Privacy Policy

Effective date: May 2, 2026  ·  Last updated: June 2, 2026

1. Who we are

This Privacy Policy describes how Savra ("Savra," "we," "us," or "our") collects, uses, stores, shares, and protects information in connection with the Savra platform and related websites, applications, and services (collectively, the "Service"), available at savra.ai, app.savra.ai, and related subdomains.

Savra is a multi-tenant, AI-powered marketing platform operated by Savra Inc. , located at 8W9 2WJ North Vancouver, British Columbia, Canada.

If you have any questions about this policy or your data, contact us at support@savra.ai.

This policy applies to all users of the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information we collect

2.1 Account information

When you create an account, we collect your name, email address, and authentication identifiers through our authentication provider (Clerk). We may also collect organization / workspace details and your role.

2.2 Information you provide

We collect the content you submit to the Service — including chat messages, prompts, documents you upload, project and campaign details, and any other content you choose to provide so the Service can perform the tasks you request.

2.3 Information from connected third-party accounts

When you choose to connect a third-party account (for example, Google, Meta/Facebook, Instagram, or LinkedIn), we receive data from those services through their official APIs, strictly limited to what you authorize. Our handling of Google user data is described in detail in Section 3 below.

2.4 Billing information

When you purchase a paid plan, payments are processed by our payment processor (Stripe). We do not store full payment-card numbers; we retain limited billing metadata (such as plan, subscription status, and the last four digits of a card) as provided by the processor.

2.5 Information collected automatically

When you use the Service, we automatically collect certain technical and usage information, such as IP address, device and browser type, pages or features used, and timestamps, through server logs and cookies or similar technologies. See Section 9 (Cookies).

3. Google user data (Search Console, Google Analytics, and Google Ads)

This section governs data accessed through Google APIs and is provided to comply with the Google API Services User Data Policy, including its Limited Use requirements.

3.1 What you connect, and why

Savra lets you connect your Google account so that our AI agent can read your marketing performance data and generate data-grounded recommendations, reports, and insights that you can see inside the Service. You connect Google through Google's standard OAuth 2.0 consent flow, and you may grant some, all, or none of the requested permissions (Google's granular consent). We only access the services you authorize.

We request read-only access to the following Google services, using these scopes:

Google serviceOAuth scopeWhat we accessWhy
Google Search Consolewebmasters.readonlySearch-performance metrics (clicks, impressions, queries, pages, position), index/coverage information, and the list of sites you own or manage.To analyze SEO performance and produce SEO and content recommendations.
Google Analytics 4analytics.readonlyRead-only analytics reports — traffic, events, conversions, and related dimensions and metrics for the GA4 properties you select.To produce traffic, conversion, and marketing-performance reports and insights.
Google AdsadwordsCampaign, ad group, keyword, budget, and performance-reporting data from the Google Ads accounts you select.To analyze advertising performance and produce optimization recommendations.

We use Google data on a read-only basis. Savra reads your Google data to power the reporting and recommendation features described above. We do not create, edit, pause, or delete campaigns, ads, properties, or site settings on your behalf. (If we ever introduce a feature that takes a write action in Google Ads, it will require your explicit, per-action confirmation, and we will update this policy before enabling it.)

3.2 How we access and store Google data

  • Access: We access your Google data only after you grant consent, by calling Google's APIs directly in real time with the access token issued for your account. We fetch data when you (or a report/insight you have set up) request it.
  • Tokens: Google OAuth access and refresh tokens are encrypted at rest (Fernet / AES-128 with HMAC authentication) before being stored in our database, and are scoped to your organization. We record which scopes you granted so that we only expose the features you authorized.
  • Multi-tenant isolation: Every Google data request is resolved against your own organization's token. We enforce tenant isolation so that one customer's Google data is never accessible to another customer.
  • No warehousing of raw Google data: Our default design fetches your Google data live to answer a request rather than maintaining a separate copy of your raw Google datasets. Where the Service caches results or stores generated reports for performance and to show you your history, that derived content is retained only as needed to provide the feature and is subject to the retention and deletion practices in Sections 7 and 8.

