SAIA | Social AI Assistant
Black Logo
TermsPrivacy Policy

SAIA Privacy Policy

Last Updated: June 10, 2025

At SAIA (operated by Moussa Harkous, referred to as SAIA,we, or us), we consider the privacy and security of personal data extremely important . SAIA is a conversational AI automation app that allows businesses to connect their Instagram accounts and automate customer conversations and orders. This Privacy Policy explains how we collect, use, share, and protect personal information in compliance with applicable laws and the requirements of the Apple App Store, Google Play Store, and Facebook (Meta) platform policies. Scope: This Policy covers personal data collected through the SAIA mobile application (the App), the SAIA website (https://saiaagent.com), and related services. It applies to information about the following individuals: (1) our business customers (and their authorized users/representatives) who subscribe to SAIA, and (2) end-users (customers of our business clients) whose messages or orders are processed via SAIA on behalf of those business clients. SAIA processes personal data both for our own purposes and on behalf of our customers as a service provider . In the latter case, we strictly adhere to our customers’ instructions and do not use end-customer data for any purpose other than providing the SAIA service . SAIA is not a consumer social network and does not support open user-to-user communication between private individuals; it facilitates interactions only between a business and its customers via integrated messaging channels. We do not target or knowingly collect data from children under 13, and the Service is not intended for anyone under 18 years of age (see Children’s Privacy below). If you have any questions or concerns about this Policy or our privacy practices, please contact us at moussa@furrbud.com. By using SAIA, you acknowledge that you have read and agreed to this Privacy Policy. We encourage you to read it carefully.

1. How We Collect Personal Data

We collect personal data about you and your end-users from several sources, depending on how you interact with SAIA : Directly from You: We collect information that you provide when you create or update a SAIA account, subscribe to a plan, or communicate with us. This includes information entered during onboarding or in-app settings, support requests, or any forms on our website (e.g. contact forms, demo requests) . For example, you may give us your name, business name, email address, phone number, and preferences when signing up or contacting support. From Integrated Platforms (Facebook/Instagram): When you connect your Meta business accounts (such as Instagram Business or Facebook Pages) to SAIA, we receive information via the Meta APIs. This includes your account ID and profile details and the content of messages or orders that your customers send to you on Instagram or Messenger . For instance, SAIA may pull the business account details you authorize (e.g. page or account ID, page name, profile picture, follower count) as well as messages, chat history, and order details initiated by your end- customers through those platforms. We obtain this data directly from Facebook/Instagram when you link your accounts to SAIA . SAIA uses these messages and interactions only to enable automated responses and order processing on your behalf. Through Automated Means (Usage Data): When you use our App or website, we automatically collect certain technical data about your device and usage of the Service. This includes information such as your device type, operating system version, unique device identifiers, browser type, IP address, and usage logs (e.g. features used, pages viewed, date/time stamps) . For example, we may log when you login to the dashboard, the actions you take in configuring your chatbot, and error reports. We collect this data via cookies or similar technologies and through third-party tools (e.g. Google Firebase Analytics for aggregated usage analytics and Sentry for crash reporting). These tools may automatically receive some device identifiers and technical data to help us understand app performance and fix issues. All analytics data we collect is anonymous or aggregated – SAIA does not use any data for behavioral tracking or targeted advertising purposes, and we do not use advertising cookies on our site. From Payment Platforms: If you purchase a SAIA subscription (e.g. $19.99/month for GPT-3.5 or $49.99/month for GPT-4), the transaction is handled by third-party payment processors (such as Apple App Store or Google Play, or our payment partner if via website). We may receive information confirming your purchase and subscription status (such as the plan you selected, and confirmation that payment was successful) from these platforms . For instance, Apple or Google may share a subscription receipt or transaction ID with us. We do not collect or store your full credit card number or payment account credentials on our servers; any financial details are processed securely by the external platform. We may retain basic billing contact information and the last four digits of a card or a payment token, if needed for record-keeping or customer support . From Communications: If you correspond with us via email, chat, or social media, we will collect the information you provide in those communications. For example, if you email our support, we will collect your email address and the content of your message in order to assist you . Likewise, if you participate in any surveys, give feedback, or join a SAIA online community/forum (if available), we will collect any data you choose to submit. Third-Party Sources: In some cases, we might receive additional information about you from third parties. For example, we could receive confirmation from a payment processor about a subscription, or updated contact details from a partner that helped refer you to our Service . These situations are limited and only occur to support your use of SAIA (e.g., fraud prevention or ensuring our records remain up-to-date). No Collection of Sensitive Data: We do not intentionally collect any sensitive personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, or information about sexual orientation. SAIA also does not ask for or collect any information about minors from our customers. We ask that you and your end-users refrain from sharing sensitive personal data through the Service. If such data is inadvertently transmitted to us (for example, a customer sends health information in a message), we will treat it securely but will not use it for any purpose and will delete it upon awareness.

