Privacy Policy

Last updated: March 1, 2026

iSaid.ai ("we", "our", "us") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

Account Information: When you sign in via Google or Microsoft, we receive your name, email address, and profile picture from your identity provider. We do not receive or store your password.

Usage Data: We track daily usage counts (messages sent, images generated, voice minutes) for plan enforcement and analytics. We do not store the content of your conversations on our servers beyond the duration of a single session.

Integration Data: If you connect email, calendar, tasks, contacts, or files, we store an encrypted OAuth refresh token to maintain access. We access your data only when you explicitly request it through the AI assistant. We do not read, index, or train on your personal data.

Payment Information: Billing is handled by Stripe. We do not store credit card numbers. We retain your Stripe customer ID and subscription status.

2. How We Use Your Information

• To authenticate you and maintain your session
• To enforce usage limits based on your plan
• To execute integration actions you request (e.g., checking email, creating calendar events)
• To process payments and manage subscriptions
• To improve the service and fix bugs

3. Third-Party Services

We use the following third-party services to operate iSaid.ai:

• Cloudflare: Hosting, CDN, and edge compute (Pages, D1, KV, Workers)
• AI Providers: Anthropic (Claude), OpenAI (GPT, DALL-E, TTS/STT), xAI (Grok), Google (Gemini) — your messages are sent to these providers to generate responses. Each provider has its own privacy policy and data handling practices.
• Google & Microsoft: OAuth authentication and Workspace/Graph API access for integrations
• Stripe: Payment processing
• GIPHY/Tenor: GIF search (search queries are sent to these services)

We recommend reviewing each provider's privacy policy for details on how they handle data.

4. Data Storage & Security

Your account data is stored in Cloudflare D1 (SQLite). Integration refresh tokens are encrypted with AES-256-GCM before storage. Session tokens are signed JWTs stored in HttpOnly cookies. All traffic is served over HTTPS.

Conversation content is processed in-memory during your session and sent to AI providers for response generation. We do not persistently store your chat messages on our servers.

5. Data Retention

Account data is retained as long as your account is active. Usage metrics are retained for 90 days. If you delete your account or disconnect an integration, associated tokens are immediately deleted. You may request full account deletion by contacting us.

6. Your Rights

You have the right to:

• Access and export your account data
• Disconnect integrations at any time (which deletes stored tokens)
• Request deletion of your account and all associated data
• Opt out of non-essential data processing

7. Cookies

We use a single session cookie (HttpOnly, Secure, SameSite=Lax) for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children's Privacy

iSaid.ai is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via the app or email. Continued use after changes constitutes acceptance.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at [email protected].