How long until my AI agent is live?

Most agents are live in 72 hours after you submit the onboarding form. Complex integrations such as custom CRMs can take up to a week.

Do I need technical skills to use Saygents?

No. The Saygents team handles the build, training, and deployment. The dashboard is designed for business owners, not engineers.

What channels can a Saygents AI agent run on?

Six channels: Web Chat, Instagram DM, Facebook Messenger, WhatsApp Business, SMS, and Email.

How does the AI agent know about my business?

During onboarding we capture your services, offers, pricing, tone of voice, FAQs, and any documents you share. The agent is trained on that material, not a generic model.

Can the AI agent book appointments?

Yes. Saygents connects directly to Google Calendar. The agent checks your real availability and books confirmed appointments during a conversation.

What happens if I go over my monthly conversation allowance?

Agents keep responding — there is no hard cap. Every agent includes 750 conversations per month. On Multi, those allowances are pooled across the whole tenant. Past that, overage bills at $50 per 250 extra conversations (rounded up) on the next invoice.

What about customer data and privacy?

Your data stays yours. Saygents never trains shared models on tenant conversations, and each tenant is isolated.

Can I cancel my Saygents subscription anytime?

Yes. Plans are month-to-month with no long-term contracts — cancel any month from the dashboard and your next renewal stops. The first month is charged in full at signup and is non-refundable, because the 72-hour custom build happens before your agent ever serves a conversation. After cancellation, your agent stays live through the end of the month you have already paid for.

Does the AI agent hand off to a human when needed?

Yes. The agent escalates to a human on your team whenever the conversation hits a confidence threshold, a sensitive topic, or a customer request — configured per agent.

What languages does a Saygents AI agent support?

English out of the box. The underlying model supports 30+ additional languages and can reply in whichever language the customer writes in — we tune the agent for the mix your business actually sees.

Back to home

Security · Data handling · Compliance

Customer trust is the product. We treat it that way.

Saygents agents handle real conversations with real customers — names, phone numbers, project details, payment intent. The controls below are how we keep that data inside your tenant, off shared training sets, and out of reach of anyone who does not have a documented reason to read it.

Email security@saygents.com Read the privacy policy

Security baseline

Nine pillars, not nine paragraphs of marketing.

Each pillar describes one specific control, what it protects, and how it is enforced. If your procurement team needs a deeper dive, email security@saygents.com.

Encryption everywhere

Every byte that moves between a customer, your agent, and our database is encrypted in transit with TLS 1.2 or higher. Every byte at rest sits inside AES-256-encrypted volumes managed by our cloud provider.

TLS 1.2+ for all browser, mobile, and server-to-server traffic
AES-256 encryption at rest on databases, file storage, and backups
Cryptographic keys managed by the cloud provider with automatic rotation
No raw conversations in unencrypted log files — ever

Tenant isolation

Every Saygents customer is a separate tenant. Your agents, your conversations, your customers, and your knowledge base live in your tenant. There is no path — by URL, by API token, or by user account — for one tenant to read another tenant's data.

Every database query is scoped by tenant ID at the application layer
API tokens are tenant-bound — leaked credentials cannot read across tenants
Admin tools require explicit tenant scoping before any read operation
Per-tenant audit log of every administrative action

No shared model training

Your customers' conversations, your knowledge base, your pricing — none of it is used to train shared models. Saygents is built on Anthropic's Claude Sonnet 4.6, used as a hosted inference service. Conversation data is never sent to a training set, ours or theirs.

Anthropic API used in zero-data-retention mode for inference
Conversation content never used to train Saygents-shared agents
Per-tenant knowledge bases stay inside the tenant boundary
No analytics product is permitted to read raw conversation content

Access controls

Saygents employees can only access tenant data when there is a documented support reason. Access is gated by single sign-on, requires a second factor, and every read of tenant data is logged.

SSO with mandatory MFA on all internal tooling
Principle of least privilege — engineers cannot read production by default
Production access is short-lived, time-bound, and audited
Customer-facing support tickets logged separately from access events

Sub-processors

Saygents uses a small set of well-known sub-processors to deliver the service. We list each one, what it does, and where it stores data.

Vercel — hosting, edge network, marketing site (US regions)
Supabase — primary application database (US regions)
Clerk — authentication for admin and customer portals
Anthropic — Claude Sonnet 4.6 model inference (zero-retention mode)
Stripe — billing, payment processing, customer portal
Twilio — SMS and WhatsApp Business API connectivity
Meta (Facebook) — Messenger and Instagram DM messaging APIs
Google — calendar and email APIs
Sentry — application error reporting (no message bodies sent)

Data residency

Saygents stores customer data in US regions on Vercel and Supabase. If your jurisdiction requires data to remain in a specific region, email security@saygents.com before signing — we will tell you honestly whether we can meet that requirement today.

Default residency: United States (Vercel + Supabase US regions)
Sub-processors that span regions documented above
Data export available at any time via the customer dashboard

Retention

We keep conversation data only as long as you need it. The default retention is 24 months for active tenants. You can shorten or extend retention per agent, and you can delete a conversation at any time from the dashboard.

Default retention: 24 months for conversation history
Configurable per agent — shorten to 30 / 90 / 365 days as needed
Manual delete on any conversation, customer record, or agent
Cancellation triggers a 30-day deletion window — recoverable on request

PII and regulated data

Customer messages routinely contain personal data — names, emails, phone numbers, addresses. We treat that as standard PII and protect it with the controls above. We do not, however, accept regulated categories like PHI, payment card data, or government identifiers without a written agreement.

Customer PII handled under our standard security baseline
No PHI, no PCI scope, no government identifiers without a signed addendum
Customers must not configure agents to elicit regulated data
Privacy policy covers customer-of-customer rights (GDPR, CCPA)

Incident response

If something goes wrong — a vulnerability disclosure, an internal access anomaly, an outage that affects your customers — we have a documented response runbook. Material security incidents are reported to affected tenants within 72 hours.

Internal runbook for triage, containment, and disclosure
Material security incidents reported within 72 hours
Vulnerability disclosure program — email security@saygents.com
Status page for service-level incidents (live across all channels)

Standards & frameworks

Where we are on each framework today.

We tell you the actual status — including what is in progress and what we don't cover by default. No vague "enterprise-grade" claims.

GDPR

Aligned

Saygents acts as a data processor for tenant customers. DPA available on request. We honor data subject access, deletion, and portability requests routed through the tenant.

CCPA / CPRA

Aligned

California consumer rights are honored through the same data subject request flow as GDPR. We do not sell personal information.

HIPAA

Available on request

PHI is not in scope by default. Healthcare-adjacent customers can request a BAA after a fit review with our team.

Shared responsibility

What we secure, and what is on you.

Saygents secures the platform — infrastructure, encryption, tenant isolation, model access. You are responsible for what your agent is configured to do, what data your customers send into it, and who in your team can log into the dashboard.

Saygents secures

Application code, infrastructure, and dependencies
Encryption of data in transit and at rest
Tenant isolation at the database and API layer
Model inference (zero-retention with Anthropic)
Access controls on Saygents employees
Sub-processor management and disclosure
Patching, monitoring, and incident response

You secure

Who you grant dashboard access to (and remove on offboarding)
What knowledge and pricing you load into the agent
Whether your agent solicits regulated data (it should not)
Your own customers' rights requests under GDPR and CCPA
The connected accounts you authorize (Meta, Twilio, Google)
Strong, unique passwords and MFA on your dashboard accounts

Frequently asked

Procurement-grade answers, in plain English.

Where is my customer data stored?+

In United States regions on Vercel (compute and edge) and Supabase (primary database). If your jurisdiction requires data to remain in a specific region, email security@saygents.com before signing.

Are my customer conversations used to train AI models?+

No. Saygents uses the Anthropic Claude API in zero-data-retention mode for inference. Conversation content is never sent to a training set — ours or any third party. Your knowledge base stays inside your tenant boundary.

How long do you keep conversation data?+

24 months by default. Each agent can be configured for shorter retention (30 / 90 / 365 days). Individual conversations and customer records can be deleted at any time from the dashboard.

What happens to my data if I cancel?+

On cancellation, your tenant enters a 30-day deletion window. Within that window, we can restore the tenant on request. After 30 days, all conversation data, customer records, and agent configurations are permanently deleted from primary storage. Encrypted backups age out within 90 days.

Can I sign a Data Processing Agreement (DPA)?+

Yes. Our DPA is available on request and reflects our role as a processor for tenant customers' data. We will sign it before subscription start for any customer who requests one.

Do you handle Protected Health Information (PHI) or payment card data?+

PHI and PCI data are not in scope by default. We do not accept agents configured to elicit those categories without a signed addendum and a fit review with our team. The standard security baseline covers all other customer PII.

How do I report a security issue?+

Email security@saygents.com with the details. We acknowledge within one business day and provide a remediation timeline within five. Critical vulnerabilities affecting customer data are triaged immediately.

security@saygents.com

Need a deeper review? We will get on a call.

Vendor questionnaire, security review call, DPA redlines, BAA fit review — email us and a real human responds within one business day.

Email security@saygents.com See how Saygents works