2. What Types of Personal Data We Process

Depending on your use of SAIA, we process the following categories of personal data: Account and Contact Details: When you sign up as a customer, we collect personal details needed to create and administer your account. This includes your name, email address, login credentials, the name of your business or organization, and any profile information you provide. We also store your Meta account identifiers and connected page/account info (e.g. Instagram account ID, Facebook Page ID, page name) obtained via the integration . Additionally, we may have your phone number, mailing address, or other contact information if you provide it for billing or support. We also record your preferences (such as language, notification settings, chatbot configuration choices) within the App. Business Customer Data (End-User Communications): In providing our Service to you, we process Customer Content on your behalf – primarily the messages and order information that your end- customers send to your connected Instagram/Facebook accounts . This may include text conversations, images or media sent by users, product inquiries, and order details (for example, if an end-customer provides their name, address, and order request via chat). Such content may contain personal data about your customers (like their Instagram username, name, contact info, or order preferences). SAIA stores and processes this content to enable you to respond and fulfill orders automatically. We treat this data as your data – we do not use it for our own purposes beyond operating the Service (see Data Use below), and we handle it in accordance with our agreements with you. Important: If you use SAIA in the European Economic Area (EEA), UK, Switzerland or Brazil, note that you as the business are generally the data controller for your end-customers’ personal data, and SAIA acts as a data processor/service provider on your behalf . We will only process that end-customer data under your instructions and not for any independent purpose. Payment and Subscription Information: To manage subscriptions, we maintain records of your subscription plan, billing frequency, and payment status. If subscriptions are handled via Apple’s App Store or Google Play, we receive limited information from those platforms (such as an anonymous transaction identifier and the subscription tier). If we process payments via an external provider (e.g. Stripe/PayPal for web subscriptions), we may store your billing name, billing address, and partial credit card information (e.g., card type and last four digits) or a payment token . Note: We do not store full payment card numbers or bank account numbers – those are handled by secure payment processors. Financial institutions or app store platforms may also send us confirmation data like successful payment notifications or subscription cancellations, which we keep for our records. Support and Correspondence: If you engage with our support or sales team, or otherwise correspond with SAIA, we will process the content of your communications. This can include emails, support tickets, or chat logs, and any contact information therein (such as your email address or social media handle). For example, if you email us describing an issue, we will store that email and our response. Device and Usage Data: As you interact with our App or website, we collect technical data about your usage. This includes device identifiers (like your device’s unique ID or advertising ID, where applicable), IP address, browser type, operating system, app version, and timestamps of actions . We also collect data on what features you use and for how long, error reports, and performance metrics. For instance, we may log that you used the Order Automation feature at a certain time, or that the app crashed on a specific screen. This information is generally collected through automated logging and analytics tools. It is typically aggregated and does not directly identify you by name – we use it to analyze trends, administer and secure our systems, and improve the user experience (see Data Use below). Cookies and Similar Technologies: When you visit our website, we may use cookies (small text files stored in your browser) or similar technologies to remember your preferences and gather web analytics. However, we do not use any cookies for third-party advertising or cross-site tracking. The cookies used by SAIA are primarily for functional purposes (such as keeping you logged in) and for collecting anonymous analytics about website traffic. You can set your browser to refuse non- essential cookies; however, core functions of the site (like logging into your account) may require them. Summary of Data Not Collected: We do not collect any biometric data, health or medical information, or any sensitive personal data categories as defined by applicable privacy laws. We also do not intentionally collect information about minors. SAIA does not access your device’s contacts, photos, or other personal files unless you explicitly choose to upload something (for example, sending a picture in a chat). We do not support or facilitate user-to-user communications unrelated to the business-customer context, so our app does not have public forums or direct messaging between end-users that would result in additional personal data collection.

3. For Which Purposes We Use Personal Data

We collect and use personal data for the following purposes, in accordance with the allowed legal bases (see Legal Bases section for details): To Operate and Provide the SAIA Service: We use your information to carry out our contract with you and deliver the features of the App. This includes using your account data to authenticate you and log you in, and using the integrated Instagram/Facebook data to fetch messages and send automated responses as per your setup . For example, we process the messages your customers send so that our AI can generate an appropriate automated reply, and then we send that reply back via the Instagram/Messenger API to your customer. We also use your email or in-app contact to send you necessary service communications – such as account confirmations, notices of subscription status, technical alerts, updates, and administrative messages . Additionally, we use personal data to fulfill transactions – for instance, processing your subscription payments and verifying that you have an active plan . To Process Customer Conversations and Orders: A core purpose of SAIA is to handle customer inquiries and orders on behalf of your business. Thus, we use the end-customer message content and order details you receive through Instagram/Facebook strictly to automate those interactions per your instructions . For example, if a customer messages your Instagram account asking to order a product, SAIA’s AI will use the content of that message to generate a reply (such as confirming the order or asking for details) and log the order information for you. We perform this processing as a data processor on your behalf, meaning the data is used only to provide the expected chatbot/automation functionality and for no other independent purpose . We do not mine or profile your end-users for our own marketing; we simply facilitate the conversation between you and your customer through automated means. To Communicate with You (Customer Support and Marketing): We use your contact information (email, etc.) to communicate with you about the Service. This includes responding to your inquiries, providing customer support, and sending you service-related announcements. If you subscribe to our newsletter or if it is otherwise permitted, we may also send you promotional communications about new features, updates, or offers related to SAIA . For example, we might email you tips on using new AI features or inform you of a new integration available. You have the right to opt out of marketing emails at any time, and we will include an unsubscribe link or instructions in such communications. (Note: We do not use third-party advertising networks, so you will not see third-party ads in our app or targeted to you based on data from SAIA.) To Improve and Develop Our Services: We may use usage data, feedback, and aggregated customer content to understand and enhance the performance of SAIA. This means analyzing how users interact with our app and where improvements can be made. For instance, we might review anonymized chat transcripts or error logs to refine our AI models, improve response accuracy, or fix usability issues. Any use of actual conversation content for development or training is done in an anonymized or aggregated manner – we strip out or de-identify personal identifiers before analyzing data for product improvement. This helps us add new features and ensure the AI automation is effective. We also use crash reports and diagnostics to debug and improve app stability. None of this analysis is used to profile individual users or for any automated decisions that would have legal or significant effects on individuals (see Automated Decision-Making below). To Ensure Security and Prevent Fraud: We process personal data as needed to protect the rights, property, or safety of SAIA, our users, and the public . This includes monitoring for suspicious or unauthorized activity in the app, debugging and troubleshooting security issues, and authenticating accounts. For example, we may use IP addresses and device information to detect multiple failed login attempts or to determine if an access token misuse is occurring. If we detect potential fraud or misuse (such as someone attempting to hijack an account or send spam messages through SAIA), we may use relevant account and usage data to investigate and mitigate the issue . We may also use your information to enforce our Terms of Service and other agreements, such as to notify you of a violation or to suspend accounts engaged in prohibited behavior . To Comply with Legal Obligations: We use and retain personal data as necessary to fulfill our obligations under the law . This includes using data for accounting and tax purposes (e.g., maintaining purchase records for financial reporting), complying with lawful requests from authorities, and meeting regulatory requirements (for example, export control or sanctions checks if applicable). If we are required by law to disclose personal data to authorities (e.g., through a subpoena or court order), we will only do so after verifying the legality of the request and within the bounds of applicable data protection laws . We also process certain data to comply with user data deletion requests or privacy rights requests (described below). Other Purposes with Consent: If we ever need to process your personal data for a purpose that is not compatible with the purposes listed above, we will seek your consent. For example, if we wanted to use your testimonial or profile in marketing materials, we would ask for your permission. Where consent is given, you have the right to withdraw it at any time, as described in Your Rights below.

We do not use personal data for automated decision-making that produces legal or similarly significant effects on individuals . In other words, while SAIA uses AI to automate responses, these processes are meant to assist with customer service and sales, and not to make binding decisions about someone’s access to services, creditworthiness, employment, or other serious matters without human involvement. Any profiling or automation we do is solely for the purposes outlined above (like routing inquiries or providing quick replies) and does not negatively affect user rights or freedoms.

4. How We Share Personal Data

We value your privacy and do not sell your personal data to third parties for commercial or advertising purposes . We only share personal data in the ways described in this Privacy Policy, or when you have given us explicit consent to do so. The categories of third parties with whom we may share information are: Service Providers (Processors): We employ trusted third-party companies and individuals to perform services on our behalf that support our App’s functionality and operations . These service providers only receive the personal data necessary for their function and are contractually obligated to use it only for our specified purposes and to protect it. Key service providers for SAIA include: Infrastructure and Hosting: We may use cloud hosting providers (such as Amazon Web Services or Google Cloud) to store and process data on secure servers. Analytics: We use tools like Google Firebase Analytics to collect usage statistics (in anonymous form) to understand how our app is used. These tools may receive device identifiers and usage events , but they do not receive identifiable personal user content. Crash Reporting: We use Sentry (or similar platforms) to collect crash logs and diagnostics when the app encounters errors. Crash reports help us fix bugs and typically include device metadata and error details at the time of the crash (but not the content of your conversations). Payment Processing: When you subscribe via Apple App Store or Google Play, those platforms process your payment and they share confirmation data with us. If we use an external payment gateway (e.g. Stripe or PayPal) for web subscriptions, that provider will handle your payment info and may send us limited billing data. All such payment processors are PCI-DSS compliant and are authorized to use your financial data only for processing your payments . Email and Communications: We may use an email service provider (for example, MailChimp, SendGrid, or similar) to send newsletters or system emails. These providers would have access to your email address and the content of emails we send to you. They may process data like open rates or link clicks to help us gauge engagement. AI Processing: Given SAIA’s use of GPT-3.5/GPT-4 for conversational automation, we integrate with third-party AI model providers (such as OpenAI) to generate responses. This means that when an end-customer sends a message, the content of that message may be securely transmitted to the AI provider’s servers to produce a reply. We only share the minimum data necessary (usually the text of the message and relevant context) and do not provide any more personal information about you or your customer than needed. The AI provider is not allowed to use that data for any purpose other than generating the response, and we have agreements in place to ensure data is handled confidentially. (For example, OpenAI as of 2023 will not use API data to train their models without permission.)

These service providers act under our instructions and are bound to confidentiality. They cannot use your data for their own purposes. We maintain a list of critical sub-processors and update our agreements to comply with privacy requirements . Meta Platforms (Facebook and Instagram): Because SAIA’s core functionality involves integration with Meta’s platforms, we share data with and receive data from Facebook/Instagram as needed to operate the Service . For example, when an automated response is sent to one of your customers, SAIA sends that message content via the Instagram Graph API to deliver it. Similarly, we receive message content and customer profile usernames from Instagram so that we can present it to you in the SAIA dashboard. This data exchange with Meta is governed by Facebook’s platform terms, and we use Meta-provided data only for the purposes of providing the Service to you in accordance with this Policy and Meta’s requirements. We do not share Meta-sourced data with any unauthorized third parties. If you disconnect your Facebook/Instagram accounts from SAIA, we will no longer receive new data from those accounts (see Data Deletion & Disconnection below for how we handle previously received data). Professional Advisors: We may disclose necessary personal information to our professional advisors – such as attorneys, accountants, auditors, or insurers – but only where needed for consulting, legal compliance, or protection of our rights . For instance, if we were audited, we might have to show records (which could include user transaction data) to our auditors. These parties are also bound by confidentiality obligations. Business Transfers: If SAIA (or the underlying company/owner, Moussa Harkous/FurrBud) is involved in a merger, acquisition, sale of assets, or reorganization, your personal data may be transferred to the successor or acquiring entity as part of that transaction . We would ensure the new owner continues to handle your data under terms consistent with this Policy. For example, if SAIA were acquired by another company, the user databases would be transferred so that service could continue, but your data would remain subject to the promises made here. We will notify you (for example, via email or notice on our site) of any such change in ownership or control of your personal information. Legal Compliance and Protection: We may disclose personal data when required by law, or when we believe in good faith that such disclosure is necessary to comply with legal obligations or respond to valid legal process . This can include responding to subpoenas, court orders, or lawful requests by government authorities for data. We also may share information as necessary to enforce our terms and policies, to investigate or stop illegal or harmful activities (such as fraud or security threats), or to protect the safety, rights, and property of our users, the public, or SAIA . For example, if required by law enforcement regarding an investigation, we might provide logs or account information as mandated. We will ensure any disclosure is limited to what is lawfully required. Affiliates: If we ever establish any parent companies, subsidiaries, or other affiliates, we may share your information within that corporate family in alignment with this Policy . Currently, SAIA is operated by a single owner, but should that change, all affiliated entities accessing your data would abide by the same privacy safeguards.

Aside from the scenarios above, we will not release your personal information to any outside parties. We do not sell, rent, or trade your personal data to advertisers or other third parties. We may share aggregated, anonymized information (that cannot be linked back to an individual) publicly or with partners – for example, publishing trends or usage statistics – but this data contains no personal details. In all cases where we share data with service providers or others, we remain accountable for the protection of your information under privacy laws.

5. Your Data Protection Rights & Choices

You have rights and choices regarding your personal data. We strive to honor all applicable data protection rights for users around the world. These rights may vary depending on your jurisdiction (for example, EEA, UK, Brazil, California, etc.), but we extend many core rights universally. Subject to applicable law, your rights include: Access and Portability: You have the right to request a copy of the personal data we hold about you, and to receive it in a commonly used electronic format . This allows you to review the information and even transfer it to another service. For example, you can request that we provide you with the data you provided to us (such as your account details and message logs) in a machine- readable format. Rectification (Correction): If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct or update it . For instance, if you change your email address or notice an error in your profile information, you can contact us to fix it. In many cases, you can directly make changes by logging into your SAIA account and editing your profile or settings. Deletion (Right to Be Forgotten): You have the right to request that we delete your personal data . This includes information in your account and any content/data we have collected from you. If you wish to delete your SAIA account entirely, you can initiate this through the App (if a self-service deletion option is provided) or by contacting us at moussa@furrbud.com. Upon verification of your request, we will permanently delete or anonymize your personal data (unless we are required to keep it for legal reasons) . Do note that deleting your account will typically erase all your chatbot configurations, message logs, and other data associated with SAIA. (We describe the deletion process for Facebook/Instagram-related data in a dedicated section below as well.) Withdrawal of Consent: If we rely on your consent to process any personal data (for example, for sending marketing emails or for optional features), you have the right to withdraw that consent at any time . Withdrawing consent will not affect the lawfulness of any processing we already performed, but it will stop the future processing of the data for which consent was withdrawn. For instance, you can unsubscribe from marketing emails via the link provided in those emails, or adjust your settings if you consented to a feature and later change your mind. Objection to Processing: If you are in jurisdictions like the European Economic Area (EEA), UK, Switzerland, or Brazil, you have the right to object to certain processing of your personal data . In particular, you can object to processing that is based on our legitimate interests (such as certain analytics or marketing uses) if you believe it impacts your rights. You can also object to any direct marketing – for example, you may request that we stop sending you newsletters (which you can also do by withdrawing consent or unsubscribing). If you raise an objection, we will review it and stop or adjust processing unless we have compelling legitimate grounds to continue or if it is needed for legal reasons. Restriction of Processing: In certain circumstances, you have the right to request that we restrict or pause the processing of your personal data . For example, if you contest the accuracy of data we hold, you can request we restrict processing while we verify or correct the data. Or if you have objected to processing (as above), you can ask us to hold off on further processing while we consider your objection. Data Portability: Where applicable (EEA/UK/Brazil), you have the right to portability – meaning you can ask to receive the personal data that you have provided to us in a structured, commonly used format, or ask that we transmit it directly to another controller when technically feasible . This mostly applies to data we process by automated means under your consent or our contract (such as your account info and content you’ve input). Information on International Transfers: You have the right to inquire about the safeguards we use for transferring your data outside of your home country. We will provide information on the countries to which we may transfer data and the protective measures in place (such as Standard Contractual Clauses), as described in International Data Transfers below . Right to Non-Discrimination: If you exercise any of your privacy rights, we will not discriminate against you. This means we will not deny you the Service, provide a different level of service, or charge you a different price just because you exercised your rights. (However, note that deleting certain data or restricting processing might affect our ability to continue providing the Service in some cases – for instance, if you ask us to delete all your data, we may not be able to continue your subscription without the data needed to perform the service.) Right to Complain: If you have concerns about how we handle your data, we encourage you to contact us so we can address them. However, you also have the right to lodge a complaint with a supervisory data protection authority. If you are in the EEA, you can contact the data protection authority in your country of residence (a list of authorities is available ). If you are in Brazil, you can contact the National Data Protection Authority (ANPD). If in the UK, you can contact the Information Commissioner’s Office (ICO). We will cooperate fully with any such inquiries. To exercise any of these rights, please contact us at moussa@furrbud.com with your request. We may need to verify your identity to process certain requests (for example, by confirming control of your account email) to ensure we don’t disclose or delete data to the wrong person . We will respond to your request within the timeframe required by law – typically within 30 days, and no later than 45 days (this may be extended if permitted, but we will inform you of any extension). There is no fee for making such requests, though repetitive or unfounded requests may be declined or may incur a fee as allowed by law. Authorized Agents: If you are a California resident, you may designate an authorized agent to make requests on your behalf. We will take steps to verify that the person is authorized to act for you, which may include requesting written permission and confirming your identity directly . California consumers can learn more about this in the next section.

6. For California Residents

If you are a resident of California, you are protected by specific privacy rights under California law, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These laws provide (among other things) the right to receive notice of our data practices and the rights to know about, delete, or opt-out of certain data uses. In this section, we provide additional information for California residents, as required by law: Categories of Personal Information Collected: In the past 12 months, we have collected the following categories of personal information (as defined by California law): identifiers (such as name, email, account ID), customer records information (billing address if provided), commercial information (subscription plans, transaction history), internet or electronic activity (interaction with our App/website, IP address, device info), and in some cases audio/visual information (if any communication contains such media). We collect these categories from the sources and for the purposes described in Sections 1-3 of this Policy (e.g., directly from you, from your use of the Service, and from integrated platforms). We do not collect sensitive personal information as defined under California law (e.g., we do not collect social security numbers, driver’s license numbers, precise geolocation, biometric data, or health data). Disclosure of Personal Information: We do not sell personal information to third parties for monetary consideration. We also do not share personal information for cross-context behavioral advertising – meaning we don’t provide your data to third parties for targeted advertising purposes. In the last 12 months, we have disclosed certain categories of personal information to service providers for business purposes (as detailed in Section 4 above). For example, we share identifiers with our email delivery provider to send you emails, and we share internet/usage information with analytics providers to improve our service. We may also disclose information if required by law or as part of an acquisition, as described in Section 4. These disclosures are business purposes and not sales. We have not sold or shared (for behavioral advertising) any personal information of California residents, including not selling any data of minors under 16 years of age . California Privacy Rights: As a California resident, you have the following rights regarding your personal information (in addition to the rights outlined in Section 5): Right to Know: You have the right to request that we disclose to you (a) the categories of personal information we have collected about you in the last 12 months, (b) the categories of sources from which the personal information was collected, (c) the business or commercial purpose for collecting (or, if applicable, selling or sharing) your personal information, (d) the categories of third parties with whom we disclose personal information, and (e) the specific pieces of personal information we have collected about you . You may also request to know if we have sold or shared your personal information. However, as noted, SAIA does not sell personal data, and we do not share it for targeted advertising, so there are no such recipients to disclose. Right to Delete: You have the right to request deletion of personal information we have collected from you and retained, subject to certain exceptions . Upon receiving a verified deletion request, we will delete (and instruct our service providers to delete) your personal information from our records, unless an exception applies (for example, if we need to retain certain data to complete a transaction you requested, to detect security incidents, to comply with a legal obligation, etc.) . If an exception applies, we will inform you in our response.

