Privacy Policy

Last updated 2026-05-09 · Operator: Saidly LLC (Kentucky entity 1579133) · Contact: privacy@saidly.org

1. Who we are

Saidly (the "Service") is operated by Saidly LLC, a Kentucky limited liability company ("we," "us," "our"). For users in the European Economic Area, the United Kingdom, or other jurisdictions with comparable rules, Saidly LLC acts as the data controller for personal data processed in connection with the Service.

2. What we collect

(a) Information you provide. When you create an account, we collect your email address and a password (stored hashed). If you subscribe to a paid plan, our payment processor (Stripe) collects payment information; we receive a token and last-four/brand only — we do not store full card numbers.

(b) Information generated by your use of the Service. Your search queries, saved alerts, the utterances you click, your IP address, browser/user-agent string, approximate geolocation derived from IP, timestamps, and crash/error telemetry.

(c) Information about the indexed content. The Service maintains an index of utterances by US public figures, derived from publicly available sources (YouTube videos, podcast RSS feeds, archive.org recordings, federal/state government broadcasts). Indexed individuals are not "users" of the Service and do not have accounts; their inclusion in the index is described in Section 7.

(d) Cookies and similar technologies. We use a session cookie to keep you logged in and an analytics cookie (or self-hosted equivalent) to count page views in aggregate. We do not use third-party advertising cookies or cross-site tracking.

3. Why we process your data — legal bases (GDPR / UK GDPR)

• Performance of a contract (Art. 6(1)(b)) — to provide the Service and your account.
• Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent abuse, improve product quality, and operate an editorial search index of public-figure utterances. The balancing test for indexed-content processing is that the public-figure-only scope, the journalistic/research purpose, and the right to request removal materially limit any impact on data subjects, while the public interest in accountability speech is strong.
• Consent (Art. 6(1)(a)) — where you explicitly opt in (e.g., to a marketing email).
• Legal obligation (Art. 6(1)(c)) — to comply with applicable law and respond to lawful requests.

4. How we share data

We do not sell personal data. We share data only with:

• Service providers acting on our instructions: our hosting provider, Stripe (payment processing), our email provider, Sentry (error monitoring), our analytics provider. Each is bound by data-processing terms.
• Authorities or counterparties when legally required, or when necessary to protect the rights and safety of users, the public, or Saidly LLC.
• Successors in the event of a merger, acquisition, or asset sale (your account and data may transfer).

5. Where we store data

User-account data is stored in the United States. Indexed-content data (transcripts, embeddings, metadata) is stored on the same infrastructure. International transfers, where applicable, are made under appropriate safeguards (Standard Contractual Clauses or equivalent).

6. How long we keep data

• Account data: while your account is active, plus up to 90 days after deletion for backup/recovery.
• Search-query logs: up to 90 days, then anonymized or deleted.
• Indexed content: indefinitely, subject to removal requests (Section 7).

7. Rights of indexed individuals

If you are an individual whose voice or transcript is indexed by the Service and you believe you should not be classified as a "public figure" for these purposes, or you have other lawful objections to inclusion, please contact privacy@saidly.org. We will review requests in good faith and act reasonably and quickly. We may decline removal where the material relates to clearly newsworthy speech by a public figure in their public role; in such cases we will explain our reasoning and your further options.

8. Your rights as a user

If you have an account with the Service, you have the right (subject to applicable law) to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and associated data.
• Object to or restrict certain processing.
• Receive a portable copy of your data.
• Withdraw consent for any processing based on consent.
• Lodge a complaint with your local supervisory authority (EEA/UK).

For California residents, the rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) — the right to know, delete, correct, and opt out of the sale or sharing of personal information — apply. We do not sell or share personal information for cross-context behavioral advertising.

To exercise any of these rights, email privacy@saidly.org.

9. Children

The Service is not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@saidly.org and we will delete it.

10. Security

We use industry-standard measures: TLS in transit, encryption at rest for production databases, scoped database credentials, principle-of-least-privilege access, and regular backups. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you and any required regulator promptly.

11. Changes

We may update this policy. Material changes will be announced by email to account holders and via a prominent notice on the Service.

12. Contact

privacy@saidly.org
Saidly LLC
Kentucky, United States