3.3 How Google data is processed by AI

To generate insights and recommendations, relevant portions of your connected Google data are processed by large language models and other AI services we use as processors (for example, Anthropic and OpenAI), accessed through their APIs solely to produce output for you. These providers process the data to return results to the Service and, under their API terms, do not use it to train their models.

We do not use your Google user data to develop, improve, or train generalized or non-personalized AI/ML models. Any machine-learning processing of your Google data occurs only to provide the user-facing features you requested, for your benefit, and is not used to build models or products for unrelated third parties.

3.4 How we share Google data

We do not sell your Google user data, and we do not transfer it to advertising platforms, data brokers, or information resellers, or use it for advertising, retargeting, credit-worthiness, or lending decisions. We share Google user data only:

  • with the limited service providers (sub-processors) that operate the Service on our behalf, bound by confidentiality and data-protection obligations (see Section 6);
  • as needed to provide or improve the user-facing features you request, with your consent;
  • for security purposes, to investigate abuse or a technical issue;
  • to comply with applicable law or valid legal process; or
  • in connection with a merger, acquisition, or sale of assets, with notice to you as required by law.

3.5 Human access to Google data

We do not access your Google data manually except in limited circumstances: with your affirmative agreement; as necessary for security (for example, to investigate a bug or abuse); to comply with applicable law; or where data has been aggregated/anonymized and is used for internal operations consistent with applicable requirements.

3.6 Limited Use disclosure

Savra's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3.7 Revoking access and deleting Google data

You can disconnect your Google account at any time from the Connected Accounts page in the Service, or directly from your Google Account at https://myaccount.google.com/permissions. When you disconnect, we revoke and delete the stored OAuth tokens for that connection and stop accessing your Google data. You can also request deletion of derived content (such as stored reports) generated from your Google data by contacting support@savra.ai.

4. How we use your information

We use the information we collect to:

  • provide, operate, and maintain the Service and its features;
  • generate the AI outputs, reports, recommendations, and other results you request;
  • authenticate you, manage your account, and process billing;
  • communicate with you about your account, security, and product updates;
  • monitor, secure, debug, and improve the Service; and
  • comply with legal obligations and enforce our terms.

The legal bases for processing (where applicable, e.g., under GDPR) include performance of a contract, your consent, our legitimate interests in operating and securing the Service, and compliance with legal obligations.

5. AI processing

Savra is an AI platform. To deliver its features, content you provide and data from your connected accounts may be processed by third-party AI model providers (such as Anthropic and OpenAI) acting as our processors, accessed through their APIs to return results to you. Under those providers' API terms, your data is not used to train their models. We do not use your content or connected-account data to train generalized AI/ML models. See Section 3.3 for how this applies specifically to Google user data.

6. How we share information / sub-processors

We do not sell your personal information. We share information only as described in this policy, including with the following categories of sub-processors that operate the Service on our behalf, each bound by appropriate confidentiality and data-protection obligations:

  • Authentication: Clerk
  • AI / language models: Anthropic, OpenAI
  • Embeddings & search: Voyage AI; vector storage (Qdrant); memory services (Mem0)
  • Database & infrastructure / hosting: our cloud hosting provider
  • Payments: Stripe
  • Email / communications: our transactional email provider (Resend)
  • Observability / logging: Langfuse
  • Connected marketing data sources you authorize: Google, Meta/Facebook, Instagram, LinkedIn, and similar providers

We may also disclose information to comply with law or legal process, to protect the rights, safety, and security of Savra, our users, or the public, and in connection with a corporate transaction as described above. A current list of sub-processors is available on request at support@savra.ai.

7. Data retention

We retain personal information for as long as your account is active or as needed to provide the Service, and thereafter only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. OAuth tokens for connected accounts are deleted when you disconnect the account. You may request deletion of your account and associated data at support@savra.ai, subject to limited exceptions permitted or required by law.

8. Your rights and choices

Depending on where you live, you may have rights to: access the personal information we hold about you; correct inaccurate information; delete your information; restrict or object to certain processing; port your information; and withdraw consent (including by disconnecting a connected account).

To exercise these rights, contact support@savra.ai. We will respond as required by applicable law. You may also disconnect any third-party account at any time from within the Service.

California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to request deletion; to correct inaccurate information; and to not be discriminated against for exercising your rights. We do not sell or "share" (as defined under California law) your personal information, including your Google user data. To submit a request, email support@savra.ai.

9. Cookies and similar technologies

We use cookies and similar technologies to keep you signed in, remember your preferences, operate the Service, and understand usage. You can control cookies through your browser settings; disabling some cookies may affect Service functionality.

10. Data security

We implement reasonable administrative, technical, and organizational measures to protect your information, including encryption of OAuth tokens at rest (Fernet / AES with HMAC), encryption in transit (HTTPS/TLS), access controls, and tenant isolation. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. International data transfers

We are based in the United States and may process and store information in the United States and other countries. Where required, we rely on appropriate safeguards for cross-border transfers of personal information.

12. Children's privacy

The Service is intended for businesses and users 18 and older and is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact support@savra.ai and we will delete it.

13. Third-party services

The Service may link to or integrate with third-party services. Their use of your information is governed by their own privacy policies, and we encourage you to review them. This policy does not apply to third-party services we do not control.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Governing law

This Privacy Policy is governed by the laws of the province of British Columbia, Canada, without regard to its conflict-of-laws principles, except where superseded by applicable data-protection law.

16. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:

Savra — operated by Savra Inc.
Email: support@savra.ai
Address: 8W9 2WJ North Vancouver, British Columbia

Privacy Policy

Effective date: May 2, 2026  ·  Last updated: June 2, 2026

1. Who we are

This Privacy Policy describes how Savra ("Savra," "we," "us," or "our") collects, uses, stores, shares, and protects information in connection with the Savra platform and related websites, applications, and services (collectively, the "Service"), available at savra.ai, app.savra.ai, and related subdomains.

Savra is a multi-tenant, AI-powered marketing platform operated by Savra Inc. , located at 8W9 2WJ North Vancouver, British Columbia, Canada.

If you have any questions about this policy or your data, contact us at support@savra.ai.

This policy applies to all users of the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information we collect

2.1 Account information

When you create an account, we collect your name, email address, and authentication identifiers through our authentication provider (Clerk). We may also collect organization / workspace details and your role.

2.2 Information you provide

We collect the content you submit to the Service — including chat messages, prompts, documents you upload, project and campaign details, and any other content you choose to provide so the Service can perform the tasks you request.

2.3 Information from connected third-party accounts

When you choose to connect a third-party account (for example, Google, Meta/Facebook, Instagram, or LinkedIn), we receive data from those services through their official APIs, strictly limited to what you authorize. Our handling of Google user data is described in detail in Section 3 below.

2.4 Billing information

When you purchase a paid plan, payments are processed by our payment processor (Stripe). We do not store full payment-card numbers; we retain limited billing metadata (such as plan, subscription status, and the last four digits of a card) as provided by the processor.

2.5 Information collected automatically

When you use the Service, we automatically collect certain technical and usage information, such as IP address, device and browser type, pages or features used, and timestamps, through server logs and cookies or similar technologies. See Section 9 (Cookies).

3. Google user data (Search Console, Google Analytics, and Google Ads)

This section governs data accessed through Google APIs and is provided to comply with the Google API Services User Data Policy, including its Limited Use requirements.

