Privacy Policy

3.1 Information You Provide Directly

When you register, use, or pay for the Services, you may provide:

• Identity data — name, email address, display name, profile preferences
• Authentication data — password (hashed, never stored in plaintext), OAuth identifiers if you sign in via a third-party provider
• Billing data — billing name, billing address, payment card details (handled directly by Stripe — SANICE does not store full card numbers), subscription tier, billing history
• Content data — prompts, chat messages, uploaded files, research briefs, Glass session inputs, Counsel debate questions, Pulse monitor configurations, and any other content you voluntarily submit
• Communications data — correspondence with our support team, feedback, and bug reports

3.2 Information Collected Automatically

When you interact with the Services, we automatically collect:

• Technical data — IP address, device type, browser type and version, operating system, screen resolution, referrer URL, and timezone
• Usage data — pages visited, features used, clicks, session duration, time and date of access, credit consumption events, error events
• Session data — short-lived authentication tokens, session identifiers, CSRF tokens
• Log data — server logs capturing request metadata (not content) for security, debugging, and fraud prevention

3.3 Information Generated by the Services

As you use SANICE, the platform generates:

• Output data — Glass research reports, Counsel verdicts, Pulse alerts, Collective chat responses
• Derived data — embeddings (vector representations of third-party research content retrieved in response to your queries — see Section 7), usage patterns, credit balance history
• Inference data — relevance scores, matching results, and other computed signals derived from your inputs

3.4 Information We Do Not Collect

We do not collect:

• Biometric data
• Precise geolocation (we approximate only from IP address, never device GPS)
• Sensitive personal data such as religious beliefs, political opinions, sexual orientation, or trade union membership — unless you voluntarily include such information in your content, in which case it is processed only to fulfill your research request
• Children's data (see Section 17)

4.1 To Provide the Services

Authenticate users, route requests to appropriate AI models, generate research reports, deliver chat responses, trigger Pulse alerts, run Counsel debates, manage credit balances, and deliver search results.

4.2 To Operate and Improve the Platform

Monitor service health, diagnose errors, analyze aggregate usage patterns, develop new features, optimize performance, and prevent system abuse.

4.3 To Communicate With You

Send transactional emails (welcome emails, receipts, password resets, billing notices, security alerts), respond to support requests, and — only with your explicit consent — send product updates.

4.4 To Process Payments

Process subscription fees, top-up purchases, refunds, and chargebacks through our payment processor (Stripe).

4.5 To Ensure Security and Prevent Fraud

Detect unauthorized access attempts, prevent credential stuffing, identify abusive usage patterns, enforce rate limits, and investigate suspected misuse.

4.6 To Comply with Legal Obligations

Respond to lawful requests from authorities, comply with tax and financial reporting obligations, and enforce our Terms and Conditions.

6.1 We Do Not Train Our Own Models on Your Content

SANICE STAR LTD does not use your prompts, uploaded files, chat messages, Glass reports, Counsel verdicts, or any other content you submit or generate to train, fine-tune, or improve any foundational AI model operated by SANICE.

6.2 Third-Party AI Providers — Training and Retention

When we send content to third-party AI providers through their paid API services, we configure those services so that customer content is not used to train their foundation models by default. This applies to all four of our current AI model providers (Anthropic, OpenAI, Google, and xAI) under their respective paid API terms.

Some providers may temporarily retain prompts, responses, or limited metadata for abuse monitoring, security investigation, debugging, legal compliance, or optional features under their own policies. Retention periods are for limited periods under each provider's published policy (typically 30 days or less) and may vary by provider, API, and enabled feature. Where available and appropriate, SANICE disables optional storage features and uses the stricter retention settings each provider offers.

We review each provider's data handling terms before integration and monitor material changes (see Section 8.7). Third-party provider terms referenced in this section were last reviewed on April 19, 2026.

6.3 We Do Not Sell Your Data

We do not sell, rent, or lease your personal information or content to any third party for advertising, marketing, or model-training purposes.

6.4 Aggregated and De-Identified Insights

We may derive aggregated, de-identified statistical insights (for example, "X% of Glass reports are about finance topics") for internal product analytics and public reporting. These aggregates cannot be used to identify any individual user and are not personal information.

6.5 What SANICE Does Not Learn From You

To be explicit about what the platform does and does not do with your content:

• We do not train, fine-tune, or improve any AI model — our own or a third-party's — using your content.
• We do not read your prompts, chats, or reports for "product improvement" purposes.
• Our product analytics capture only metadata — which features you used, credit consumption, model routing, error events — never the content of your prompts, chats, or generated reports.
• Your content is strictly isolated to your own account via Row-Level Security enforced at the database layer.

7.1 What Is Embedded

During a Glass research session, SANICE fetches content from third-party web sources (news articles, company reports, regulatory filings, academic literature, and similar public sources) in response to your query. That retrieved third-party content is:

• Split into small chunks (typically 250 to 1,500 words per chunk);
• Converted into numerical vector representations ("embeddings") using our embedding provider, Voyage AI;
• Stored in our vector database scoped to your account via Row-Level Security.

When your Glass report is being generated, SANICE performs a vector search within your own session's embeddings to identify the most relevant retrieved content for the analysis.

7.2 Third-Party Source Content Ownership

Retrieved third-party source content remains the property of its respective owners. SANICE processes such content only to provide session-specific retrieval and analysis on your behalf. SANICE claims no ownership over third-party source material.

7.3 What Is Not Embedded

The embeddings described above represent third-party content that SANICE fetched on your behalf. They do not contain your prompt text itself.

Your prompts, chat messages, and final generated reports are stored as plain text in their respective session records (to allow you to view your history on your dashboard). They are strictly isolated via Row-Level Security and are never used to train any AI model, ours or a third-party's.

7.4 Transient Embeddings

In a few limited cases, SANICE generates short-lived embeddings of short query strings or expertise-gap descriptions during a Counsel debate (see Section 18.1). These embeddings are used to match experts for the debate session and are not persisted after the matching step.

7.5 Retention and Deletion

Your embeddings follow the same retention and deletion rules as the source content they represent. Deleting a Glass session deletes the associated embeddings. Deleting your account deletes all embeddings associated with your account.

7.6 Your Responsibility for Submitted Content

You are responsible for ensuring you have the necessary rights to upload, submit, or process any content (including any personal information about third parties) through the Services. If you submit personal information about another person into the Services, you represent that you have the right to do so and that such submission is lawful.

8.1 Core Infrastructure

• Supabase — Database, authentication, and vector storage. Primary data residency: Singapore (AWS ap-southeast-1).
• Railway — Backend application hosting (USA).
• Vercel — Frontend application hosting (USA and global edge).
• Cloudflare — Edge security and Web Application Firewall (WAF). Receives IP addresses and request metadata in transit. Global edge network.

8.2 Billing and Communications

• Stripe — Payment processing (USA, EU, global depending on payer location). Handles card details directly; SANICE never stores full card numbers.
• Resend — Transactional email delivery (USA, us-east-1).

8.3 Observability

• Sentry — Error and exception monitoring (USA).
• PostHog — Product analytics and usage events (USA).

8.4 AI Model and Embedding Providers

• Anthropic — Claude model API (USA).
• OpenAI — GPT model API (USA).
• Google — Gemini model API (USA / global).
• xAI — Grok model API (USA).
• Voyage AI — Embedding model API, used for semantic search and retrieval (USA).

8.5 Third-Party Data Providers

We also integrate with third-party data sources (financial market data providers, academic literature databases, and news aggregators) used solely to ground research reports. No user personal information is transmitted to these providers — they receive only generic, non-user-identifying queries such as stock tickers, company names, or research keywords.

8.6 Sub-Processor Changes

We may add, remove, or replace sub-processors over time. Material changes will be reflected in an updated version of this Policy.

8.7 Provider-Change Safeguard

If a third-party sub-processor materially changes its data handling, retention, or training terms in a way that would weaken SANICE's commitments in this Policy (in particular, our Zero Data Training commitment in Section 6), we will:

• Update this Policy to reflect the change;
• Where necessary to maintain our commitments, stop sending customer content to that provider until an acceptable configuration is available; and
• Notify affected users where the change has a material impact on how their personal information is processed.

10.1 General Principle

We retain personal information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and operate backups.

10.2 Specific Retention Periods

• Account data — retained while your account is active. If you delete your account, we remove identifying account data from live production systems within 90 days, subject to legal retention requirements and the backup policy described below.
• Content data (chat messages, Glass reports, Counsel verdicts, Pulse configurations) — retained indefinitely while your account is active, to support your history and retrieval features. You may delete individual items at any time via the Services.
• Embeddings — derived from third-party retrieved content. Deletion of the source session or content triggers deletion of the corresponding embeddings from live systems.
• Billing and tax records — retained for 7 years after the transaction date, as required by New Zealand Inland Revenue and financial reporting law, regardless of account status.
• Server logs — retained for up to 90 days for security and debugging purposes.
• Security event logs — retained for up to 12 months for incident response and forensic analysis.

10.3 Backups

Data deleted from live systems may persist in encrypted backups until those backups are purged on their normal lifecycle (typically up to 30 days). Legal holds may extend retention where required by law.

11.1 Rights Available to All Users

• Access — Request a copy of the personal information we hold about you.
• Correction — Request correction of inaccurate or incomplete information.
• Deletion — Request deletion of your account and associated personal information, subject to the retention exceptions in Section 10.
• Export — Request a machine-readable export of your content (prompts, chats, reports).

11.2 Additional Rights under GDPR and UK GDPR

If you are in the EEA or UK, you also have the right to:

• Restriction of processing — Request that we limit how we process your information in specific circumstances.
• Data portability — Request that we transfer your information to another service provider where technically feasible.
• Objection — Object to processing based on legitimate interests, including profiling.
• Withdrawal of consent — Where processing is based on consent, withdraw that consent at any time.
• Complaint to a supervisory authority — Lodge a complaint with the data protection authority in your country of residence.

11.3 Additional Rights under CCPA / CPRA

If you are a California resident, you also have the right to:

• Know what categories of personal information we collect, use, disclose, and sell (we do not sell personal information).
• Delete personal information subject to applicable exceptions.
• Correct inaccurate personal information.
• Opt out of the "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising).
• Limit the use and disclosure of sensitive personal information.
• Non-discrimination — We will not deny you Services or provide a different level of service for exercising your rights.

11.4 Compliance with the New Zealand Privacy Act 2020

SANICE STAR LTD is an "agency" under the New Zealand Privacy Act 2020 and operates in accordance with the 13 Information Privacy Principles (IPPs).

• IPPs 1–11 (collection, storage, access, correction, accuracy, retention, use, and disclosure) — We collect personal information only for lawful purposes, directly from you where practicable, maintain appropriate security safeguards, take reasonable steps to ensure accuracy, respect your rights of access and correction, and use and disclose personal information only for the purposes for which it was collected or a directly related purpose.
• IPP 12 (cross-border disclosure) — Before transferring personal information outside New Zealand, we ensure the receiving jurisdiction or the recipient provides comparable privacy protection. Each of our sub-processors (listed in Section 8) is bound by a Data Processing Agreement that imposes privacy obligations materially equivalent to those under the New Zealand Privacy Act 2020, including on data security, purpose limitation, onward transfer restrictions, and incident notification.
• IPP 13 (unique identifiers) — We assign an internal unique identifier (your Supabase user UUID) solely to operate the Services. This identifier is used internally to associate your account with your data, sessions, billing history, and audit records. It is not shared with third parties except where necessary to deliver the Services through sub-processors under Section 8.

You may lodge a privacy complaint with our Privacy Team at privacy@sanice.ai. You also have the right to make a complaint directly to the Office of the Privacy Commissioner of New Zealand.

11.5 Verification

To protect your information, we may verify your identity before acting on a privacy request. We may also decline or limit a request where required or permitted by law.

13.1 Security Incidents

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify affected users and, where required, the appropriate supervisory authority as soon as practicable. Notification timelines vary by jurisdiction: statutory windows include 72 hours under GDPR and UK GDPR from the time we become aware of the breach, and "as soon as practicable" under the New Zealand Privacy Act 2020 notifiable privacy breach regime.

13.2 Your Responsibilities

You are responsible for keeping your login credentials confidential, using a strong and unique password, and promptly notifying us at privacy@sanice.ai if you suspect unauthorized access to your account.

14.1 Types of Cookies We Use

• Strictly necessary — Authentication tokens, session identifiers, CSRF tokens. These are required for the Services to function and cannot be disabled.
• Functional — Preferences such as interface theme or language. These can be cleared via your browser.
• Analytics — Aggregate usage signals via PostHog and Vercel Analytics. We do not use cookies for advertising or cross-site tracking.

14.2 Your Choices

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent the Services from functioning.

14.3 Do Not Track

The SANICE.AI website does not respond to Do Not Track (DNT) browser signals, as there is no industry consensus on how such signals should be interpreted. We do not track users across third-party websites.