Privacy Policy
To offer this website and its software products and services, Sattva Studios, LLC ("Sattva," "we," "us," or "our") collects personal data, including from its customers and visitors. This policy describes how we treat your personal data.
Last updated: June 15, 2026
By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you consent to our collection, use, and sharing of your information as described in this Privacy Policy. Your privacy, and the privacy of all our users, is very important to us. Please read this Privacy Policy to learn how we treat your personal data.
Your use of the Services is at all times subject to our Subscription Agreement, which incorporates this Privacy Policy. Any terms we use here without defining them have the meanings given to them in the Subscription Agreement.
Note for customer end users: Sattva is provided to organizations (our customers) for use by their staff and authorized users. When you use the Services as part of your organization, your organization controls the account and the data within it. This Privacy Policy describes Sattva's own practices; your organization's policies also govern your use.
This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. Personal Data means any information that identifies or relates to a particular individual, including information referred to as personally identifiable information or personal information under applicable data-privacy laws.
This Privacy Policy does not cover the practices of companies we don't own or control, or people we don't manage — including the third-party services you connect to the Services (such as Slack or Google Drive) or our third-party providers, each of which is governed by its own privacy policy.
Categories of Personal Data We Collect
| Category | Examples | Shared With |
|---|---|---|
| Identity & Profile | First and last name, email address, organization/employer name, role | Service Providers, Parties You Authorize |
| Data & Documents You Provide | Knowledge-base documents and their contents; messages and conversations with the Sattva agent (on the web or in Slack); files and metadata synced from connected sources (such as Google Drive); organization profile and context you provide | Service Providers (including our AI and infrastructure providers), Parties You Authorize (including integrations you connect, such as Slack and Google) |
| Online Identifiers | Account identifiers, authentication tokens for connected integrations | Service Providers, Parties You Authorize |
| Payment / Billing | Billing contact, billing address, and payment details processed by our payment provider | Service Providers, including our payment processor (Stripe) and banking provider (Mercury) |
| Usage & Analytics | Interactions with the Services, feature usage, request identifiers, agent run logs | Service Providers |
| Device / Technical | IP address, device and browser type, operating system | Service Providers |
| Other Information You Provide | Information you submit in emails, messages, survey responses, or other content you upload | Service Providers, Parties You Authorize |
Categories of Sources of Personal Data
- You — when you provide information directly; create an account or use the Services; upload files or authorize access to connected integrations; submit free-form content; respond to surveys; or contact us. Some information is collected automatically when you use the Services, including through Cookies (defined below).
- Your Organization — when an administrator at your organization sets up your account or connects integrations on your organization's behalf.
- Third Parties — connected integrations you (or your organization) authorize, and vendors who help us provide analytics or customer support.
- Providing, Customizing, and Improving the Services — creating and managing accounts; processing orders and billing; delivering the products, services, and information you request; providing the AI agent, knowledge base, and connected workflows; providing support; improving the Services through testing, research, and internal analytics; personalizing content; and performing fraud protection, security, and debugging.
- Marketing the Services — marketing and selling the Services.
- Corresponding With You — responding to your correspondence, contacting you when necessary or requested, and sending information about Sattva or the Services according to your preferences.
- Meeting Legal Requirements and Enforcing Legal Terms — complying with legal obligations; preventing, detecting, and investigating security incidents and prohibited activity; protecting the rights, property, or safety of you, Sattva, or others; enforcing our agreements; and resolving disputes.
No AI training on your data. We do not use your Inputs or Outputs (the content you submit to the agent or that it generates for you) to train AI models. Our third-party AI providers process this content under commercial terms that do not permit training on it. See "How We Share Your Personal Data" below.
Note: We will not collect additional categories of Personal Data, or use the Personal Data we collected for materially different, unrelated, or incompatible purposes, without providing you notice.
We disclose your Personal Data to the categories of service providers and other parties below. We do not sell your Personal Data.
- Service Providers and Subprocessors. These parties help us provide the Services or perform business functions on our behalf, including AI/LLM processing, hosting, database and storage, integration connectivity, authentication, analytics, and payment processing. Our current subprocessors — including Anthropic (AI agent processing), OpenAI (text embeddings for knowledge-base search), Supabase (database, authentication, and vector storage), Nango (integration connectivity), Slack (conversational interface), and Railway (application hosting) — are listed and kept up to date on our Trust page. Our payment processor (Stripe) and banking provider (Mercury) process billing information.
- Parties You Authorize. Third-party services you or your organization connect to the Services (such as Slack and Google Drive), and other users within your organization's account.
- Analytics Partners. Parties that provide analytics on usage of the Services.
Legal Obligations
We may share any Personal Data we collect with third parties in connection with the legal-compliance and enforcement activities described above.
Business Transfers
If we undergo a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your Personal Data may be transferred to the party that assumes control of our business. We will make reasonable efforts to notify you before your information becomes subject to a different privacy policy.
We may create aggregated, de-identified, or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable. We may use and share such data for our lawful business purposes — including to analyze, build, and improve the Services and promote our business — provided we will not share it in a manner that could identify you.
The Services use cookies and similar technologies (collectively, Cookies) to enable our servers to recognize your browser, tell us how and when you use our Services, analyze trends, and operate and improve our Services.
We use the following types of Cookies:
- Essential Cookies — required for features you request, such as logging into secure areas. Disabling these may make certain features unavailable.
- Functional Cookies — record your choices and settings and recognize you when you return.
- Performance / Analytical Cookies — help us understand how visitors use the Services so we can improve them.
You can decide whether to accept Cookies through your browser settings; most browsers let you turn off or delete Cookies, though some Services or functionality may not work as a result. Because of our use of Cookies, the Services do not currently respond to "Do Not Track" signals.
We seek to protect your Personal Data using appropriate physical, technical, organizational, and administrative measures based on the type of data and how we process it. Our current security practices — including single-tenant isolation (a dedicated, isolated database and deployment per customer organization), AES-256 encryption at rest, TLS 1.2+ in transit, row-level security, and passwordless authentication — are described on our Trust page. You should also help protect your data by safeguarding your sign-in credentials, limiting access to your devices, and signing out after use. No method of transmitting or storing data is completely secure.
We retain Personal Data for as long as your organization has an open account with us, or as otherwise necessary to provide the Services. We may retain data longer where necessary to comply with legal obligations, resolve disputes, or collect fees owed, or where permitted by law. Following termination of an account, we delete the associated data across our data stores within the period described in the Subscription Agreement, except as required to be retained by law or held in anonymized or aggregated form. We provide breach notification to affected organizations without undue delay.
We do not knowingly collect or solicit Personal Data from children under 16. If you are under 16, please do not attempt to use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16, we will delete it as quickly as possible. If you believe a child under 16 may have provided us Personal Data, contact us at team@sattva.capital.
California Resident Rights
Under California Civil Code Sections 1798.83–1798.84, California residents may contact us to prevent disclosure of Personal Data to third parties for those third parties' direct-marketing purposes. To submit a request, contact us at team@sattva.capital.
Nevada Resident Rights
Nevada residents may opt out of the sale of certain Personal Data by contacting us at team@sattva.capital with the subject line "Nevada Do Not Sell Request," including the name and email address associated with the account.
Your information may be transferred to and processed in the United States or other countries where Sattva or its service providers operate.
We may change this Privacy Policy from time to time. We will alert you to material changes by posting a notice on the Sattva website, by email, and/or by other means, and by updating the "Last updated" date above.
If you have questions about this Privacy Policy, contact us at team@sattva.capital.