Privacy Policy

This policy explains what data Saleio collects, why, and how we handle it. It applies to anyone with a Saleio account and to visitors of our marketing site.

• Account info: your email address (used to sign in via magic link).
• Connected X account: the OAuth tokens we receive from X, your X handle, display name, and profile metadata. We use these to send DMs on your behalf and to read replies.
• Lead data you upload: X handles, names, custom variables, and anything else you put in CSV imports.
• Campaign content: message templates, generated DM text, classifier outputs, suppression lists.
• Usage data: standard logs (IP, user agent, page views, request timestamps) for security and debugging.
• Billing info (when applicable): handled by our payment processor; we never see your card number.

• We don't track you across the web.
• We don't sell your data. Ever.
• We don't train AI models on your messages, leads, or templates.

To provide the service, specifically:

• Authenticating you and keeping your session secure.
• Sending DMs to leads via the X API and reading replies you receive.
• Generating personalized messages with our AI provider (Anthropic). Lead context (handle, bio, recent tweets) is sent to Anthropic at generation time and is not used by Anthropic to train their models per their zero-retention policy.
• Operating logs, error monitoring, fraud prevention.
• Sending you product emails (auth links, important account updates). We won't email you marketing without consent.

We use a handful of trusted vendors to run Saleio. They process data only on our instructions:

• Supabase — database and authentication.
• AWS (Lightsail) — application hosting.
• Vercel — frontend hosting.
• Anthropic — AI message generation and reply classification (zero-retention API).
• X (Twitter) — DM sending and profile lookups via the X API. Note: data you send through the X API is governed by X's own policies.
• Stripe (when subscriptions launch) — payment processing.

While your account is active, we retain your data so the product works. When you delete your account, we delete your personal data, campaigns, leads, messages, and connected X tokens within 30 days. We may retain anonymized logs for security and capacity planning. Some data may be retained longer if required by law (e.g., tax/billing records).

You can:

• Export your campaigns, leads, and messages as CSV.
• Delete your account from Settings → Profile.
• Request a copy of your personal data, or correction of inaccuracies, by emailing help@saleio.ai.
• Opt out of any non-essential email at any time (we don't send many).

If you're in the EU/UK, you have additional rights under the GDPR/UK GDPR including the right to lodge a complaint with your local supervisory authority.

We use TLS in transit, encryption at rest where supported by our providers, and least-privilege access controls. No system is perfectly secure — if you discover a vulnerability, please report it to help@saleio.ai and we'll respond quickly.

Saleio is not intended for use by anyone under 18. We don't knowingly collect data from minors.

We may update this policy. If the changes are material we'll email you and update the "Last updated" date above.

Questions or requests? Email help@saleio.ai.