Back
Legal · Savitr LLC

Privacy Policy

This policy explains what information Savitr collects, how we use and share it, how long we keep it, and the choices and rights you have. It covers our websites, apps, and the savitrAI features.

EffectiveJuly 6, 2026UpdatedJuly 6, 2026Version1.0
On this page
  1. 01Overview
  2. 02Our role: controller & processor
  3. 03Information we collect
  4. 04How we use information
  5. 05AI features & Anthropic
  6. 06Cookies & similar tech
  7. 07How we share information
  8. 08Sub-processors
  9. 09Data retention
  10. 10Security
  11. 11International transfers
  12. 12Your privacy rights
  13. 13Children's privacy
  14. 14Changes to this policy
  15. 15Contact

Overview

01

Savitr LLC (“Savitr,” “we,” or “us”), a Delaware limited liability company, provides a multi-tenant operations platform: the operating software a business runs on, the data layer that reads it back, and the savitrAI assistant. This Privacy Policy describes how we handle information in connection with the Services described in our Terms & Conditions.

Savitr is a business-to-business product. It is not directed to consumers, and we do not knowingly use the Services to collect information directly from the general public.

Our role: controller & processor

02

We handle information in two different roles, and your rights depend on which applies:

  • As a controller: for account and identity information (such as the email and name used to sign in), billing information, support requests, and information about how the Services are accessed and secured. We decide how this information is used to run and protect our business.
  • As a processor: for the business records a Customer puts into its tenant (“Customer Data”), including information about the Customer's own customers and suppliers. We process this data on the Customer's behalf and under its instructions.

If your personal information appears inside a Customer's tenant (for example because you are a customer or supplier of a business that uses Savitr), that business is the controller. Please direct access or deletion requests to them; we will support them in responding.

Information we collect

03

Account & identity information

When an account is created or used, we process your email address, first and last name, and, if you sign in with Google or upload one, a profile picture. Authentication is handled by our identity provider; Savitr never stores your password. We also process organization and role information that determines what you can access.

Customer Data you submit

The Services store the business records you enter (products, inventory, locations, transfers, orders, documents, and invoices), as well as contact details you choose to add about your customers and suppliers (such as name, email, phone, and address) and location coordinates for your sites. You control this data.

Usage, device & log information

To operate and secure the Services, we and our providers process technical information such as IP address, browser and device details, and timestamps. We maintain an append-only audit log of significant actions within a tenant, which records the acting user, their IP address, and user agent for security and accountability.

Support information

If you contact support or report a problem, we process the message and any diagnostic details you include, along with your name and email, to respond and resolve the issue.

Billing information

For paid plans, we process billing and transaction details. When electronic payment becomes available, card details are handled by a third-party payment processor, not stored by Savitr.

How we use information

04

We use information to:

  • provide, maintain, and secure the Services and authenticate users;
  • operate features you use, including savitrAI, analytics, and documents;
  • respond to support requests and communicate about the Services;
  • detect, prevent, and investigate fraud, abuse, security incidents, and violations of our Terms;
  • process payments and manage billing;
  • comply with legal obligations and enforce our agreements; and
  • understand and improve the Services, including through aggregated or de-identified analysis that does not identify you.

We do not sell personal information, and we do not use the Services to serve advertising or for cross-context behavioral advertising.

AI features & Anthropic

05

savitrAI and related AI features are powered by Anthropic (the maker of Claude), which acts as a sub-processor. When you use these features, relevant Customer Data (for example the product, inventory, order, or contact records you are authorized to see) is transmitted to Anthropic to generate a response. The product-name normalization feature similarly sends the name being entered along with a sample of your existing catalog names.

These features operate within your existing permissions: savitrAI can only read or act on data the signed-in user can already access, and any action that writes or changes data requires your explicit confirmation. Anthropic processes this data under its commercial terms to return results to you.

AI output can be inaccurate or incomplete and should be reviewed before you rely on it. Avoid submitting information to AI features that you do not want processed by our AI sub-processor.