Right to Correct: Effective January 2023 under the CPRA, California residents have the right to request correction of inaccurate personal information maintained by us. If you believe any information we have is incorrect, please let us know and upon verification we will correct it as required. Right to Opt-Out of Sale/Sharing: As explained above, we do not sell or share your personal information as those terms are defined under California law. If in the future we were to engage in any activity deemed a sale or sharing of personal data, we would provide a means for you to opt out (e.g., a Do Not Sell or Share My Personal Information link). Since we don’t do this, we do not offer such an opt-out and you are by default opted-out. Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your California privacy rights . We will not deny you our services or provide a different quality of service because you exercised your rights under CCPA/CPRA. However, please note that if the exercise of your rights limits our ability to process personal information (for example, a request to delete your account data), we may not be able to continue providing you the Service. We will inform you if such a situation arises. Authorized Agent: You may designate an authorized agent to make a request on your behalf (as described in Section 5). If you use an authorized agent, we may require proof of the authorization and verification of your identity directly, as permitted by law . Exercising Your California Rights: To exercise your California privacy rights, you (or your authorized agent) may submit a request to us by email at moussa@furrbud.com. Please indicate that you are a California resident making a CCPA/CPRA Request and specify which right you seek to exercise (Access/Know, Delete, Correct, etc.). We will respond to verifiable requests as described in Section 5 (usually within 45 days). For requests to know or delete, we will take steps to verify your identity to a reasonable degree of certainty or high degree of certainty depending on the sensitivity of the information requested, as required by law . This may involve asking you to confirm information we have on file (like details of your last transaction or your account details). Any information gathered in this verification process will be used only for verification. If we cannot fulfill your request, we will provide an explanation. Additionally, California’s Shine the Light law (Civil Code § 1798.83) allows customers to request certain details about what personal information we share with third parties for those third parties’ direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing without consent. Therefore, we do not maintain such lists and typically will not have information responsive to such a request. Nonetheless, California residents may request further information about our compliance with this law by contacting us at the email above.

7. Children’s Privacy

SAIA is not intended for use by children. We do not knowingly collect or solicit personal data from anyone under the age of 13. Children under 13 are not permitted to use the SAIA Service. Moreover, as a business- oriented service, we require that all users of our platform (business account holders) are at least 18 years old (or the age of majority in your jurisdiction) . We encourage parents and guardians to supervise their children’s online activities and to keep their children’s information safe.

If you are under 18, you should not register for SAIA or provide us with any personal information. In the event that we learn we have collected personal data from a child under 13 (or under 16 in certain jurisdictions where applicable) without verifiable parental consent, we will promptly delete that information from our records . If you are a parent or guardian and you believe that we might have any information from or about a child, please contact us immediately at moussa@furrbud.com so that we can take appropriate action. Additionally, we do not sell personal data of our users, including minors between 13 and 18 years of age . Although our service is not intended for anyone under 18, if a teenager between 13 and 17 were to interact with a SAIA-powered chat (for example, as an end-customer on Instagram), their data would only be used to facilitate the service and not for any commercial sale or marketing. We treat all users’ data with care and in accordance with this Policy regardless of age.

8. Data Security

Safeguarding Your Information: We take reasonable and appropriate measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction . We implement industry- standard security practices, including encryption in transit (e.g., using HTTPS for all data exchange) and encryption at rest for sensitive data. Our databases are secured with access controls, and we limit access to personal data to personnel and contractors who need it to operate or develop our Service, all of whom are bound by confidentiality obligations. We maintain firewalls and monitoring to protect our infrastructure, and regularly update our software and protocols to address security vulnerabilities. Passwords and authentication tokens are stored in hashed or encrypted form; we do not store plaintext credentials. We also employ measures like network segmentation and anonymization/pseudonymization of data where feasible to reduce risk. For example, our chatbot logs may substitute user identifiers with random IDs internally to avoid exposing actual Instagram usernames unnecessarily. Payment Data Security: For subscription transactions, we rely on PCI-compliant third-party payment processors (Apple, Google, Stripe, etc.), as noted. These providers use robust security measures to protect your financial information during transactions and afterwards . We do not directly handle full credit card data, which adds a layer of protection for your payment info. Despite our efforts, no security measure is perfect. We cannot guarantee that data transmission or storage is 100% secure. The internet by its nature carries inherent security risks, and we cannot promise that unauthorized parties will never be able to defeat our safeguards (for example, by intercepting data or hacking) . However, we continuously evaluate and upgrade our security practices to mitigate such risks. In the unfortunate event of a security breach that affects your personal data, we will notify you and the relevant authorities as required by law, and we will take prompt action to remediate the issue . User Responsibilities: To help keep your data secure, we encourage you to use a strong, unique password for your SAIA account and to keep your login credentials confidential. Immediately notify us if you suspect any unauthorized access to your account. We also advise that you properly secure your own devices and networks that you use to access SAIA.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, or as required by law. In general, this means: Account Data: We keep your account information, configuration, and content for as long as you have an active subscription or account with us. All personal data will be retained and processed until you terminate your use of SAIA (for example, by deleting your account or canceling your subscription) or explicitly request deletion of your data . If you end your relationship with SAIA, we will delete or anonymize your personal data in accordance with our standard procedures, subject to any retention requirements described below. End-Customer Messages: Messages and chat logs processed through SAIA on your behalf are retained to allow you to view conversation history and for the Service’s functionality. If you or your customer deletes a conversation on the Instagram/Facebook side, it may not automatically delete from SAIA’s logs. However, if you delete your SAIA account or request removal of conversation data, we will erase those logs from our system (unless legally required to retain). We may also implement periodic clean-up of older messages if they are no longer needed for service (if specified in our data retention settings or your plan). Analytics and Logs: General usage logs and analytics data are typically retained for a shorter period (e.g., 90 days to 1 year) for the purpose of trend analysis and security. We might keep server logs (which may include IP addresses and usage timestamps) for a few months, and aggregated analytics indefinitely (since those do not identify individuals). If such logs are stored by third-party services (like Firebase), we configure retention periods according to necessity and compliance (for example, truncating IP addresses or auto-deleting old data if possible). Legal Requirements: We may retain certain information for a longer period if necessary to comply with legal obligations or to resolve disputes. For instance, we might retain invoice records and payment history for accounting and tax purposes for the period required by tax law (often 7 years). If there is an ongoing dispute or legal claim, we will retain information relevant to that issue until it is resolved. Additionally, if required by applicable law, we may retain basic data about an account deletion (such as email and date of deletion) to fulfill record-keeping requirements or to honor opt- out requests. Brazilian Law Data Logs: If you are located in Brazil, note that we comply with the Brazilian Internet Act (Marco Civil da Internet, Law 12.965/2014) which requires that we store application access logs for a minimum of 6 months . This means basic logs of your access to our service (like IP address and time of use) will be kept for at least six months as mandated by Brazilian law. Once the retention period expires or the purpose is fulfilled, we will either securely delete your personal data or anonymize it so it can no longer be associated with you. For example, we may aggregate or randomize data so it can be used for statistical purposes without identifying you personally. Please note that if you delete content or instruct us to delete personal data, removal from our active databases will occur promptly, but it may take additional time for backups to be purged. We maintain backups for disaster recovery, which are cycled and eventually overwritten; even in backups, we ensure data is protected until deletion.

10. International Data Transfers

SAIA is a global service, and the personal data we collect may be transferred to and stored on servers in countries other than your own. In particular, if you are outside of Lebanon (where SAIA’s operator is based) or outside of the United States (where some of our service providers may operate), be aware that your data may be processed in the United States, Europe, or other jurisdictions where we or our service providers maintain facilities . For example, if you are in the EEA, your data will likely be transferred to the U.S. because we use US-based cloud infrastructure and service providers. Data Protection & Safeguards: We understand that different countries may have different data protection laws. When we transfer personal data internationally, we take steps to ensure an adequate level of protection for your data as required by applicable law . These measures include: - EU/UK Standard Contractual Clauses: For transfers from the EEA, UK, or Switzerland to countries not deemed adequate by those jurisdictions (such as the U.S.), we use approved Standard Contractual Clauses (SCCs) as part of our contracts with service providers . These SCCs are legal commitments that bind the recipient of the data to protect it in line with EU privacy standards. - Data Processing Agreements: We have Data Processing Addendums/Agreements in place with our processors that include provisions to safeguard data transfers, confidentiality, and security. - Privacy Frameworks: Where applicable, we may rely on internationally recognized frameworks. (For instance, our company would consider compliance with the EU-U.S. Data Privacy Framework once fully operational, or similar frameworks for UK/Swiss transfers, to the extent applicable, to supplement protections ). - Technical Measures: We employ encryption and other technical measures so that data remains protected even during transit across borders. - Assessment and Oversight: We periodically review the privacy practices of our third-party processors. If needed, we will implement additional safeguards or cease transferring data if we cannot ensure adequate protection. By using SAIA, you acknowledge that your information may be transferred to our facilities and those of our service providers in other countries. We will always handle your personal data in accordance with this Policy, regardless of where it is processed. If you would like more information about international transfers or the safeguards in place, you can contact us as provided in the Contact Us section.

11. Legal Bases for Processing (EEA, UK, Brazil)

If you are an individual in the European Economic Area (EEA), United Kingdom, Switzerland, or Brazil, we are required to inform you of the legal bases for our processing of your personal data under the General Data Protection Regulation (GDPR), UK GDPR, or Lei Geral de Proteção de Dados (LGPD), respectively. We generally rely on the following legal justifications: Performance of a Contract: Most of our data processing is justified by the fact that it is necessary to provide the Service you requested – essentially, to perform our contract with you . When you sign up for SAIA, there is a contract (the Terms of Service) between you and us, and we must process your data to fulfill that contract. For example, using your account information to log you in, processing your customers’ messages to provide chatbot responses, and handling payments all fall under contractual necessity (GDPR Art. 6(1)(b); LGPD Art. 7, item V).

Legitimate Interests: In some cases, we process personal data on the basis of our legitimate interests (balanced against your rights and freedoms) . This includes: Communicating with you about product updates or similar services (if not already covered by contract or consent). Analyzing and improving the Service, and preventing fraud or abuse (we have a legitimate interest in ensuring our platform is secure and effective). Conducting limited marketing or business development activities with existing customers (for example, sending offers about related services, where permitted by law). Compliance and safety activities – such as securing our app, enforcing our terms, and protecting against illegal activities . When we rely on legitimate interests, we ensure that our interests are not outweighed by your privacy rights. You have the right to object to processing based on legitimate interests (see Your Rights above). (Legal reference: GDPR Art. 6(1)(f); LGPD Art. 7, item IX). Consent: We rely on your consent in situations where we ask for it explicitly and no other legal basis applies. For example, if we want to send marketing emails to a new user who is not yet a customer, we might ask for consent. Also, for certain non-essential cookies or similar technologies on our website, we would use consent where required by law . If we process any sensitive personal data (which we generally do not seek to do), we would obtain your consent or ensure another specific lawful basis under GDPR/LGPD applies. You have the right to withdraw consent at any time (which will not affect processing already done but will stop future processing of the data in question). Legal Obligation: When processing is necessary to comply with a legal obligation, we will do so under that basis. For instance, retaining transaction records for tax law, or disclosing data as required by a court order, would fall under legal obligation (GDPR Art. 6(1)(c); LGPD Art. 7, item II). Similarly, under LGPD, we might process data to protect credit (Art. 7, item X) or for the regular exercise of rights in judicial or administrative proceedings (Art. 7, item VI) if those situations arise. In Brazil, LGPD also permits processing for the protection of health or under the legitimate interest of the controller (similar to GDPR’s concepts). We ensure that any processing of Brazilian users’ data is done under one of the authorized bases of LGPD Article 7. For instance, most data processing for Brazilian users will be under contract (Art. 7, V) and legitimate interests (Art. 7, IX), as described above . If we ask you to provide personal data to comply with a legal requirement or for a contract, we will let you know if the request is mandatory and what the possible consequences are if you decline . For example, we might need certain data to comply with KYC (know-your-customer) regulations; if you do not provide it, we may not be able to offer the Service to you. We will also clarify at the time if we rely on legitimate interests for some processing, and what those interests are . If you have questions about the legal basis of any specific processing or need further information, please contact us. We are happy to explain how our activities comply with GDPR, UK law, and LGPD.

12. Data Deletion & Disconnection (Facebook/Instagram Users)

If you have connected SAIA to your Facebook or Instagram account, you have control over that integration and the data shared through it. Meta’s policies require that we provide a clear method for you to disconnect the integration and request deletion of data obtained from Facebook/Instagram. We have outlined those steps below: How to Disconnect SAIA from Facebook/Instagram: You can revoke SAIA’s access to your Facebook or Instagram account at any time via your account settings on those platforms. Here’s how: On Facebook (for Instagram Business integrations): Log into your Facebook account that is an admin of the Facebook Page or Instagram Business account connected to SAIA. Navigate to Settings & Privacy / Settings. In the left sidebar, find and click Security and Login (for personal accounts) or Business Integrations (for business accounts). Look for Apps and Websites or SAIA in the list of connected integrations . Select SAIA and choose Remove. Confirm any prompts to remove permissions. This will disconnect SAIA from both your Facebook Page and associated Instagram account. On Instagram (mobile app): If applicable, you can also open the Instagram app, go to Settings / Security / Apps and Websites, and find SAIA under Active integrations. Tap Remove to revoke Instagram’s access. (Note: Removing via Facebook settings as described above achieves the same effect since Instagram Business integration is managed through Facebook.) Once you remove SAIA’s integration, SAIA will no longer be able to access your Meta account data or receive new messages from your customers. This revocation of permissions is immediate on Facebook/ Instagram’s side. Requesting Data Deletion: Removing the app’s access does not automatically erase the data that SAIA previously collected while it was connected. If you wish to have your data deleted from SAIA’s servers, you (as the business account holder) or an end-user whose data was processed can request deletion as follows: - Business Users: If you are a business who connected your accounts, you can simply delete your SAIA account as described in Section 5 – Deletion or contact us at moussa@furrbud.com to request deletion of all data obtained through the Facebook/Instagram integration. We will then permanently delete conversation logs, account IDs, and any other personal data retrieved through the integration (unless retention is required by law). For example, we will delete all stored messages that were synced from your Instagram DMs. - End-Customers: If you are an individual who interacted with a SAIA-powered business on Instagram or Messenger and you wish to request deletion of your data, you should ideally contact the business you interacted with (as they are the data controller for your messages). However, you may also contact us at moussa@furrbud.com with the details of your interaction (e.g., the Instagram handle of the business and approximate date of conversation). We will coordinate with our business customer to delete any relevant personal data of yours that we hold, in line with Facebook’s data deletion requirements. We strive to honor deletion requests promptly. Once verified and processed, deleted data is removed from our active databases immediately and from backups within a reasonable period. Keep in mind that after deletion, the functionality related to that data (e.g., viewing past chat history in SAIA) will no longer be available.

By following the steps above or contacting us, you ensure that SAIA no longer has access to your Meta account data and that previously stored data can be erased. These measures empower you to have full control over your data in compliance with Facebook’s Platform rules . If you encounter any difficulty in the removal process, please contact us and we will assist you in revoking access and deleting data as required. We are committed to complying with the Facebook Platform terms and protecting user data obtained through the Instagram/Facebook integration.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons . If we make material changes, we will notify you by appropriate means – for example, by posting the updated policy on our website and updating the Last Updated date at the top, and/or by sending a notice through our Service or via email if you have provided one. We encourage you to review this Policy periodically to stay informed about how we are protecting your information. If required by applicable law, we will seek your explicit consent to any significant changes that broaden the scope of how we handle personal data. Minor changes (such as clarifications) will be effective when posted. In any case, if you continue to use SAIA after a new Privacy Policy takes effect, you will be deemed to have accepted the updated terms, to the extent permitted by law.

14. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Moussa Harkous (SAIA operator) Email: moussa@furrbud.com Website: SAIA Official Website We will be happy to answer your questions or address any issues you may have. If you need to exercise your data subject rights, please see Section 5 and Section 6 for instructions. Thank you for trusting SAIA with your business’s automation needs. We are committed to protecting your privacy and using your data responsibly in accordance with this Policy.