Privacy Policy
1. Who We Are
Sage is operated by Agile Evolutions, a company incorporated under the laws of Canada. We are the data controller for personal information processed through the Service.
This Privacy Policy describes how we collect, use, share, and protect personal information. It is written to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provides additional rights for users in the European Economic Area (under the GDPR) and California (under the CCPA / CPRA).
2. Personal Information We Collect
Account information
When you create an account, our authentication provider Clerk, Inc. collects your name (if provided), email address, and (depending on your sign-up method) authentication tokens from third-party providers such as Google.
Payment information
Payment processing is handled by Stripe, Inc. We do not store credit-card numbers, security codes, or full payment details. We retain a Stripe Customer identifier and limited metadata (subscription status, plan, billing-period dates) needed to operate your account.
Content you create
Ideas, drafts, evaluations, and published posts you create or upload through the Service.
Connected-platform credentials
When you connect LinkedIn, Twitter (X), or Substack accounts, we store encrypted OAuth tokens or session credentials needed to post on your behalf. We do not request or use these credentials for any purpose beyond the operations you authorize.
Usage and diagnostic data
Privacy-respecting page analytics via Cloudflare Web Analytics (no cookies, no cross-site tracking), and sanitized error and diagnostic logs via Sentry. Where reasonably possible, we strip user identifiers from diagnostic data before transmission.
3. How We Use Personal Information
- To provide and maintain the Service;
- To process payments and manage subscriptions;
- To send service-related communications (account, billing, security);
- To monitor and improve performance, security, and reliability;
- To comply with legal obligations;
- To prevent fraud and enforce our Terms of Service.
We do not sell personal information. We do not use Your Content to train AI models. We do not share Your Content with third parties except as required to provide the Service (for example, sending content to an LLM provider for the evaluation or generation you requested).
4. AI Processing
To provide AI-assisted features, we send portions of Your Content to large-language-model providers. These providers process content under their own data-processing terms and do not retain or train on content sent through Sage's application credentials:
- Anthropic — text generation and evaluation; no training on API submissions
- OpenAI — embeddings and supplementary processing; no training on API submissions
- fal.ai — image generation; may retain prompts and generated images per their terms (we do not train models on Sage user data)
5. Third Parties We Share With
We share personal information only with service providers necessary to run Sage:
- Stripe — payment processing (PCI-compliant)
- Clerk — authentication and session management
- Anthropic, OpenAI, fal.ai — AI processing as described in §4
- LinkedIn, Twitter (X), Substack — only the content you choose to publish, only when you authorize a post
- Cloudflare — privacy-respecting analytics, CDN, DDoS protection
- Sentry — error monitoring
- Railway — application hosting
We disclose information when required by law (court order, subpoena, lawful request) and when necessary to protect our rights or the safety of others.
6. Data Retention
We retain account data for as long as your account is active. After account deletion, we retain limited records (billing history, audit logs) only as long as required by law or for legitimate business reasons such as fraud prevention. You may request earlier deletion by emailing support@getqatalyst.com; we will respond within 30 days.
7. International Transfers
Sage's services are hosted in the United States and Canada. Personal information may be processed in either jurisdiction or in any jurisdiction where our service providers operate. Where required, we rely on standard contractual clauses, vendor agreements, and other adequate protection mechanisms.
8. Your Rights
Under PIPEDA (Canada)
You have the right to access personal information we hold about you, to request correction, and to withdraw consent for non-essential processing. Request access by emailing support@getqatalyst.com.
Under GDPR (European Economic Area)
In addition to the rights above, you have rights of erasure, data portability, restriction of processing, and objection. You may also lodge a complaint with a supervisory authority in your country.
Under CCPA / CPRA (California)
You have the right to know what personal information we collect, access it, request deletion, and opt out of sale or sharing of personal information for cross-context behavioral advertising. We do not sell personal information and do not share it for those purposes.
Data export
You may request a machine-readable export of your account data (ideas, drafts, evaluations, subscription metadata) by emailing support@getqatalyst.com. We will provide the export within 30 days at no cost.
To exercise any of these rights, email support@getqatalyst.com. We will respond within the timeframes required by applicable law.
9. Cookies, Local Storage, and Third-Party Assets
Sage uses essential cookies and browser local storage for authentication (Clerk sessions) and for storing temporary state such as checkout intent during sign-up. We do not use advertising or cross-site tracking cookies.
Sage's pages load the Inter font family from Google Fonts'
content-delivery network (fonts.googleapis.com).
Doing so transmits your IP address and User-Agent to Google for
the font request. We do not pass any other personal information
to Google through this request.
10. Children
The Service is not directed to children under 18. If we learn that we have collected personal information from a child under 18, we will delete it.
11. Security
We use reasonable technical and organizational measures to protect personal information, including TLS encryption in transit and at-rest encryption for sensitive credentials. No system is perfectly secure; we cannot guarantee absolute security.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, for material changes, give notice by email or in-product notification at least 14 days before the changes take effect.
13. Contact
Privacy questions or requests: support@getqatalyst.com. Our business address is available on request via email.