1. Data Controller
The data controller responsible for this processing is:
- Legal entity: Sefiani Technologies
- Company number (BCE/KBO): BE1015571192
- Privacy contact: privacy@asksato.ai
2. Scope of This Policy
This policy applies to personal data processed through:
- the Sato marketing website
- the Sato application and onboarding flow
- support, billing, and account operations related to Sato
- third-party integrations and messaging platforms used to interact with the assistant
3. Personal Data We Process
- Account data: name, email, authentication identifiers, and account status.
- Usage data: IP addresses, browser metadata, timestamps, product events, and technical logs needed for security, reliability, and abuse prevention.
- Personalization preferences: assistant name, communication style, use case, and additional context you provide during setup. This data is stored by Sato to configure your assistant.
- Conversation data: prompts, messages, and responses are processed on your dedicated server and sent directly to AI model providers. Sato does not have access to your conversation content.
- Billing data: subscription status, invoices, and payment metadata. Card details are handled by payment providers and are not stored by us.
- Support data: information you share when requesting help.
We apply data minimization and only collect data that is reasonably necessary to operate and secure the service.
4. Why We Process Data and Legal Bases (GDPR Art. 6)
- Contract (Art. 6(1)(b)): to create your account, provide the assistant, process payments, and deliver support.
- Legitimate interests (Art. 6(1)(f)): to secure the service, prevent fraud or abuse, improve reliability, and defend legal claims.
- Legal obligations (Art. 6(1)(c)): for accounting, tax, and compliance duties under applicable law.
- Consent (Art. 6(1)(a)): where legally required, such as for non-essential cookies or specific optional features.
5. How We Share Data
We do not sell personal data. We share data only when necessary with:
- hosting and infrastructure providers
- payment providers
- authentication providers (Google)
- AI/model providers acting under contractual safeguards
- messaging platforms (such as Telegram) that you connect as a chat interface — messages flow through their infrastructure and are subject to their own privacy policies. Sato does not store messaging platform credentials on its servers; they are only present on your dedicated server.
- authorities if legally required
All processors are subject to appropriate contractual and security obligations.
6. International Transfers
When personal data is transferred outside the European Economic Area, we rely on recognized safeguards, such as adequacy decisions or Standard Contractual Clauses, together with supplementary measures where appropriate.
7. Data Retention
We keep personal data only as long as necessary for the purposes above. The following guideline durations apply:
- Account data: retained while your account is active, plus 30 days after account deletion to allow for recovery and complete any pending operations.
- Billing and invoice records: retained for 7 years as required by Belgian accounting law.
- Security logs: retained for up to 12 months, based on risk and necessity.
Actual retention may vary where required by law or legitimate interests. Where feasible, data is deleted, anonymized, or irreversibly aggregated once no longer required.
8. Security Measures
We implement technical and organizational safeguards appropriate to the risk, including access controls, encryption in transit, least privilege practices, and monitoring for abuse or unauthorized access.
No system is perfectly secure. If a personal data breach occurs, we will handle it according to GDPR and applicable Belgian law.
9. Your Rights Under GDPR
Subject to legal conditions, you may request:
- access to your personal data
- rectification of inaccurate data
- erasure (right to be forgotten)
- restriction of processing
- data portability
- objection to processing based on legitimate interests
- withdrawal of consent where processing is consent-based
To exercise your rights, contact us at privacy@asksato.ai.
10. Complaints to the Belgian Supervisory Authority
You have the right to lodge a complaint with the Belgian Data Protection Authority (APD/GBA):
- Website: www.dataprotectionauthority.be
- Email: contact@apd-gba.be
- Address: Drukpersstraat 35, 1000 Brussels, Belgium
- Phone: +32 (0)2 274 48 00
11. Cookies and Similar Technologies
We use necessary cookies and similar technologies to operate the service securely. These include:
- Session and authentication cookies: essential for keeping you signed in and maintaining your session state. These do not require consent as they are strictly necessary for the service to function.
- Non-essential cookies: if we introduce analytics or similar non-essential cookies in the future, they will only be placed after obtaining your consent through a cookie banner or settings mechanism.
12. Automated Decision-Making
Sato uses artificial intelligence to provide its personal assistant features. AI processing — including generating responses, suggestions, and summaries — happens on your dedicated server via third-party model providers, not on Sato's infrastructure. We do not use automated processing, including profiling, to make decisions that produce legal effects or similarly significant effects on you (GDPR Art. 22).
You remain in control of any actions taken as a result of AI responses.
If you have questions about how AI is used to process your data, contact us at privacy@asksato.ai.
13. Children
Sato is not intended for children. If we become aware that personal data has been provided in violation of applicable age requirements, we will take appropriate steps to delete or restrict that data.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. Material updates will be notified by appropriate means. The latest version is always published on this page.