3.1 What you connect, and why

Savra lets you connect your Google account so that our AI agent can read your marketing performance data and generate data-grounded recommendations, reports, and insights that you can see inside the Service. You connect Google through Google's standard OAuth 2.0 consent flow, and you may grant some, all, or none of the requested permissions (Google's granular consent). We only access the services you authorize.

We request read-only access to the following Google services, using these scopes:

Google serviceOAuth scopeWhat we accessWhy
Google Search Consolewebmasters.readonlySearch-performance metrics (clicks, impressions, queries, pages, position), index/coverage information, and the list of sites you own or manage.To analyze SEO performance and produce SEO and content recommendations.
Google Analytics 4analytics.readonlyRead-only analytics reports — traffic, events, conversions, and related dimensions and metrics for the GA4 properties you select.To produce traffic, conversion, and marketing-performance reports and insights.
Google AdsadwordsCampaign, ad group, keyword, budget, and performance-reporting data from the Google Ads accounts you select.To analyze advertising performance and produce optimization recommendations.

We use Google data on a read-only basis. Savra reads your Google data to power the reporting and recommendation features described above. We do not create, edit, pause, or delete campaigns, ads, properties, or site settings on your behalf. (If we ever introduce a feature that takes a write action in Google Ads, it will require your explicit, per-action confirmation, and we will update this policy before enabling it.)

3.2 How we access and store Google data

  • Access: We access your Google data only after you grant consent, by calling Google's APIs directly in real time with the access token issued for your account. We fetch data when you (or a report/insight you have set up) request it.
  • Tokens: Google OAuth access and refresh tokens are encrypted at rest (Fernet / AES-128 with HMAC authentication) before being stored in our database, and are scoped to your organization. We record which scopes you granted so that we only expose the features you authorized.
  • Multi-tenant isolation: Every Google data request is resolved against your own organization's token. We enforce tenant isolation so that one customer's Google data is never accessible to another customer.
  • No warehousing of raw Google data: Our default design fetches your Google data live to answer a request rather than maintaining a separate copy of your raw Google datasets. Where the Service caches results or stores generated reports for performance and to show you your history, that derived content is retained only as needed to provide the feature and is subject to the retention and deletion practices in Sections 7 and 8.

3.3 How Google data is processed by AI

To generate insights and recommendations, relevant portions of your connected Google data are processed by large language models and other AI services we use as processors (for example, Anthropic and OpenAI), accessed through their APIs solely to produce output for you. These providers process the data to return results to the Service and, under their API terms, do not use it to train their models.

We do not use your Google user data to develop, improve, or train generalized or non-personalized AI/ML models. Any machine-learning processing of your Google data occurs only to provide the user-facing features you requested, for your benefit, and is not used to build models or products for unrelated third parties.

3.4 How we share Google data

We do not sell your Google user data, and we do not transfer it to advertising platforms, data brokers, or information resellers, or use it for advertising, retargeting, credit-worthiness, or lending decisions. We share Google user data only:

  • with the limited service providers (sub-processors) that operate the Service on our behalf, bound by confidentiality and data-protection obligations (see Section 6);
  • as needed to provide or improve the user-facing features you request, with your consent;
  • for security purposes, to investigate abuse or a technical issue;
  • to comply with applicable law or valid legal process; or
  • in connection with a merger, acquisition, or sale of assets, with notice to you as required by law.

3.5 Human access to Google data

We do not access your Google data manually except in limited circumstances: with your affirmative agreement; as necessary for security (for example, to investigate a bug or abuse); to comply with applicable law; or where data has been aggregated/anonymized and is used for internal operations consistent with applicable requirements.

3.6 Limited Use disclosure

Savra's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3.7 Revoking access and deleting Google data

You can disconnect your Google account at any time from the Connected Accounts page in the Service, or directly from your Google Account at https://myaccount.google.com/permissions. When you disconnect, we revoke and delete the stored OAuth tokens for that connection and stop accessing your Google data. You can also request deletion of derived content (such as stored reports) generated from your Google data by contacting support@savra.ai.

4. How we use your information

We use the information we collect to:

  • provide, operate, and maintain the Service and its features;
  • generate the AI outputs, reports, recommendations, and other results you request;
  • authenticate you, manage your account, and process billing;
  • communicate with you about your account, security, and product updates;
  • monitor, secure, debug, and improve the Service; and
  • comply with legal obligations and enforce our terms.

The legal bases for processing (where applicable, e.g., under GDPR) include performance of a contract, your consent, our legitimate interests in operating and securing the Service, and compliance with legal obligations.

5. AI processing

Savra is an AI platform. To deliver its features, content you provide and data from your connected accounts may be processed by third-party AI model providers (such as Anthropic and OpenAI) acting as our processors, accessed through their APIs to return results to you. Under those providers' API terms, your data is not used to train their models. We do not use your content or connected-account data to train generalized AI/ML models. See Section 3.3 for how this applies specifically to Google user data.

6. How we share information / sub-processors

We do not sell your personal information. We share information only as described in this policy, including with the following categories of sub-processors that operate the Service on our behalf, each bound by appropriate confidentiality and data-protection obligations:

  • Authentication: Clerk
  • AI / language models: Anthropic, OpenAI
  • Embeddings & search: Voyage AI; vector storage (Qdrant); memory services (Mem0)
  • Database & infrastructure / hosting: our cloud hosting provider
  • Payments: Stripe
  • Email / communications: our transactional email provider (Resend)
  • Observability / logging: Langfuse
  • Connected marketing data sources you authorize: Google, Meta/Facebook, Instagram, LinkedIn, and similar providers

We may also disclose information to comply with law or legal process, to protect the rights, safety, and security of Savra, our users, or the public, and in connection with a corporate transaction as described above. A current list of sub-processors is available on request at support@savra.ai.

7. Data retention

We retain personal information for as long as your account is active or as needed to provide the Service, and thereafter only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. OAuth tokens for connected accounts are deleted when you disconnect the account. You may request deletion of your account and associated data at support@savra.ai, subject to limited exceptions permitted or required by law.

8. Your rights and choices

Depending on where you live, you may have rights to: access the personal information we hold about you; correct inaccurate information; delete your information; restrict or object to certain processing; port your information; and withdraw consent (including by disconnecting a connected account).

To exercise these rights, contact support@savra.ai. We will respond as required by applicable law. You may also disconnect any third-party account at any time from within the Service.

California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to request deletion; to correct inaccurate information; and to not be discriminated against for exercising your rights. We do not sell or "share" (as defined under California law) your personal information, including your Google user data. To submit a request, email support@savra.ai.

9. Cookies and similar technologies

We use cookies and similar technologies to keep you signed in, remember your preferences, operate the Service, and understand usage. You can control cookies through your browser settings; disabling some cookies may affect Service functionality.

10. Data security

We implement reasonable administrative, technical, and organizational measures to protect your information, including encryption of OAuth tokens at rest (Fernet / AES with HMAC), encryption in transit (HTTPS/TLS), access controls, and tenant isolation. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. International data transfers

We are based in the United States and may process and store information in the United States and other countries. Where required, we rely on appropriate safeguards for cross-border transfers of personal information.

12. Children's privacy

The Service is intended for businesses and users 18 and older and is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact support@savra.ai and we will delete it.

13. Third-party services

The Service may link to or integrate with third-party services. Their use of your information is governed by their own privacy policies, and we encourage you to review them. This policy does not apply to third-party services we do not control.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Governing law

This Privacy Policy is governed by the laws of the province of British Columbia, Canada, without regard to its conflict-of-laws principles, except where superseded by applicable data-protection law.

16. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:

Savra — operated by Savra Inc.
Email: support@savra.ai
Address: 8W9 2WJ North Vancouver, British Columbia

Login
Get Started