Saykai

Privacy Policy

Effective: December 11, 2025 Last updated: December 11, 2025

This Privacy Policy describes how Saykai LLC ("Saykai," "we," "us," "our") collects, uses, shares, and protects information when you visit our websites, use our products and services, or otherwise interact with us (collectively, the "Services").

If you have questions or want to exercise privacy rights, contact us at privacy@saykai.com.

1. Scope

This Privacy Policy applies to:

  • Visitors to our websites and marketing pages
  • Users of our Services, including any web app, APIs, SDKs, and CLI
  • People who request demos, pilots, trials, or information
  • People who communicate with us (support, email, forms, events)

This Privacy Policy does not apply to third-party websites, products, or services you may access through links or integrations.

Customer-controlled data

When a business customer uses Saykai, the customer may provide or make available data to the Services. In that context:

  • The customer is typically the controller (or business)
  • Saykai is typically a processor (or service provider) processing data on the customer’s instructions under the applicable agreement (including any Data Processing Addendum, if applicable)

If you are an end user interacting with a customer’s deployment and you have questions about that customer’s data practices, contact the customer directly.

2. Definitions

  • Personal Data means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual.
  • Customer Content means data submitted to the Services by or on behalf of a customer, which may include scenarios, logs, traces, replay sessions, prompts, tool calls, model inputs and outputs, evaluation artifacts, Safety Specs, Safety Packs, configurations, and related metadata.
  • Account Data means information used to create and manage an account and permissions.
  • Usage Data means information about how the Services are accessed and used, including performance and security telemetry.
  • De-identified Data means data that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual.

3. Information we collect

A. Information you provide

We collect information you provide directly, such as:

  • Contact information: name, email address, phone number, company, job title
  • Account information: login credentials or authentication identifiers, role and access settings, organization details
  • Billing and subscription information: billing contact details and subscription details (payment information is typically handled by a payment processor)
  • Communications: messages, requests, and other information you send to us (support tickets, emails, chat messages, forms, or feedback)
  • Event and marketing information: webinar registrations, preferences, and interactions with our communications

B. Information collected automatically

When you use the Services, we may automatically collect:

  • Device and connection information: IP address, device type, operating system, browser type, language settings, and approximate location derived from IP address
  • Usage Data: pages visited, features used, clicks, time spent, referrer URLs, and interactions with the Services
  • Security and audit logs: login events, access logs, and administrative actions (including actions taken within an organization workspace)
  • Error and performance data: diagnostic logs, crash reports, and performance metrics

C. Cookies and similar technologies

We may use cookies and similar technologies (such as pixels, SDKs, local storage, and server-side logging) for:

  • Authentication and session management
  • Preferences and settings
  • Analytics and service performance
  • Security and fraud prevention
  • Marketing measurement (where applicable)

See the Cookies section for more detail.

D. Information from third parties

We may receive information from:

  • Identity providers if you use SSO
  • Service providers that support our operations (hosting, analytics, communications, customer support, security, payments)
  • Partners and event co-sponsors (where permitted by law)
  • Public sources (for example, professional profiles) where permitted by law

E. Customer Content

Customers may submit Customer Content that can include Personal Data depending on what the customer provides. We process Customer Content to provide the Services and as instructed by the customer under the applicable agreement.

4. How we use information

We use information to:

A. Provide and operate the Services

  • Create and administer accounts
  • Authenticate users and enforce access controls
  • Provide requested features and functionality
  • Process payments and manage subscriptions
  • Provide onboarding and implementation support

B. Run evaluations and produce artifacts

For customers using the platform, this may include:

  • Executing Safety Packs and validating Safety Specs
  • Evaluating scenarios and log replays
  • Generating verdicts, reports, metrics, and audit artifacts

C. Secure and protect the Services

  • Monitor for misuse, fraud, and security threats
  • Maintain audit logs and incident response capabilities
  • Enforce policies and contractual requirements

D. Improve and develop the Services

  • Debug, test, and improve performance and reliability
  • Analyze usage trends and feature adoption
  • Develop new features and capabilities

We may use aggregated or de-identified information for analytics and improvements.

E. Communicate with you

  • Respond to requests and provide support
  • Send service and security notices
  • Send marketing communications where permitted (you can opt out at any time)

F. Comply with legal obligations

  • Comply with applicable laws and lawful requests
  • Resolve disputes and enforce agreements
  • Protect the rights, safety, and property of Saykai, our customers, and others

5. Customer Content and model-related data

A. How we process Customer Content

We process Customer Content to provide and secure the Services, including generating evaluation outcomes and reports.

B. Training and improvement

By default, we do not use Customer Content to train or improve general-purpose models that are shared across customers.

We may process Customer Content to:

  • Provide the Services to the customer
  • Troubleshoot issues and support the customer’s deployment (for example, at the customer’s request)
  • Maintain the security and integrity of the Services

If we ever offer an optional program that uses Customer Content to improve shared models or shared capabilities beyond a customer’s deployment, we will describe it and provide appropriate controls.

C. Data minimization and redaction

Customers control what they submit. We recommend avoiding submission of sensitive Personal Data unless necessary for the customer’s intended use. Where available, we may offer or recommend redaction, hashing, filtering, or minimization approaches.