Cookies & similar technologies

06

We keep cookie use to a minimum. The Services rely on a single essential session cookie to keep you signed in securely across Savitr subdomains; it is encrypted and set as httpOnly. A short-lived cookie may be used during Google sign-in to complete the login flow.

We do not use advertising or cross-site tracking cookies. Any product analytics we use are configured to be cookieless and to avoid collecting personal information. Because our essential cookies are required for the Services to function, they are not subject to opt-out.

How we share information

07

We share information only as needed to run the Services:

  • Sub-processors: trusted vendors that host, secure, and support the Services, listed below, acting under contract and on our instructions;
  • Within your organization: Customer Data is accessible to authorized users of your tenant according to the roles and permissions your administrators configure;
  • Legal & safety: where required by law, regulation, or valid legal process, or to protect the rights, property, and safety of Savitr, our users, or the public; and
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

We do not sell or rent personal information to third parties.

Sub-processors

08

We engage the following sub-processors to operate the Services. Each is bound by contractual obligations to protect data and process it only for the purposes below.

ProviderPurposeData involved
Amazon Web ServicesCloud hosting, database, file storage, and transactional emailCustomer Data, account data, images, logs, support email
WorkOSAuthentication, identity, and sign-in emailsEmail, name, credentials, session and device signals
VercelWeb application hosting, profile/logo image storage, cookieless analyticsRequest metadata, profile pictures and logos
AnthropicAI models powering savitrAI and AI-assisted featuresData you submit to AI features (see Section 5)
Google“Continue with Google” sign-inEmail, name, and avatar from your Google account
UpstashRate limiting to protect the Services from abuseIP address and email, held transiently
DiscordInternal routing of support tickets to our teamSupport message and reporter contact details

We may update this list as our providers change; we will keep it current here and provide notice of material changes as described in Section 14.

Data retention

09

We keep information for as long as needed to provide the Services and for legitimate business and legal purposes. In general:

  • Active Customer Data is retained while your account is active and your organization keeps it.
  • Deleted records are held in a recoverable state for a short window (self-service restore for roughly 30 days, then a support-only grace period) before being permanently purged at around 45 days.
  • Audit logs are retained for security and compliance and archived for up to seven (7) years.
  • Data exports generated from the Services expire and are deleted automatically after about seven (7) days.
  • Operational and security logs are typically retained for around 90 days, and database backups for a rolling recovery window.

When we delete an account, we may anonymize associated records rather than hard-delete them where that is necessary to preserve the integrity of audit history, and we retain information where required by law.

Security

10

We take security seriously and apply administrative, technical, and organizational safeguards, including encryption in transit and at rest, strict tenant isolation, role- and location-based access controls, an append-only audit trail, network protections such as a web application firewall, and rate limiting. No system is perfectly secure, so we cannot guarantee absolute security; you are responsible for keeping your credentials safe and configuring access appropriately.

International data transfers

11

Savitr is based in the United States, and our sub-processors may store and process information in the United States and other countries where they and their infrastructure operate. These countries may have data-protection laws different from those in your location. Where required, we rely on appropriate safeguards, such as standard contractual clauses, for cross-border transfers.

Your privacy rights

12

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to withdraw consent. We do not discriminate against you for exercising these rights.

To exercise a right relating to your Savitr account, contact us at [email protected]. Much of your account information can also be viewed and updated directly within the Services. We will verify your request and respond within the timeframe required by applicable law.

If your request concerns personal information held inside a business's tenant (where we act as a processor), please contact that business directly. On receiving a verified request, we assist our Customers in fulfilling access, correction, and deletion requests.

Children's privacy

13

The Services are intended for business use by adults. They are not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us information, contact us at [email protected] and we will take appropriate steps to delete it.

Changes to this policy

14

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy with a new effective date and, where appropriate, provide additional notice through the Services. Your continued use of the Services after an update takes effect constitutes acceptance of the revised policy.

Contact

15

For privacy questions or requests, contact us at [email protected].

Savitr LLC · a Delaware limited liability company.

RelatedRead the Terms & Conditions →[email protected] →
© 2026 Savitr
AccountsTermsPrivacy
[email protected]
सवितृ