the service, (b) generate AI replies on behalf of the Customer, (c) bill the Customer, (d) detect abuse and fraud, and (e) meet our legal obligations. We do not sell data, and we do not use message content to train third-party AI models.

Message content is sent to AI providers (currently Anthropic) strictly to generate a reply. Those providers process the data under their own privacy terms and do not retain it to train their models for our account.

4. Meta Platform data (Facebook, Instagram, WhatsApp)

When a Customer connects a Facebook Page or Instagram Business account, we request only the permissions required to operate the agent:

  • pages_show_list — list the Customer's Pages so they can pick one.
  • pages_manage_metadata — subscribe Saygents to messaging webhooks for the chosen Page.
  • pages_messaging — receive and send Messenger DMs on the Page.
  • instagram_basic — identify the Customer's Instagram Business account linked to the Page.
  • instagram_manage_messages — receive and send Instagram DMs for that account.

We do not read Page posts, followers, ads, or insights. We do not access data from any Page or account the Customer has not explicitly connected. Customers can disconnect a channel at any time from the dashboard, which immediately revokes our access token and stops all data flow. You may also revoke Saygents directly from Facebook Business Integrations.

5. Google user data (Google Calendar integration)

When a Customer connects their Google Calendar so the AI agent can handle appointment bookings, we request only the OAuth scopes required:

  • https://www.googleapis.com/auth/calendar.events — create, read, update, and delete events on the Customer's primary calendar so the agent can book, reschedule, and cancel appointments on their behalf.
  • https://www.googleapis.com/auth/calendar.readonly — read existing events to check availability before the agent offers a time slot, so it does not double-book.

Saygents' use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we:

  • use Google user data only to provide the user-facing booking feature the Customer connected Google Calendar for;
  • do not transfer Google user data to third parties except as necessary to provide or improve that user-facing feature, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to affected users;
  • do not use Google user data to serve advertising, including retargeting, personalized, or interest-based ads;
  • do not sell Google user data;
  • do not use Google user data to develop, improve, or train generalized AI or machine-learning models. Google Calendar event content is never sent to any AI model.

We store only the OAuth refresh token needed to call Google on the Customer's behalf, plus the minimum event metadata required to track bookings created by the agent (event ID, start and end time, and attendee identifiers). Customers can disconnect Google Calendar at any time from the Saygents dashboard, which immediately revokes our OAuth token and stops all data flow. You may also revoke Saygents directly from Google Account Permissions.

6. How we share data

We share data only with subprocessors we need to run the service:

  • Supabase — database and file storage.
  • Vercel — application hosting.
  • Clerk — user authentication.
  • Anthropic — AI model inference.
  • Meta — Messenger, Instagram, and WhatsApp delivery.
  • Twilio — SMS delivery.
  • SendGrid — email delivery.
  • Stripe — billing and payment processing.

We also disclose data if required by law, to defend legal claims, or to protect Saygents, our Customers, or the public from harm.

7. Data retention

We retain Customer account data for as long as the account is active and for up to 30 days after cancellation so you can reactivate. Message data is retained for 90 days by default to enable continuity, troubleshooting, and abuse detection, and then deleted. Customers can request a shorter retention window in writing. End Users can request deletion of their messages at any time via the process in Section 9.

8. Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest, scoped access tokens, least-privilege access to production systems, and audit logging. No system is perfectly secure; if we learn of a breach affecting your data we will notify affected users without undue delay.

9. Your rights and how to exercise them

Depending on your location, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. To exercise any of these rights:

  • Email info@saygents.com with the subject "Data Request." We respond within 30 days.
  • To delete data we received from Meta (Facebook, Instagram, WhatsApp), use our Data Deletion page.
  • Customers can delete their account at any time from the dashboard; this deletes all associated Customer data within 30 days.

We will never retaliate against you for exercising a privacy right.

10. Children

Saygents is not directed to children under 16 and we do not knowingly collect their data. If you believe a child has sent data to a Saygents-powered agent, contact us and we will delete it.

11. International transfers

We are based in the United States and our subprocessors operate in the U.S. and EU. If you use Saygents from outside the U.S., your data will be transferred to and processed in the U.S. under appropriate safeguards.

12. Changes to this policy

We may update this policy to reflect changes in the service or the law. Material changes will be announced by email to Customers or a prominent notice on this page at least 14 days before they take effect.

13. Contact

Privacy questions or requests: info@saygents.com.

© Saygents LLC All rights reserved.

Terms of Service  ·  Data Deletion