6. Legal bases for processing (EEA, UK, Switzerland)

If you are in the EEA, UK, or Switzerland, we process Personal Data based on:

  • Contract: to provide the Services you request
  • Legitimate interests: to operate, secure, and improve the Services, and communicate with you (balanced against your rights)
  • Consent: where required (for example, certain cookies or marketing)
  • Legal obligation: to comply with applicable laws

7. Cookies and similar technologies

We use cookies and similar technologies for:

  • Essential functions: authentication, session management, load balancing, and security
  • Preferences: remembering settings
  • Analytics: understanding usage and improving performance
  • Marketing measurement: measuring campaign effectiveness (where applicable)

You can control cookies through browser settings. Where required by law, we also provide a mechanism to manage cookie preferences.

If you disable cookies, some parts of the Services may not work properly.

Some browsers offer a "Do Not Track" signal. Because there is no consistent industry standard for responding to these signals, we do not respond to them where not legally required.

8. How we share information

We may share information as follows:

A. Service providers and subprocessors

We share information with vendors that help us operate the Services (for example, hosting, analytics, security, communications, support, and payment processing). These vendors are permitted to process information only to provide services to us and under contractual confidentiality and security obligations.

For Customer Content, we may use subprocessors under customer agreements. We maintain a list of subprocessors and will provide it on request or through a published subprocessor notice (where applicable).

B. Integrations and customer direction

If you enable integrations or direct us to share information, we will do so consistent with your instructions and applicable agreements.

C. Corporate transactions

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed as part of that transaction, subject to standard confidentiality protections.

D. Legal, safety, and enforcement

We may disclose information to comply with law or lawful requests, or when we believe disclosure is necessary to:

  • Protect the rights, property, or safety of Saykai, our customers, users, or others
  • Enforce contracts and policies
  • Detect, prevent, or address fraud, security, or technical issues

9. Data retention

We retain information only as long as reasonably necessary for the purposes described in this Policy, including providing the Services, maintaining security, meeting legal obligations, and resolving disputes.

Account Data

We generally retain Account Data for as long as the account is active. After account closure, we may retain limited information as needed for legal compliance, billing, security, and fraud prevention.

Customer Content

Customer Content is retained according to the customer’s instructions and the applicable agreement. Customers may request deletion or configure retention where supported, subject to legal requirements and reasonable technical limitations.

Backups

Information may remain in backups for a limited period as part of routine backup and disaster recovery practices.

10. Security

We maintain administrative, technical, and organizational safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. No system is completely secure. You are responsible for maintaining the confidentiality of your credentials and for any activity that occurs under your account.

11. International data transfers

We may process and store information in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for international transfers, such as Standard Contractual Clauses and additional protections as appropriate.

12. Your choices and privacy rights

A. Account settings

You may be able to access, update, or delete certain information through your account settings.

B. Marketing communications

You can opt out of marketing emails using the unsubscribe link in our messages. Even if you opt out, we may still send non-marketing communications, such as service and security notices.

C. Cookies

You can control cookies as described in the Cookies section.

D. Requests related to Customer Content

If we process Personal Data on behalf of a customer, the customer controls that data. We may refer you to the customer to fulfill your request.

13. U.S. state privacy disclosures

This section provides additional disclosures for residents of certain U.S. states, including California.

A. Categories of Personal Data we collect

Depending on how you interact with us, we may collect:

  • Identifiers (name, email, IP address)
  • Professional information (company, title)
  • Commercial information (subscription and billing details)
  • Internet or network activity (Usage Data and logs)
  • Approximate location (derived from IP address)
  • Inferences drawn from interactions (such as product interests)

B. Purposes for collection

We use Personal Data for the purposes described in Section 4.

C. Sale, sharing, and targeted advertising

We do not sell Personal Data for money.

We may use analytics and marketing tools that, depending on how they operate and your jurisdiction, could be considered "sharing" for cross-context behavioral advertising. Where required, we provide appropriate choices, including opt outs for targeted advertising.

D. Your rights

Depending on your state, you may have rights to:

  • Access and obtain a copy of your Personal Data
  • Correct inaccurate Personal Data
  • Delete Personal Data
  • Opt out of certain processing, including targeted advertising (where applicable)
  • Appeal a decision on a privacy request (where required)

We will verify requests as required by law. Authorized agents may submit requests where permitted by law.

We will not discriminate against you for exercising your rights.

14. GDPR rights (EEA, UK, Switzerland)

If you are in the EEA, UK, or Switzerland, you may have rights to:

  • Access, correct, or delete your Personal Data
  • Restrict or object to certain processing
  • Data portability (in certain circumstances)
  • Withdraw consent where processing is based on consent

You also have the right to lodge a complaint with your local data protection authority.

15. Children’s privacy

The Services are not directed to children, and we do not knowingly collect Personal Data from children under 13 (or under 16 where applicable). If you believe a child has provided Personal Data, contact us and we will take appropriate steps to delete it.

16. Third-party links and services

The Services may include links to third-party sites or services, or enable integrations. Third-party privacy practices are governed by their own policies. We are not responsible for third-party privacy practices.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Services or by other appropriate means. The "Last updated" date reflects the most recent revision.

18. Contact us

To contact us about privacy or to exercise privacy rights: