sabzy.ai
Back to Sabzy
[ 04 · Privacy ]

Privacy policy

The short version: your data is yours. We collect the bare minimum to make Sabzy work and never sell it. Read on for the full breakdown.

Effective date: February 2026

1. Who we are

"Sabzy AI" (we, us, our) operates the websites sabzy.ai and sabzy.in and the chat application accessible there. Reach us at support@sabzy.in.

2. What we collect

  • Email address — required for passwordless sign-in.
  • One-time codes (OTPs) — temporary, expire in 10 minutes.
  • IP + coarse geo (country / city) — for fraud prevention and basic analytics.
  • Your messages and uploads — to send to the model and show you the reply.
  • Conversation history + memory profile — stored on our servers so you have continuity across sessions. You can wipe it any time.
  • Promo redemption history — to enforce one-time / capped use.

3. What we don't collect

  • We don't collect passwords (sign-in is passwordless).
  • We don't collect cards. (No paid tier at launch.)
  • We don't use third-party advertising trackers, fingerprinting, or session replay.

4. How we use the data

  • To run the service — authenticate you, send your prompt to the model, return the reply.
  • To make Sabzy feel like it remembers you (memory profile, cross-session context).
  • To prevent abuse (rate limiting, anomaly detection on IP / geo).
  • To answer your support emails.

5. Who we share data with

  • Anthropic — your prompt is sent to Claude (Haiku / Sonnet / Opus) so the model can reply. Anthropic processes inputs as a data processor under their terms.
  • Tavily — when you trigger web search, your query (only the query) is sent to Tavily.
  • AgentMail — to deliver your sign-in code to your inbox.
  • MongoDB Atlas (or equivalent) — encrypted storage of your account, messages and memory.

We don't sell your data. We don't train public models on your data.

6. Retention

We keep your account, chats and memory profile until you ask us to delete them. Email us from the address you signed up with and we'll purge within 24 hours. OTPs and contact-form messages are kept for 30 days then deleted automatically.

7. Your rights

You can request access, correction, export or deletion of your data at any time. Email support@sabzy.in. Users in the EU/UK can also lodge a complaint with their national data protection authority.

8. Security

Passwords aren't used. Sign-in is gated by short-lived OTPs. Data in transit is HTTPS / TLS only. Tokens are signed (JWT HS256) and expire in 30 days. We patch dependencies regularly. No system is perfect — please report security issues to support@sabzy.in.

9. Changes to this policy

We may update this policy. Material changes will be flagged in-app and via email to active users.