Privacy Policy

Account Information

When a Customer organization signs up, we collect:

• Organization name and contact details
• Names and email addresses of Authorized Users
• Billing and payment information

Integration Data

When a Customer connects third-party services, we process data from those sources:

Integrations are enabled solely at the Customer's direction. We only connect data sources that the Customer explicitly authorizes.

Derived Data

We generate and store structured outcomes, reports, and artifacts derived from the above sources. This derived data is considered Customer Data and belongs to the Customer.

We use the information we collect to:

• Provide the Service — process integration data through AI to generate outcomes, reports, and artifacts
• Operate and maintain — ensure the Service functions correctly, including debugging and troubleshooting
• Communicate — send service-related notices, billing information, and respond to support requests
• Improve the Service — understand how the Service is used to inform product development (using aggregated, de-identified data only)

We do not use Customer Data to train or fine-tune AI models.

Sattva uses Anthropic's commercial API to analyze integration data and generate outcomes. Under Anthropic's commercial API terms, Customer Data sent to their API is not used to train Anthropic's models.

We may access Customer Data for debugging and operational support. This access is limited to what is necessary to resolve issues and maintain service quality.

We use the following services to operate Sattva. Each processes some portion of Customer Data as described:

A complete list of sub-processors, including those used for ancillary functions, is maintained on our Trust page.

We retain Customer Data (outcomes, reports, artifacts) for as long as the Customer's account is active so that users can continue to consult their data.

Upon cancellation or termination, Customer Data is retained for 30 days and then permanently deleted, unless:

• The Customer requests earlier deletion
• Retention is required by law

Customers may request data deletion at any time by contacting us.

We implement appropriate technical and organizational measures to protect Customer Data, including:

• Encryption in transit (TLS) and at rest
• Access controls limiting data access to authorized personnel
• Regular review of security practices

For more detail on our security posture and roadmap, see our Trust page.

We do not sell Customer Data. We share information only in the following circumstances:

• Sub-processors — as described in Section 4, to operate the Service
• Legal obligations — when required to comply with applicable law, regulation, or legal process
• Business transfers — in connection with a merger, acquisition, or sale of assets, with prior notice to affected Customers

Because Sattva processes data from third-party integrations that the Customer connects, the Customer is responsible for:

• Obtaining any required consents from individuals whose data may be processed through connected integrations (e.g., meeting participants when using Granola)
• Ensuring it has the right to connect each data source
• Informing its Authorized Users about how data flows through Sattva

The Sattva marketing website does not currently use cookies or third-party tracking. The application uses essential cookies required for authentication and session management only.

If this changes, we will update this policy and provide notice.

Sattva is a business-to-business service not directed at individuals under 18. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. Material changes will be communicated via the email associated with the Customer's account at least 30 days before taking effect.

For questions about this Privacy Policy or to exercise data rights, contact us at nsbarr@gmail.com.

Saatva Studios, LLC
Brooklyn, NY