Privacy Policy
This policy explains what information Savitr collects, how we use and share it, how long we keep it, and the choices and rights you have. It covers our websites, apps, and the savitrAI features.
Overview
01Savitr LLC (“Savitr,” “we,” or “us”), a Delaware limited liability company, provides a multi-tenant operations platform: the operating software a business runs on, the data layer that reads it back, and the savitrAI assistant. This Privacy Policy describes how we handle information in connection with the Services described in our Terms & Conditions.
Savitr is a business-to-business product. It is not directed to consumers, and we do not knowingly use the Services to collect information directly from the general public.
Our role: controller & processor
02We handle information in two different roles, and your rights depend on which applies:
- As a controller: for account and identity information (such as the email and name used to sign in), billing information, support requests, and information about how the Services are accessed and secured. We decide how this information is used to run and protect our business.
- As a processor: for the business records a Customer puts into its tenant (“Customer Data”), including information about the Customer's own customers and suppliers. We process this data on the Customer's behalf and under its instructions.
If your personal information appears inside a Customer's tenant (for example because you are a customer or supplier of a business that uses Savitr), that business is the controller. Please direct access or deletion requests to them; we will support them in responding.
Information we collect
03Account & identity information
When an account is created or used, we process your email address, first and last name, and, if you sign in with Google or upload one, a profile picture. Authentication is handled by our identity provider; Savitr never stores your password. We also process organization and role information that determines what you can access.
Customer Data you submit
The Services store the business records you enter (products, inventory, locations, transfers, orders, documents, and invoices), as well as contact details you choose to add about your customers and suppliers (such as name, email, phone, and address) and location coordinates for your sites. You control this data.
Usage, device & log information
To operate and secure the Services, we and our providers process technical information such as IP address, browser and device details, and timestamps. We maintain an append-only audit log of significant actions within a tenant, which records the acting user, their IP address, and user agent for security and accountability.
Support information
If you contact support or report a problem, we process the message and any diagnostic details you include, along with your name and email, to respond and resolve the issue.
Billing information
For paid plans, we process billing and transaction details. When electronic payment becomes available, card details are handled by a third-party payment processor, not stored by Savitr.
How we use information
04We use information to:
- provide, maintain, and secure the Services and authenticate users;
- operate features you use, including savitrAI, analytics, and documents;
- respond to support requests and communicate about the Services;
- detect, prevent, and investigate fraud, abuse, security incidents, and violations of our Terms;
- process payments and manage billing;
- comply with legal obligations and enforce our agreements; and
- understand and improve the Services, including through aggregated or de-identified analysis that does not identify you.
We do not sell personal information, and we do not use the Services to serve advertising or for cross-context behavioral advertising.
AI features & Anthropic
05savitrAI and related AI features are powered by Anthropic (the maker of Claude), which acts as a sub-processor. When you use these features, relevant Customer Data (for example the product, inventory, order, or contact records you are authorized to see) is transmitted to Anthropic to generate a response. The product-name normalization feature similarly sends the name being entered along with a sample of your existing catalog names.
These features operate within your existing permissions: savitrAI can only read or act on data the signed-in user can already access, and any action that writes or changes data requires your explicit confirmation. Anthropic processes this data under its commercial terms to return results to you.
AI output can be inaccurate or incomplete and should be reviewed before you rely on it. Avoid submitting information to AI features that you do not want processed by our AI sub-processor.
Sub-processors
08We engage the following sub-processors to operate the Services. Each is bound by contractual obligations to protect data and process it only for the purposes below.
| Provider | Purpose | Data involved |
|---|---|---|
| Amazon Web Services | Cloud hosting, database, file storage, and transactional email | Customer Data, account data, images, logs, support email |
| WorkOS | Authentication, identity, and sign-in emails | Email, name, credentials, session and device signals |
| Vercel | Web application hosting, profile/logo image storage, cookieless analytics | Request metadata, profile pictures and logos |
| Anthropic | AI models powering savitrAI and AI-assisted features | Data you submit to AI features (see Section 5) |
| “Continue with Google” sign-in | Email, name, and avatar from your Google account | |
| Upstash | Rate limiting to protect the Services from abuse | IP address and email, held transiently |
| Discord | Internal routing of support tickets to our team | Support message and reporter contact details |
We may update this list as our providers change; we will keep it current here and provide notice of material changes as described in Section 14.
Data retention
09We keep information for as long as needed to provide the Services and for legitimate business and legal purposes. In general:
- Active Customer Data is retained while your account is active and your organization keeps it.
- Deleted records are held in a recoverable state for a short window (self-service restore for roughly 30 days, then a support-only grace period) before being permanently purged at around 45 days.
- Audit logs are retained for security and compliance and archived for up to seven (7) years.
- Data exports generated from the Services expire and are deleted automatically after about seven (7) days.
- Operational and security logs are typically retained for around 90 days, and database backups for a rolling recovery window.
When we delete an account, we may anonymize associated records rather than hard-delete them where that is necessary to preserve the integrity of audit history, and we retain information where required by law.
Security
10We take security seriously and apply administrative, technical, and organizational safeguards, including encryption in transit and at rest, strict tenant isolation, role- and location-based access controls, an append-only audit trail, network protections such as a web application firewall, and rate limiting. No system is perfectly secure, so we cannot guarantee absolute security; you are responsible for keeping your credentials safe and configuring access appropriately.
International data transfers
11Savitr is based in the United States, and our sub-processors may store and process information in the United States and other countries where they and their infrastructure operate. These countries may have data-protection laws different from those in your location. Where required, we rely on appropriate safeguards, such as standard contractual clauses, for cross-border transfers.
Your privacy rights
12Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to withdraw consent. We do not discriminate against you for exercising these rights.
To exercise a right relating to your Savitr account, contact us at [email protected]. Much of your account information can also be viewed and updated directly within the Services. We will verify your request and respond within the timeframe required by applicable law.
If your request concerns personal information held inside a business's tenant (where we act as a processor), please contact that business directly. On receiving a verified request, we assist our Customers in fulfilling access, correction, and deletion requests.
Children's privacy
13The Services are intended for business use by adults. They are not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us information, contact us at [email protected] and we will take appropriate steps to delete it.
Changes to this policy
14We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy with a new effective date and, where appropriate, provide additional notice through the Services. Your continued use of the Services after an update takes effect constitutes acceptance of the revised policy.
Contact
15For privacy questions or requests, contact us at [email protected].
Savitr LLC · a Delaware limited liability company.