Privacy Policy
Your information is yours. Here's exactly what we do with it — and what we don't.
⚠️ Draft — pending U.S. legal review. This English version is provided so the site reads coherently and conveys the spirit of our data practices. It is not a finalized, jurisdiction-specific policy. Before serving customers in the United States, this document must be reviewed and adapted by qualified counsel, including compliance with applicable laws such as the CCPA/CPRA (California) and other state and federal regulations.
1. Who we are
Service: SAVIA TECH (“SAVIA”, “we”, “us”)
Privacy contact: savia.automatizacion@gmail.com
Website: https://saviaia.com
2. Applicable law
This policy is intended to align with the data-protection laws of the jurisdictions where we operate. For users in the United States, this is expected to include applicable federal and state privacy laws (for example, the California Consumer Privacy Act, as amended by the CPRA) once finalized by counsel.
3. Data we collect
3.1. Information you provide directly
- Full name
- WhatsApp / phone number
- Email address
- Government ID (only where required for billing/invoicing)
- Payment information (handled by an authorized payment processor — SAVIA does not store card numbers)
- Preferences, habits, contacts, important dates, and any other information you voluntarily share during conversations
3.2. Information generated by your use of the Service
- Messages sent and received (text, transcribed audio, images)
- Reminders, expenses, lists, tasks, and other records you create
- Metadata: date, time, channel, message identifiers
- “Persistent facts” the AI extracts automatically to personalize responses (semantic memory)
3.3. Technical data
- IP address (security events only)
- Device identifier (when provided by WhatsApp)
- Error logs and diagnostic traces
4. Sensitive information
Some information you may choose to share with SAVIA could be considered sensitive under applicable law — for example:
- Health information (medical appointments, medications)
- Biometric data (if you send voice notes)
- Information about your private or family life
Your consent: by voluntarily sharing sensitive information with SAVIA, you consent to its processing for the sole purpose of providing the Service. You may decline to share it without affecting essential functionality.
Information about minors: SAVIA does not serve minors and does not knowingly collect their data. If you mention information about a minor (e.g., “remind me of my child's birthday”), it is treated as data of the adult user who shared it, under that user's responsibility.
5. How we use your data
SAVIA processes personal data only to:
- Provide, maintain, and improve the Service.
- Personalize the AI's responses through semantic memory.
- Generate the reminders, reports, and notifications you request.
- Process payments and issue invoices.
- Handle support requests and communications with you.
- Comply with legal, tax, and contractual obligations.
- Run internal, anonymized statistical analysis to improve the product.
- Send operational messages (reminders, weekly reports) and, with separate consent, marketing messages.
SAVIA does NOT sell, rent, or share your data with third parties for their own marketing. SAVIA does NOT train its own or third-party AI models on your content. SAVIA does NOT use your data for advertising profiles.
6. Service providers
To run the Service, SAVIA shares certain data with the providers below. All maintain recognized security standards (SOC 2, ISO 27001, or equivalent):
| Provider | Function | Location |
|---|---|---|
| Meta Platforms, Inc. | WhatsApp Business Cloud API | Global |
| Twilio Inc. | Alternate WhatsApp channel | USA |
| Anthropic PBC | Language model (Claude) | USA — zero-data-retention policy |
| OpenAI, LLC | Audio transcription and embeddings | USA — zero-data-retention policy |
| Supabase Inc. | PostgreSQL database | USA / EU |
| Railway Corp. | Application hosting | USA |
| Upstash Inc. | Message queue (Redis) | USA / EU |
| Cloudflare Inc. | DNS and landing-page hosting | Global (CDN) |
| Sentry | Error monitoring | USA |
| Payment processor | Payment processing | Disclosed at checkout |
International transfers: some providers store data outside your country. Such transfers are made to jurisdictions with adequate protection or under contractual clauses that guarantee equivalent standards. By accepting this policy, you authorize these transfers to the providers listed.
7. Data retention
- While the Service is active: all data is retained to personalize your experience.
- After cancellation: data is retained for a maximum of 6 months, unless you request immediate deletion.
- Legal obligations: certain records (billing, accounting) are retained for the period required by applicable law.
- Backups: encrypted backups are rotated every 30 days.
8. Security
SAVIA applies technical, human, and administrative measures to protect your data:
- Encryption in transit (TLS 1.3) and at rest (AES-256 at the provider level).
- Least-privilege access controls.
- Regularly rotated credentials.
- Error and security-event monitoring (Sentry).
- Separation of production and development environments.
- Secure data deletion on request.
No system is 100% secure. In the event of a security incident affecting personal data, SAVIA will notify affected users and the relevant authorities within the timeframes required by applicable law.
9. Your rights
Depending on your jurisdiction, you have the right to:
- Access, update, and correct your personal data.
- Request confirmation of how your data is used.
- Delete your data, subject to legal retention obligations.
- Receive a copy of your data in a portable format.
- Withdraw consent and opt out of marketing or sale/sharing of data.
- Be free from discrimination for exercising these rights.
10. How to exercise your rights
Send a request to savia.automatizacion@gmail.com with:
- Your full name.
- The WhatsApp number on file.
- A clear description of the right you wish to exercise (access, update, correction, deletion, opt-out).
- An address or email for our reply.
We respond within the timeframes required by applicable law and will let you know if we need more information to verify your request.
11. Deletion and export
11.1. Deletion: you may request full deletion of your data at any time. We process it promptly, subject to legal retention requirements.
11.2. Export: you may request a copy of your data in a structured format (JSON), free of charge, once per year.
11.3. Full erasure: after deletion, we keep only a minimal record of the commercial transaction for tax purposes (no conversation content).
12. Cookies and similar technologies
The website https://saviaia.com uses strictly necessary cookies for basic functionality and, optionally, anonymized analytics cookies. You can disable them in your browser settings.
SAVIA (the WhatsApp chat) does not use cookies.
13. Children and teens
SAVIA is intended exclusively for people 18 and older. We do not knowingly collect data from minors. If a parent or guardian discovers a minor is using SAVIA, please contact savia.automatizacion@gmail.com to remove the account.
14. Consent
By using the Service, starting a conversation with SAVIA, or continuing to use it after reading this Policy, you provide prior, express, informed, and freely given consent for SAVIA to process your personal data as described here. You may withdraw consent at any time using the process in Section 10.
15. Changes
SAVIA may update this Policy to reflect legal or product changes. We will give at least 15 days' notice of material changes via WhatsApp or email. Continued use of the Service means you accept the updated Policy.
16. Supervisory authority
You may file a complaint with the data-protection or consumer-protection authority that has jurisdiction over you if you believe SAVIA is not complying with this policy or applicable law.
17. Contact
For any matter relating to your personal data: