Privacy Policy

This Policy applies to all individuals who interact with our Services, including visitors to savix.io, users of the Savix platform, and anyone who communicates with us.

“Customer” refers to the organization that has entered into a service agreement with Savix. “Authorized Users” are individuals granted access to the platform by a Customer. “Customer Content” means all documents, knowledge base entries, RFP questions, and generated responses that a Customer or its Authorized Users upload, create, or produce through the Services.

The Customer is the data controller for all Customer Content. Savix processes Customer Content strictly on behalf of the Customer and in accordance with our service agreement. This Policy does not govern Customer Content — for questions about how your organization handles data within Savix, contact your organization's privacy team.

Savix Inc. is the data controller for the personal data described in this Policy (excluding Customer Content, which is controlled by the respective Customer).

1309 Coffeen Avenue, Sheridan, Wyoming 82801, United States
Email: hello@savix.io

3.1 Account & Organization Data

• Name, email address, and job title provided during registration or invitation
• Organization name, billing address, and payment details
• Subscription plan, seats, and usage entitlements

3.2 Usage & Interaction Data

• Platform activity such as RFP projects created, documents uploaded, searches run, and features used
• Performance metrics (response times, error logs) to maintain service reliability
• Support conversations and feedback you provide to us

3.3 Technical Data

• IP address, browser type, operating system, device identifiers
• Referring URLs, pages viewed, and time spent on pages
• Cookie and similar tracking identifiers (see Section 11)

3.4 Marketing & Communications Data

• Contact information you provide when you request a demo, subscribe to updates, or attend an event
• Communication preferences and interaction history with our marketing materials

We process personal data for the following purposes:

Delivering & Improving the Services

We use account, usage, and technical data to operate the platform, authenticate users, manage subscriptions, and continuously improve performance, reliability, and feature quality. This processing is necessary to perform our contract with you.

Customer Support & Communication

We use your contact information to respond to inquiries, deliver product notifications, and provide onboarding assistance. Transactional communications (e.g., security alerts, billing receipts) are sent as necessary to fulfill our obligations.

Analytics & Product Development

We analyze aggregated and de-identified usage patterns to understand how the platform is used, identify opportunities for improvement, and prioritize new features. We rely on our legitimate interest to build a better product for all users.

Marketing

With your consent or based on a pre-existing business relationship, we may send you information about new features, product updates, or relevant content. You can opt out at any time by clicking “unsubscribe” in any email or contacting us at hello@savix.io.

Legal & Compliance

We may process data to comply with legal obligations, resolve disputes, enforce our terms, or protect the rights, safety, and property of Savix, our Customers, or others.

Savix uses artificial intelligence to help Customers generate RFP responses from their uploaded knowledge base. We want to be transparent about how this works:

• Your content stays yours. Documents, knowledge base entries, and RFP responses are Customer Content controlled by your organization. We process this data solely to deliver the Services under our agreement with your organization.
• No training on your data. We do not use Customer Content to train, fine-tune, or improve generalized AI or machine learning models. Your proprietary information is never used to benefit other customers.
• Evidence-based generation. Our AI generates responses grounded in your uploaded documents and verifies each claim against source material within your knowledge base.
• Third-party AI providers. We use selected AI infrastructure providers to process queries. These providers are contractually prohibited from retaining or training on Customer Content, and we select providers that offer zero-data-retention guarantees where available.
• Isolation. Each Customer's knowledge base is logically isolated. No Customer can access another Customer's documents or generated responses.

We do not sell personal data. We share data only when:

• Service providers. We engage trusted vendors (cloud hosting, payment processing, analytics, customer support tools) who process data on our behalf under strict contractual protections.
• Legal requirement. We may disclose data when required by law, subpoena, court order, or government request, or when we reasonably believe disclosure is necessary to protect rights, safety, or property.
• Business transfers. In connection with a merger, acquisition, or sale of assets, personal data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
• With your consent. We may share data for other purposes when you give us explicit permission.

Savix is based in the United States and primarily processes data within the US. If you access the Services from outside the US, your data may be transferred to and processed in the United States or other jurisdictions where our service providers operate.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or equivalent mechanisms recognized under applicable law.

We retain personal data only as long as necessary for the purposes described in this Policy:

• Account data is retained for the duration of the subscription and for a reasonable period afterward (typically 90 days) to allow for reactivation and fulfill contractual obligations.
• Customer Content is deleted or returned to the Customer within 30 days after the termination of the service agreement, unless otherwise specified in the agreement.
• Technical logs are retained for up to 12 months for security and troubleshooting purposes.
• Marketing data is retained until you opt out or for 24 months from the last interaction, whichever comes first.
• Legal records (invoices, contracts) may be retained longer as required by applicable law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request that we correct inaccurate or incomplete data
• Deletion — request that we delete your personal data, subject to legal retention requirements
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on our legitimate interests, including direct marketing
• Withdrawal of consent — where processing is based on consent, withdraw at any time without affecting prior lawful processing
• Restriction — request that we limit how we process your data in certain circumstances

To exercise any of these rights, email us at hello@savix.io. We will respond within 30 days (or sooner if required by applicable law). We may ask you to verify your identity before processing your request.

For Authorized Users: If your request relates to Customer Content managed by your organization within Savix, please contact your organization's administrator directly, as they control that data.

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

We implement industry-standard technical and organizational safeguards to protect your data, including:

• Encryption of data in transit (TLS 1.2+) and at rest
• Logical tenant isolation — each Customer's data is separated from others
• Role-based access controls and audit logging within the platform
• Regular vulnerability assessments and security reviews
• Incident response procedures with prompt notification in the event of a breach

While we strive to protect your data, no system is completely immune to security threats. We encourage you to use strong, unique passwords and to report any suspected vulnerabilities to hello@savix.io.

We use cookies and similar technologies to provide and improve the Services:

• Essential cookies are required for the platform to function (authentication tokens, session management). These cannot be disabled.
• Analytics cookies help us understand how visitors interact with our website so we can improve the experience. We use privacy-focused analytics tools and anonymize data where possible.
• Marketing cookies may be placed by third-party advertising services to deliver relevant content across platforms. These are only set with your consent.

You can manage cookie preferences through the consent banner on our website or by adjusting your browser settings. For more details, see our Cookie Policy.

The Services are designed for business use and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

We may update this Policy from time to time to reflect changes in our practices, legal requirements, or the Services. When we make material changes, we will notify you by posting the updated Policy on this page with a revised “Last updated” date and, where appropriate, through email or an in-app notification.

We encourage you to review this page periodically to stay informed about our data practices.

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, reach out to us: