Last updated: 2026-04-26

Privacy Policy

This Policy explains what Sanor (https://app.sanor.ai) collects, why, and what choices you have. We are the data controller for personal data processed about you.

1. Data we collect

• Account data: email, OAuth identifiers, hashed verification codes, sign-in timestamps.
• Content: the prompts, files, audio, URLs, and images you submit; debate transcripts and generated answers; chat metadata (titles, pins).
• Billing: Lemon Squeezy customer id, subscription status, plan tier, last 4 of card via Lemon Squeezy. We do not store full card numbers.
• Technical: IP, user-agent, timestamps, error reports (Sentry), product analytics (PostHog), cookies set by Crisp chat (only if you open it).

2. Why we process it

• To provide the Service (contractual necessity).
• To bill, prevent fraud, and meet tax obligations (legal obligation, legitimate interest).
• To debug, secure, and improve the Service (legitimate interest).
• To send transactional emails (contract); marketing email only with your consent.

3. Sub-processors

We share the minimum data necessary with:

• OpenAI, Anthropic, Google, xAI, DeepSeek — your prompts and uploads, to generate answers.
• Tavily — search queries, when web search is on.
• OpenAI Whisper — uploaded audio for transcription.
• Lemon Squeezy — billing.
• Resend — transactional email.
• Sentry, PostHog, Crisp — error tracking, analytics, and support chat.
• Railway — application and database hosting.

4. Retention

We keep account and content data while your account is active. On account deletion, we delete personal data within 30 days, except where retained for legal, accounting, or security reasons (typically up to 7 years for invoices).

5. Your rights (GDPR/UK GDPR)

You have the right to access, correct, export, and delete your personal data, to object or restrict processing, and to lodge a complaint with your supervisory authority. Use Settings → Delete account, or email support@sanor.app.

6. International transfers

Some of our sub-processors are based outside the EEA (mainly the US). Where required, transfers rely on Standard Contractual Clauses or equivalent safeguards.

7. Cookies

We use strictly-necessary cookies (auth session). Analytics (PostHog) and chat (Crisp) cookies are loaded only after you accept the cookie banner. You can change your choice anytime — see Cookies.

8. Security

Data is encrypted in transit (TLS) and at rest at our hosting providers. We follow least-privilege access. We will notify affected users of any qualifying personal-data breach without undue delay.

9. Children

The Service is not directed to children under the age of digital consent in your country (16 in most of the EU). We do not knowingly collect their data.

10. Changes

We will post material changes here and notify by email where required.

11. Contact

Privacy questions: support@sanor.app.