Sauda← Back to home

Privacy Policy

Last updated: March 14, 2026

1. Who We Are

Sauda ("we," "us," or "our") operates the platform at getsauda.com and related services. Sauda is an AI-powered B2B sourcing concierge that connects global buyers with verified Indian manufacturers.

For any privacy-related questions or requests, contact us at privacy@getsauda.com.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, name (if provided via your identity provider), and profile picture URL. You may also provide a phone number for WhatsApp-based communication.

2.2 Business Information

To use our sourcing platform, we collect information about your company, including company name, website, country, address, industry, employee count, year established, and a description of your business.

2.3 Verification Data

To verify your business identity, we may collect your GSTIN (Goods and Services Tax Identification Number), CIN (Corporate Identification Number), GST filing history, and related regulatory data for Indian businesses. For international businesses, we collect verification data through Stripe.

2.4 Sourcing & Transaction Data

We collect information about your sourcing requirements, including product specifications, quantities, target pricing, delivery timelines, and supplier quotes. We also store negotiation history between buyers and suppliers.

2.5 Documents

You may upload documents such as invoices, specification sheets, purchase orders, and certificates. We store these files and may use AI to extract structured data from them to improve our services.

2.6 Conversations

We store all conversations you have with our AI assistant, including messages, tool interactions, and any files you share during a conversation. This includes conversations conducted via our web platform, WhatsApp, or email.

2.7 Usage Data

We collect information about how you interact with our platform, including session identifiers, timestamps, and message counts. We do not currently use third-party analytics or tracking cookies.

3. How We Use Your Information

  • Sourcing services: Matching your requirements with suitable suppliers, facilitating communication, and managing the quotation process.
  • AI-powered features: Our AI assistant uses your conversation history and sourcing data to provide personalized recommendations and automate parts of the sourcing workflow.
  • Business verification: Verifying your company identity to maintain trust and safety on the platform.
  • Communication: Sending you quotes, notifications, and updates about your sourcing projects via email, WhatsApp, or in-app notifications.
  • Document processing: Extracting structured data from uploaded documents to streamline your sourcing workflow.
  • Platform improvement: Understanding usage patterns to improve our services, fix issues, and develop new features.
  • Supplier discovery: Building and maintaining a catalog of Indian manufacturers, including generating searchable embeddings from publicly available product information.

4. Third-Party Services

We share your data with the following categories of third-party service providers, each used for a specific purpose:

4.1 AI & Machine Learning

  • Anthropic (Claude): Powers our AI assistant. Conversation content, sourcing requirements, and uploaded documents are sent to Anthropic for processing.
  • OpenAI: Used to generate semantic search embeddings from product and supplier information. Text descriptions are sent to OpenAI for vector generation.

4.2 Communication

  • Meta (WhatsApp Cloud API): Used to send and receive WhatsApp messages. Your phone number and message content are shared with Meta.
  • Amazon SES: Used to send transactional emails. Recipient email addresses and message content are processed by AWS.

4.3 Business Verification

  • Sandbox.co.in: Used to verify Indian business identities via GSTIN and CIN lookups.
  • Stripe: Used for international business verification through Stripe Connect.

4.4 Authentication

  • AWS Cognito: Manages user authentication, including OAuth sign-in with Google and enterprise SAML providers.

4.5 Infrastructure

  • Amazon Web Services (AWS): Our platform is hosted on AWS. All data is stored using AWS services including RDS (database), S3 (file storage), and related services.
  • Sentry: Used for error tracking and monitoring. Error context and stack traces may be sent to Sentry when issues occur.

5. Data Storage & Security

Your data is stored on AWS infrastructure. We use encryption in transit (TLS/HTTPS) and at rest for sensitive data. Access to production systems is restricted and controlled through AWS IAM roles and security groups.

While we implement reasonable security measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. This includes conversation history, sourcing data, and uploaded documents.

If you request deletion of your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

7. Cookies & Tracking

We use minimal cookies and local storage, limited to what is necessary for authentication and session management. We do not use third-party advertising or analytics cookies.

  • Authentication state: A cookie to maintain your login session.
  • Session identifier: Stored in your browser's local storage to maintain your session.

8. International Data Transfers

Our third-party service providers, including Anthropic, OpenAI, Meta, and Stripe, are based in the United States. Your data may be transferred to and processed in the United States or other countries where our service providers operate. By using our platform, you consent to these transfers.

9. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Data portability: Request your data in a structured, machine-readable format.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@getsauda.com. We will respond within 30 days.

10. Children

Our platform is intended for business use by individuals who are at least 18 years of age. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a person under 18, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the platform after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this privacy policy or our data practices, contact us at:

Sauda
Email: privacy@getsauda.com