Privacy Policy

Saishuu, Inc. ("Saishuu", "Company", "we", "us", or "our") provides Lucy (the "Service") an AI chief of staff. This Privacy Policy describes how we collect, use, disclose, and protect information about you. If you do not agree with this policy, do not use the Service.

Last Updated: April 7, 2026

Our Role

We act as a controller for personal data we collect about our own users, site visitors, and contacts (e.g., account, billing, support). For Customer Content that you or your organization submit to the Service, we act as a processor/service provider and process such data only on documented instructions to provide the Service, consistent with our Data Processing Addendum (if applicable).

Information We Collect

We collect the following categories of information:

  • Account Information: name, email address, authentication identifiers, organization and project details, billing contact, and preferences.
  • Usage Data: app interaction data, logs, device/browser information, IP address, and approximate location derived from IP.
  • Customer Content: data you or your organization submit, upload, or process via the Service (e.g., prompts, inputs, outputs, files, configuration). You control the content you provide.
  • Payment Information: if applicable, limited billing details and payment tokens processed by our payment provider. We do not store full payment card numbers.
  • Cookies and Similar Technologies: to remember settings, authenticate sessions, analyze usage, and improve the Service.

Sources of Information

  • Directly from you (e.g., account creation, support, in‑product input).
  • Automatically from your device and use of the Service (e.g., logs, analytics).
  • From third parties you authorize (e.g., identity provider, integrations).

How We Use Information

We use information to:

  • Provide, operate, maintain, and secure the Service.
  • Authenticate users and authorize access.
  • Process transactions and send related communications.
  • Analyze usage and improve features, performance, and user experience.
  • Provide support and respond to inquiries.
  • Enforce terms, prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.
  • With consent, send marketing or promotional communications (you can opt out).

Customer Content vs. Telemetry

We do not use Customer Content directly to train machine learning models or for product improvements unrelated to providing your configured use of the Service. We may use de‑identified or aggregated telemetry (e.g., performance metrics, feature usage) to operate and improve the Service.

De‑Identified, Aggregated, and Synthetic Data (Opt‑out Available)

By default, we may generate and use de‑identified, aggregated, or synthetic datasets derived from Customer Content to operate, secure, and improve the Service, to evaluate and train models used to provide the Service, and to develop new features and services. These datasets do not contain personal information. We maintain and use de‑identified data only in de‑identified form, implement safeguards to minimize re‑identification risk, require recipients (e.g., subprocessors) to do the same, and do not attempt to re‑identify individuals. We do not sell or share personal information. You may opt out by emailing privacy@saishuu.ai; we will honor opt‑out requests on a go‑forward basis within 30 days. We may continue to use previously generated de‑identified datasets that do not contain personal information.

Legal Bases (EEA/UK/Similar Jurisdictions)

Where GDPR or similar laws apply, we process personal data under these legal bases:

  • Performance of a contract (to provide the Service).
  • Legitimate interests (e.g., improve and secure the Service, prevent abuse).
  • Consent (e.g., certain cookies or marketing communications).
  • Compliance with legal obligations.

Sharing and Disclosure

We may share information with:

  • Service Providers and Subprocessors: vendors who assist in operations (e.g., hosting, analytics, email, payments, logging). We require appropriate security and confidentiality.
  • Integrations and Third‑Party Services: when you connect or instruct us to share (subject to their terms and policies).
  • Affiliates and Corporate Transactions: in connection with a merger, acquisition, or sale of assets.
  • Legal and Safety: to comply with law, lawful requests, or to protect rights, safety, and property of Company, users, or the public. We do not sell personal information.

See our current list of subprocessors: /subprocessors

Payment Processing

Payments are processed by Stripe or a similar provider. We share only the minimum necessary information to process payments. We do not store full payment card numbers.

International Transfers

We may transfer personal data to countries with different data protection laws. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses). Contact us for more information.

Data Location and Residency

By default, Customer Content is stored in per‑tenant databases located in the United States. Backups are also stored in the United States. Upon request and subject to availability and additional charges, we may enable data storage and/or replication in other regions supported by our vendors. Changing a primary data region may require coordination and maintenance windows and may incur additional fees.

Data Retention

We retain personal data for as long as necessary to provide the Service and for legitimate business purposes (e.g., security, legal compliance), then delete or anonymize it. Specific retention periods may vary based on data type and applicable laws. Unless otherwise agreed:

  • Application data: retained for the life of the account and deleted within 30 days after account termination (subject to backup cycles).
  • Logs: retained for approximately 90 days.
  • Backups: retained for approximately 35 days.
  • Termination for non‑payment: following termination 30 days past due, we retain a backup for an additional 30 days before deletion.

Security

We implement reasonable technical and organizational measures to protect personal data, including encryption in transit and at rest where supported by our infrastructure. However, no system is 100% secure. You are responsible for maintaining the confidentiality of your credentials. If we become aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, we will notify affected customers without undue delay, in accordance with applicable law.

Your Rights

Depending on your location and applicable law, you may have rights to access, correct, update, delete, or port your personal data, to object to or restrict processing, and to withdraw consent where applicable. To exercise rights, contact privacy@saishuu.ai. We will respond as required by applicable law. We may ask you to verify your identity. Where permitted by law, you may use an authorized agent to submit a request on your behalf. If we deny a request, we will provide appeal instructions where required by law.

Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, analytics, and improving the Service. You can control cookies through your browser settings. Where required, we will request your consent for non‑essential cookies.

Do Not Track

Some browsers include a "Do Not Track" (DNT) setting. Because there is no common understanding of how to interpret the DNT signal, we do not currently respond to DNT browser signals.

Children's Privacy

The Service is not directed to children under 16 (or a higher age where required by law). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us to delete it.

Data Processing Addendum (DPA)

If we process personal data on your behalf as a processor, a DPA may apply. Contact us at legal@saishuu.ai to request a copy.

Automated Decision-Making and Profiling

We do not use automated decision-making that produces legal or similarly significant effects without human involvement. If we introduce such processing, we will provide required notices and choices.

Sensitive Personal Information

We do not seek to collect sensitive personal information (e.g., precise geolocation, health, biometric templates) unless necessary for the Service and permitted by law. Please do not submit sensitive data unless requested.

Financial Incentives

We do not offer programs that provide financial incentives for personal information. If we introduce such programs, we will provide a summary of the material terms as required by law.

Changes to This Policy

We may update this Privacy Policy from time to time. We will post updates here and update the Effective Date above. We will provide additional notice for material changes where required by law. Your continued use of the Service after changes take effect constitutes acceptance.

Region‑Specific Disclosures

Where required by local law:

  • EEA/UK: You may lodge a complaint with your local supervisory authority.
  • California (CPRA): We describe categories of personal information collected, purposes, and disclosures above. We do not sell or share personal information as defined by CPRA. You have the right to know, delete, correct, and limit use of sensitive information, and to opt-out of certain uses. You may exercise rights via privacy@saishuu.ai or an authorized agent.

Contact

For questions or requests regarding privacy, contact us at:

Saishuu, Inc. 1908 Thomes Ave STE 12537, Cheyenne, WY 82001, USA

privacy@saishuu.ai

For security concerns or reports, contact us at: security@saishuu.ai