PRIVACY
POLICY

Saint Vision Technologies LLC
221 Main Street, Suite J
Huntington Beach, CA 92648
United States

Email: legal@saintsallabs.com
Privacy Contact: legal@saintsallabs.com

Information you provide directly:

• ·Account registration: name, email address, password
• ·Business profile: company name, industry, business goals (Business DNA)
• ·Payment information: processed securely via Stripe — we never store card numbers
• ·Communications: messages sent through our platform, support requests

Information collected automatically:

• ·Usage data: screens visited, features used, session duration
• ·Device information: device type, OS version, app version
• ·IP address and approximate location (country/city level)
• ·Compute usage: AI generation minutes consumed per session
• ·UTM parameters: marketing attribution data (source, medium, campaign)

AI conversation data:

• ·Messages you send to our AI systems (Claude, GPT, Gemini, Grok)
• ·AI-generated responses and content you create
• ·Builder projects, saved builds, and version history
• ·Vertical preferences and conversation history per vertical

• ·Provide, operate, and improve SaintSal™ Labs services
• ·Process payments and manage subscriptions via Stripe
• ·Deliver AI-powered responses using third-party AI providers
• ·Track and enforce compute minute quotas and tier limits
• ·Send transactional emails (receipts, security alerts, plan changes)
• ·Send marketing communications (only with your consent)
• ·Analyze aggregate usage patterns to improve the platform
• ·Comply with legal obligations and enforce our Terms of Service
• ·Prevent fraud, abuse, and unauthorized access

SaintSal™ Labs routes your conversations to multiple third-party AI providers depending on your plan tier and selected vertical. By using our platform, you acknowledge:

• ·Free/Starter tier: messages processed by Google Gemini 2.0 Flash
• ·Pro/Teams tier: messages processed by Anthropic Claude (claude-sonnet-4-6)
• ·Enterprise tier: messages processed by Anthropic Claude (claude-opus-4-6)
• ·Global Intelligence vertical: messages processed by xAI Grok
• ·Search queries: processed by Perplexity, Tavily, and/or Exa
• ·Voice features: audio processed by ElevenLabs
• ·Image generation: processed by OpenAI DALL-E 3

Important: Do not share sensitive personal information, protected health information (PHI), confidential business secrets, or personally identifiable financial information in AI conversations unless you have a signed Business Associate Agreement (BAA) with us (available on Enterprise plans).

AI conversations may be used by third-party AI providers to improve their models unless you are on an Enterprise plan with data processing agreements in place. See each provider's privacy policy for details.

We do not sell your personal data. We share data only with:

• ·Supabase — database and authentication (data stored in US-East)
• ·Stripe — payment processing and subscription management
• ·Anthropic — AI message processing (Claude models)
• ·Google — AI processing (Gemini), Analytics (GA4), Maps API
• ·xAI — AI message processing (Grok models)
• ·OpenAI — AI message processing, image generation (DALL-E 3)
• ·ElevenLabs — voice synthesis and audio processing
• ·Perplexity / Tavily / Exa — search and research queries
• ·Alpaca Markets — financial data queries (read-only)
• ·RentCast / PropertyAPI — real estate data queries
• ·Twilio — SMS and voice communication features
• ·GoHighLevel (GHL) — CRM integration (only for GHL Bridge users)
• ·Apollo.io — contact enrichment (only for GHL Bridge users)

We may disclose information if required by law, court order, or to protect the rights, property, or safety of Saint Vision Technologies LLC, our users, or the public.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• ·Right of Access — request a copy of your personal data
• ·Right to Rectification — correct inaccurate or incomplete data
• ·Right to Erasure ("Right to be Forgotten") — request deletion of your data
• ·Right to Data Portability — receive your data in a machine-readable format
• ·Right to Object — object to processing based on legitimate interests
• ·Right to Restrict Processing — limit how we use your data
• ·Right to Withdraw Consent — withdraw consent at any time

Our lawful basis for processing: contract performance (providing the service), legitimate interests (security, fraud prevention, analytics), and consent (marketing communications).

To exercise any GDPR right, contact us at legal@saintsallabs.com. We will respond within 30 days.

Data transfers outside the EEA are covered by Standard Contractual Clauses (SCCs) where applicable.

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to:

• ·Know what personal information we collect and how it is used
• ·Delete personal information we have collected about you
• ·Opt out of the "sale" or "sharing" of personal information — we do not sell or share your data for cross-context behavioral advertising
• ·Non-discrimination — we will not discriminate against you for exercising CCPA rights
• ·Correct inaccurate personal information
• ·Limit use of sensitive personal information

To submit a CCPA request: email legal@saintsallabs.com with subject line "CCPA Request." We will verify your identity and respond within 45 days.

Categories of personal information collected: identifiers, commercial information, internet/network activity, geolocation data, inferences from usage data.

• ·Account data: retained while your account is active, deleted within 90 days of account deletion request
• ·AI conversation history: retained for 12 months, then anonymized
• ·Payment records: retained for 7 years per financial regulations
• ·Usage/analytics data: retained in aggregate form indefinitely
• ·Support communications: retained for 3 years

We implement industry-standard security measures including:

• ·TLS 1.3 encryption for all data in transit
• ·AES-256 encryption for data at rest via Supabase
• ·Row-level security (RLS) — users can only access their own data
• ·Supabase Auth with JWT tokens and secure session management
• ·No plaintext storage of passwords or API keys
• ·Regular security audits and penetration testing

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to legal@saintsallabs.com.

We use:

• ·Essential cookies: authentication sessions, CSRF protection
• ·Analytics cookies: Google Analytics 4 (GA4) for aggregate usage statistics
• ·Marketing attribution: UTM parameters stored in sessionStorage (not cookies)
• ·No third-party advertising cookies or cross-site tracking

You can disable non-essential cookies in your browser settings without affecting core functionality.

SaintSal™ Labs is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact legal@saintsallabs.com and we will promptly delete it.

We may update this Privacy Policy periodically. We will notify you of material changes via email and/or a prominent notice on our platform at least 30 days before changes take effect. Continued use after the effective date constitutes acceptance.

For any privacy questions, requests, or concerns: