SayIt!

Effective Date: 10/29/2025
Version: 2.0

1. Introduction

Welcome to SayIt! ("we," "our," or "us"). SayIt! is an AI-powered augmentative and alternative communication (AAC) application designed to help users express their thoughts, feelings, needs, and wants more effectively.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services (collectively, the "Service"). Please read this Privacy Policy carefully.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

Email address: Used for account creation and communication
Name: Used for account personalization (optional)
Authentication credentials: Managed securely by Clerk
Payment information: Processed by Stripe (we do not store payment card details)

2.2 User-Generated Content

Phrases and boards: Content you create and save in the application
Typing sessions: Shared typing sessions (when you use the sharing feature)
User preferences: Text size, voice settings, and other customizations

2.3 Usage Data

Application usage: Features used, pages visited, interaction patterns
Device information: Browser type, operating system, device type (for PWA functionality)
Performance data: Error logs, load times, service health metrics

2.4 AI Interaction Data

Prompts sent to AI services: Text you submit for phrase generation or "Flesh Out" features
Generated content: AI-generated suggestions and expanded text
Text-to-speech requests: Text submitted for voice synthesis

2.5 Local Storage

Browser local storage: Font size preferences, UI state, typing area visibility
PWA cache: Application resources for offline functionality
Session cookies: Authentication and session management

3. Third-Party Service Providers

We use the following third-party services to provide and improve our Service. Each service has its own privacy policy governing how they handle your data:

3.1 Clerk (Authentication & Billing)

Purpose: User authentication, account management, and subscription billing
Data processed: Email, name, authentication credentials, subscription status
Privacy policy: https://clerk.com/privacy
Location: United States

3.2 Convex (Database & Real-time Sync)

Purpose: Store and sync user data, phrases, boards, and typing sessions
Data processed: User profiles, phrases, boards, typing session content
Privacy policy: https://convex.dev/privacy
Location: United States

3.3 Stripe (Payment Processing)

Purpose: Process subscription payments (integrated via Clerk Billing)
Data processed: Payment information, billing address, transaction history
Privacy policy: https://stripe.com/privacy
Compliance: PCI DSS Level 1 certified
Note: We do not store payment card details; they are handled entirely by Stripe

3.4 DeepInfra (AI Processing)

Purpose: Power AI features including phrase generation and "Flesh Out" functionality
Data processed: Text prompts you submit for AI processing, generated responses
Privacy policy: https://deepinfra.com/privacy
Data retention: Requests are processed in real-time and not stored long-term

3.5 ElevenLabs (Text-to-Speech)

Purpose: Provide high-quality voice synthesis for text-to-speech
Data processed: Text submitted for speech synthesis
Privacy policy: https://elevenlabs.io/privacy
Data retention: Real-time processing only, audio not stored
Fallback: If ElevenLabs is unavailable, we use your browser's built-in Web Speech API

3.6 Vercel (Hosting)

Purpose: Application hosting and content delivery
Data processed: HTTP request logs, performance metrics
Privacy policy: https://vercel.com/legal/privacy-policy
Location: Global CDN

4. How We Use Your Information

We use the collected information for the following purposes:

Provide the Service: Create and manage your account, store your data, enable features
Process payments: Handle subscription billing and payment processing
AI features: Generate phrase suggestions and expand text using AI
Text-to-speech: Convert text to spoken audio
Improve the Service: Analyze usage patterns, fix bugs, develop new features
Communicate: Send service updates, respond to support requests
Security: Detect and prevent fraud, abuse, and security issues
Legal compliance: Comply with applicable laws and regulations

5. Data Retention

Account data: Retained until you delete your account
Phrases and boards: Retained until you manually delete them
Typing sessions: Shared sessions expire after 24 hours of inactivity
AI processing data: Not retained after response generation (processed in real-time)
TTS audio: Not stored (generated in real-time)
Payment records: Retained per Stripe's requirements (up to 7 years for legal compliance)
Local storage: Stored on your device until you clear it

6. Special Features

6.1 Typing Share

The Typing Share feature allows you to create shareable links for live typing sessions:

Anyone with the link can view your typing session in real-time
Sessions expire 24 hours after the last activity
You control when sharing starts and stops
Share links at your own discretion and understand the privacy implications

6.2 Progressive Web App (PWA)

SayIt! can be installed as a PWA for offline access:

Application resources are cached locally on your device
Your data syncs with our servers when you're online
Some features require an internet connection (AI, TTS, account sync)

6.3 AI-Powered Features

By using AI features ("Flesh Out," phrase generation), you acknowledge:

Your prompts are sent to DeepInfra for processing
Generated content is based on AI models and may vary
You consent to AI processing when using these features
We do not use your prompts to train AI models

7. Your Rights and Choices

7.1 Access and Control

Access your data: View your profile, phrases, and boards within the application
Update information: Edit your profile and preferences in account settings
Delete content: Delete individual phrases and boards at any time
Delete account: Request account deletion via your Clerk user profile (permanently deletes all data)

7.2 Communication Preferences

You can manage email preferences through Clerk account settings
We only send service-related communications (no marketing emails)

7.3 Feature Control

TTS service: Choose between ElevenLabs or browser Web Speech API
AI features: Optional features you can choose to use or not use
Sharing: Complete control over when and what you share

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption: Data transmitted over HTTPS, stored encrypted at rest
Access controls: Limited employee access to user data
Authentication: Secure authentication via Clerk
PCI compliance: Payment processing meets PCI DSS standards via Stripe
Regular updates: Security patches and updates applied promptly

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

Our Service and third-party providers primarily operate in the United States. By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

We ensure that all data transfers comply with applicable data protection laws, including GDPR requirements for EU users.

10. Children's Privacy

Our Service does not specifically target children under 13. We do not knowingly collect personally identifiable information from children under 13 without parental consent.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.

11. Your Privacy Rights

11.1 GDPR Rights (EU Users)

If you are located in the European Economic Area, you have the following rights:

Right to access: Request a copy of your personal data
Right to rectification: Correct inaccurate data
Right to erasure: Request deletion of your data
Right to restriction: Limit how we use your data
Right to data portability: Receive your data in a portable format
Right to object: Object to certain data processing

11.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights:

Right to know: What personal information we collect and how it's used
Right to delete: Request deletion of your personal information
Right to opt-out: Opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination: Not be discriminated against for exercising your rights

To exercise any of these rights, please contact us at enaboapps@gmail.com.

12. Cookies and Tracking

We use cookies and similar tracking technologies for:

Authentication cookies: Maintain your logged-in session (via Clerk)
Preference cookies: Remember your settings and preferences
Essential cookies: Required for the Service to function properly

We do not use advertising or tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent the Service from functioning properly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make changes, we will:

Update the "Effective Date" at the top of this policy
Notify you via email for material changes (if you have an account)
Post a notice in the application

Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: enaboapps@gmail.com
Subject line: "Privacy Policy Inquiry" or "Data Rights Request"

We will respond to your inquiry within 30 days.