SageOx

Privacy Policy

Last Updated: January 23, 2026

At SageOx, we believe privacy is a fundamental right. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

Information We Collect

Account Information

When you create a SageOx account, we collect:

  • Email address
  • Name
  • Company name (optional)
  • Authentication credentials (securely hashed)

Usage Data

To provide and improve our service, we automatically collect:

  • Log data (IP addresses, browser type, timestamps)
  • Feature usage patterns
  • Performance metrics
  • Error reports and diagnostics

Team Context Data

The data you explicitly choose to share with SageOx:

  • Team norms and conventions
  • Architecture decisions
  • Code patterns and preferences
  • Workflow configurations
  • Ledger entries (work history, decisions)

Important: Your source code stays with your existing providers. We never access or store your full codebase.

How We Use Your Information

We use collected information to:

Service Delivery

  • Provide, maintain, and improve SageOx features
  • Authenticate and authorize access
  • Generate AI-powered insights and recommendations
  • Process your requests and transactions

Communication

  • Send service announcements and updates
  • Respond to support requests
  • Notify about security or privacy issues

Analytics and Improvement

  • Analyze usage patterns to improve features
  • Detect and prevent abuse
  • Monitor system performance and reliability

We do NOT:

  • Train AI models on your proprietary data
  • Sell your data to third parties
  • Use your data for advertising
  • Share your team context with other customers

Data Storage and Security

Encryption

  • At Rest: AES-256 encryption for all stored data
  • In Transit: TLS 1.3 for all network communication

Data Residency

You can choose where your data is stored:

  • United States (default)
  • European Union (available)
  • Additional regions on Enterprise plan

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • SSO/SAML for Enterprise customers
  • Regular security audits

Data Retention and Deletion

Active Data

While your account is active:

  • Account data: Retained for account lifecycle
  • Team context: Retained per your configuration
  • Usage data: Retained per plan (7-30 days for logs)

Account Deletion

When you delete your account:

  • All team context data is deleted within 30 days
  • Account information is deleted within 90 days
  • Some data may be retained for legal compliance (audit logs, billing records)

Manual Deletion

You can delete specific data at any time:

  • Individual ledger entries
  • Team context documents
  • Workflow configurations

Visit your account settings or contact support at privacy@sageox.ai for assistance.

Third-Party Services

SageOx uses carefully selected third-party services:

Infrastructure

  • Cloud hosting: AWS (data processing and storage)
  • Authentication: Better Auth (open-source, self-hosted)
  • Monitoring: Observability tools for system health

Integrations (Optional)

  • Version control: GitHub, GitLab (OAuth only, no credential storage)
  • Communication: Slack, Teams (when you enable integrations)

We require all third-party providers to maintain appropriate security and privacy standards.

Cookies and Tracking

Essential Cookies

Required for service functionality:

  • Authentication tokens
  • Session management
  • Security preferences

Analytics Cookies

We use privacy-focused analytics to understand usage patterns:

  • No cross-site tracking
  • No third-party advertising cookies
  • Anonymized aggregate data only

You can disable analytics cookies in your browser settings without affecting service functionality.

Your Rights

Under applicable privacy laws (GDPR, CCPA, etc.), you have the right to:

Access

Request a copy of your data in machine-readable format.

Correction

Update or correct inaccurate information.

Deletion

Request deletion of your data (subject to legal retention requirements).

Portability

Export your data to use with other services.

Objection

Object to certain data processing activities.

Restriction

Request temporary restriction of data processing.

To exercise these rights, contact privacy@sageox.ai.

Children's Privacy

SageOx is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe we have collected data from a child, contact us immediately at privacy@sageox.ai.

International Data Transfers

If you access SageOx from outside your chosen data residency region, your information may be transferred internationally. We use standard contractual clauses and other safeguards to protect your data during transfers.

Changes to This Policy

We may update this Privacy Policy to reflect:

  • Service changes or new features
  • Legal or regulatory requirements
  • Industry best practices

We'll notify you of material changes via:

  • Email to your registered address
  • In-app notification
  • Update to "Last Updated" date above

Continued use of SageOx after changes indicates acceptance of the updated policy.

Data Processing Agreement

Enterprise customers can request a Data Processing Agreement (DPA) that specifies:

  • Roles and responsibilities
  • Data processing activities
  • Security measures
  • Subprocessor disclosures
  • Compliance obligations

Contact sales@sageox.ai for DPA requests.

Contact Us

For privacy questions, concerns, or requests:

Email: privacy@sageox.ai

Mail: SageOx, Inc. Privacy Team [Address will be updated when available]

Response Time: We aim to respond to privacy requests within 30 days.

Compliance

SageOx is committed to:

  • GDPR: EU General Data Protection Regulation compliance
  • CCPA: California Consumer Privacy Act compliance
  • SOC 2: Security and privacy controls (in progress)

For detailed compliance documentation, contact compliance@sageox.ai.