← Back to Saimek.ai

Privacy Policy

Effective Date: February 25, 2026 · Last Updated: February 25, 2026

Saimek AI ("Saimek," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have over your data.

If you have questions, contact us at [email protected].

1. Who We Are

Saimek AI is a software company providing AI-powered automation tools for developers and teams. Our product is delivered as a self-hosted and SaaS platform. Our principal place of business is in the United States.

2. What Data We Collect

2.1 Account Information

When you create an account, we collect: name, email address, and password (hashed and salted — never stored in plaintext).

2.2 OAuth-Connected Services

When you connect third-party services, we access data strictly within the scopes you authorize:

  • Gmail (gmail.readonly): Email subject lines, sender/recipient metadata, and body content — read-only. We do not send email on your behalf.
  • Google Drive (drive.file): Only files created by Saimek itself. We do not access your existing Drive files.
  • Google Calendar (if connected): Event titles, times, and attendees for automation and scheduling workflows.

2.3 Financial Data

If you connect a self-hosted Firefly III instance, we access transaction records, account balances, and category data. This data is processed entirely on your self-hosted infrastructure or on Saimek's own servers — it is never transmitted to third-party cloud providers.

2.4 GitHub Integration

If connected, we access GitHub issue titles, descriptions, labels, and comments within repositories you authorize. We do not access private repositories you have not explicitly connected.

2.5 Usage and Analytics Data

We use privacy-focused analytics (configured without cookies) to understand how our product is used. We do not use advertising networks. We do not track you across other websites.

2.6 Technical and Log Data

We collect standard server logs including IP addresses (retained up to 30 days), API request metadata, and error reports.

3. How We Use Your Data

  • Provide the product — run your automation workflows, generate AI-powered outputs, and deliver features
  • Generate embeddings and AI outputs — all AI inference on sensitive data is performed on our own infrastructure using locally-hosted models; no such data is sent to third-party LLM APIs
  • Maintain security — detect abuse, unauthorized access, and service anomalies
  • Communicate with you — transactional messages such as password resets and billing receipts
  • Improve the product — using aggregated, de-identified analytics

We do not use your data for advertising. We do not sell your data to any third party.

4. How We Store and Protect Your Data

Your data is processed and stored on Saimek-controlled infrastructure. We do not route sensitive personal data through third-party cloud AI services. We implement encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, and regular security reviews.

Data Retention

  • Account information: until account deletion, plus 30 days
  • OAuth tokens: until you revoke access or delete your account
  • Email/calendar data: up to 90 days, or until you disconnect
  • Financial data: until you disconnect the integration
  • Server logs: 30 days
  • Analytics data (aggregated): up to 24 months

5. Data Sharing and Disclosure

We do not sell your personal information. We share data only with infrastructure service providers under contractual agreements, when required by law, in the event of business transfers (with notice), or with your explicit consent.

6. Google OAuth and API Services

Our use of data obtained through Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve features the user is actively using
  • We do not transfer Google user data to third parties for advertising
  • We do not allow humans to read your Google user data except with your express permission, for security purposes, or as required by law
  • You may revoke access at any time via Google Account Permissions

7. Your Rights

All Users

You have the right to access, correct, delete your data, disconnect any integration, and export your data. Contact [email protected]. We respond within 30 days.

California Residents (CCPA/CPRA)

California residents have additional rights: right to know, right to delete, right to correct, and right to opt-out of sale (we do not sell personal information). Submit requests to [email protected] with subject "CCPA Request."

European Residents (GDPR)

If located in the EEA, UK, or Switzerland: our legal bases for processing include performance of contract, legitimate interests, and legal obligation. You have rights of access, rectification, erasure, restriction, portability, and objection. We maintain records of processing activities per Art. 30 GDPR. Submit data subject requests to [email protected].

8. Cookies and Tracking

We use only technically necessary cookies for session management. Our analytics are configured in cookieless mode. No tracking pixels, fingerprinting, or advertising cookies are used.

9. Children's Privacy

Our product is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children.

10. Changes to This Policy

We will notify you of material changes by email or prominent notice. Updated policies take effect 30 days after notice.

11. Contact Us

Saimek AI
Email: [email protected]

This Privacy Policy was last updated on February 25, 2026.