1. Information We Collect
Account Information
When you create an account, we collect:
- Name and email address for identification and communication
- Business name and vertical to configure your agent team
- Password (stored as a salted hash, never in plaintext)
Usage Data
We automatically collect information about how you interact with the platform:
- Features used, pages visited, and session duration
- Agent interactions and conversation metadata (not content, unless consented)
- Error logs and performance metrics
- Device type, browser, and IP address
Conversations
Messages you send to AI agents are processed to generate responses. Conversation content is stored in your workspace database and is accessible only to your account.
2. How We Use Your Data
- Provide and improve the platform — powering AI responses, personalizing your experience, and fixing bugs
- Train and improve AI models — only with your explicit consent and only using anonymized, aggregated data
- Security and fraud prevention — detecting abuse, unauthorized access, and maintaining platform integrity
- Communication — sending service updates, security alerts, and (with consent) product announcements
3. What We Do NOT Do
We take your privacy seriously. Here is what we will never do:
- We do NOT sell your data to third parties, advertisers, or data brokers. Ever.
- We do NOT share your data with third parties for their marketing purposes.
- We do NOT use financial data (tax returns, invoices, financial statements) for model training.
- We do NOT use health or medical data (patient records, diagnoses, treatment plans) for model training.
- We do NOT use legal case data (client files, legal documents, privileged communications) for model training.
- We do NOT access your conversations unless required for support you initiated, or compelled by law.
4. Data Retention and Deletion
Your data is retained for as long as your account is active. You have the right to:
- Export your data at any time via your account settings
- Delete your conversations individually or in bulk
- Delete your account entirely, which will permanently remove all associated data within 30 days
- Request a copy of all data we hold about you
After account deletion, anonymized aggregate statistics (e.g., total message counts) may be retained, but no personally identifiable information.
5. Cookies and Tracking
We use minimal cookies necessary for the platform to function:
- Session cookies — to keep you logged in
- Preference cookies — to remember your theme and settings
- Trial session cookies — to maintain your trial experience
We do not use third-party tracking cookies, advertising pixels, or cross-site trackers. We do not participate in ad networks.
6. Beta Terms
During the free beta period, use of the platform constitutes consent to the collection and analysis of anonymized usage data to improve the service. This data is limited to interaction patterns and feature usage — not the content of your conversations or uploaded documents.
Beta participants may opt out of usage data collection at any time via account settings, though this may limit access to certain beta features.
7. HIPAA Notice for Healthcare Verticals
Important: If you use CTRL-A in a healthcare setting, please read this section carefully.
CTRL-A is not currently HIPAA-certified. While we implement strong security measures including encryption at rest and in transit, access controls, and audit logging, we have not yet completed formal HIPAA compliance certification.
If you operate in a healthcare vertical:
- Do not input Protected Health Information (PHI) into AI conversations unless you have a signed Business Associate Agreement (BAA) with us
- Contact us at support@sageaaa.com to discuss BAA arrangements for your organization
- Use the platform's built-in guardrails to prevent accidental PHI disclosure
- We are actively pursuing HIPAA compliance and will update this policy upon certification
8. Security
We protect your data using:
- Encryption in transit (TLS 1.2+) and at rest
- API key authentication and JWT-based session management
- Rate limiting and abuse detection
- Regular security audits and dependency updates
- Isolated workspace databases per tenant
9. Contact for Privacy Concerns
If you have any questions about this privacy policy or your data, contact us:
We aim to respond to all privacy-related inquiries within 5 business days.