Sagedesk Logosagedesk

Sagedesk Privacy Policy

Last Updated: 2025-04-27

1. Introduction

Welcome to Sagedesk, a service provided under Philippine jurisdiction. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you access or use Sagedesk. By accessing or using Sagedesk, you agree to the terms of this Privacy Policy.

If you do not agree with any part of this Privacy Policy, you must not access or use Sagedesk.

2. Information We Collect

2.1. Information You Provide

  • Account Information: When you create an account, we collect details such as your name, email address, and password hash.
  • Profile Information (OAuth): If you sign up using Google OAuth, we collect your Google profile name, email, and profile picture.
  • User Content: We collect the study materials (like PDFs, text, URLs) and any other content you upload or submit when using Sagedesk, including your interactions with the AI features (prompts and responses).

2.2. Information Collected Automatically

  • Usage Data: We collect information about how you interact with Sagedesk, such as pages visited, features used, timestamps, and interaction patterns.
  • Device and Connection Information: We collect information like your IP address, operating system, browser type, and device identifiers when you access Sagedesk.
  • Cookies and Similar Technologies: We use secure, HTTP-only cookies for session management and may use similar technologies to understand usage and improve your experience (e.g., remembering theme preferences).

2.3. Information from Third Parties

We utilize third-party services (listed in Section 4) essential for Sagedesk's operation. These services may process data according to their own privacy policies.

3. How We Use Your Information

We use the personal information we collect for various purposes, including:

  • Providing and Improving the Service: To manage your account, store your materials, provide AI chat functionality, process your requests, maintain and enhance Sagedesk's features, and develop new ones.
  • Personalization: To tailor your experience, such as customizing AI suggestions or remembering UI preferences (e.g., theme).
  • Analytics and Performance: To analyze aggregated usage patterns (via Supabase analytics), diagnose technical issues, monitor for suspicious activity, and improve the overall performance and security of Sagedesk.
  • Communication: To respond to your inquiries and provide support if needed.
  • Legal and Compliance: To comply with applicable Philippine laws (including the Data Privacy Act of 2012, RA 10173) and legal obligations, and to enforce our Terms of Service.

4. Disclosure of Your Information

We do not sell or rent your personal information. We share data only as necessary with the following categories of third parties:

  • Service Providers: We share information with third-party service providers who perform essential functions for Sagedesk, such as Supabase (Authentication, Database, Storage, Analytics), OpenAI/OpenRouter (AI Processing), LangSmith (AI Tracing), and Google (OAuth). These providers are authorized to use your information only as necessary to provide services to us.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets involving Sagedesk, your personal information may be transferred or disclosed as part of the transaction, subject to appropriate confidentiality arrangements.
  • Legal Requirements: We may disclose your information to the National Privacy Commission (NPC), law enforcement, government authorities, or other third parties when legally compelled to do so under Philippine law (RA 10173 and its IRR), or when necessary to protect our rights, property, or safety, or respond to an emergency.
  • Consent: We may share your information for other purposes disclosed to you at the time of collection or with your explicit consent (e.g., for optional features like email newsletters).

5. Data Retention

  • Account Information: Retained until you delete your account, unless longer retention is required by law.
  • User Content and Usage Logs: Retained for a period necessary to provide the service, support debugging, and analyze usage patterns (generally up to 2 years), after which it may be deleted or anonymized.

When we no longer need your personal information for the stated purposes, we take reasonable steps to securely delete or de-identify it.

6. Security

We implement reasonable technical and organizational measures to protect your personal information:

  • Technical Measures: Use of HTTPS encryption for data transmission, secure HTTP-only cookies for session management.
  • Organizational Measures: Access to personal data is limited to authorized personnel who require it for their job functions.

However, no method of data transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. International Data Transfers

Sagedesk operates under Philippine jurisdiction. While our primary operations and user base may be within the Philippines, some of our third-party service providers (e.g., Supabase, OpenAI, Google) may process data in other countries, including the United States. When your data is transferred internationally, we rely on the safeguards provided by these reputable service providers, who typically adhere to international data protection standards and frameworks. We ensure that any transfer complies with the requirements of RA 10173.

8. Children's Privacy

Sagedesk is not intended for use by individuals under the age of 18 (or the age of legal majority in their jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected personal information from a child, please contact us immediately so we can take steps to delete the information.

9. Your Rights and Choices (Under RA 10173)

Under the Philippine Data Privacy Act of 2012 (RA 10173), you have specific rights regarding your personal data:

  • Right to be Informed: Be informed about the collection and processing of your personal data.
  • Right to Access: Request access to the personal information we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure or Blocking: Request the deletion or blocking of your personal data under certain conditions ("right to be forgotten").
  • Right to Object: Object to the processing of your personal data for direct marketing or under specific circumstances.
  • Right to Data Portability: Obtain a copy of your data (specifically user-provided content like study materials) in a structured, commonly used, and machine-readable format where processing is based on consent or contract.
  • Right to Damages: Be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data.
  • Right to File a Complaint: Lodge a complaint with the National Privacy Commission (NPC) if you believe your data privacy rights have been violated.

To exercise these rights or for any privacy-related inquiries, please contact Sagedesk's designated Data Protection contact (details should be provided, e.g., via a contact form or email address - [Insert Contact Method Here, e.g., privacy@sagedesk.com]). We will respond to your requests in accordance with RA 10173.

10. Third-Party Links and Services

Sagedesk relies on integrations with third-party services (as listed in Section 4). While we integrate these services, we are not responsible for their independent privacy practices. This Privacy Policy does not cover data handling by these third parties once you interact directly with them or leave our service. We encourage you to review their respective privacy policies.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, service features, or legal requirements (including RA 10173). When we make changes, we will revise the "Last Updated" date at the top of this policy. For significant changes, we will provide more prominent notice, such as via email or a notification within the Sagedesk application. Your continued use of Sagedesk after such changes constitutes your acceptance of the revised Privacy Policy.