Privacy Policy

Effective May 28, 2026

Sayfirst ("Sayfirst," "we," "us") is an AI tool for understanding and responding to high-stakes personal communication. It is not therapy, not medical advice, and not a substitute for professional mental health care, diagnosis, or clinical assessment. The guidance Sayfirst shows you is generated by AI.

This policy explains what data we collect, why, how long we keep it, and your rights over it. If anything here is unclear, email support@sayfirst.ai.

1. Who operates Sayfirst

Sayfirst is operated by Csenge Forstner. Contact: support@sayfirst.ai.

2. What we collect

2.1 Data you give us directly

• The text you enter. Free-text you type into Decode or Respond is sent to our backend for processing and stored in your user record. This is the core data the app exists to work with.
• Screenshots you attach. In Respond, you can attach a screenshot of a conversation. The image is sent to our backend and forwarded to our AI provider for processing (see section 4.1). We do not retain the image after the response is generated.
• Account email and password. Sayfirst works anonymously by default. If you choose to create an account — so you can sign in on another device or recover access — we collect the email address and password you provide. Passwords are stored only as a secure hash, never in plain text.
• Onboarding responses. Your answers to the setup questions — what you flagged, the tone you chose, and your 13+ age affirmation.
• Your name. A first name or nickname is optional. If you provide one, it is stored in your user record and included in the context sent for processing — to our backend and our AI provider — so guidance can be personalized (see sections 2.2 and 4.1). It is never sold or used for advertising.
• Settings. Your tone preference and notification preferences.

2.2 Data we derive from what you give us

• Your Self Model. From what you enter over time, we derive a private model of your recurring patterns — the dynamics you tend to face, the people you mention, your typical communication style. This is stored in your user record and used to make future guidance specific to you rather than generic.
• Mechanism tags. Each interaction is classified against a fixed taxonomy of interpersonal mechanisms (e.g., rumination, avoidance, people-pleasing) to surface patterns across time. Classifications are stored alongside your record.

2.3 Data collected automatically

• Anonymous device identifier. When you first launch the app we generate an anonymous UUID (stored in your device's secure keychain) that links your activity across launches on the same device. Unless you create an account, we do not know your name, email, or phone number — just this UUID.
• Crash and performance data. If the app crashes or hits a performance issue, a report is sent to Sentry (our error-monitoring provider). User-content fields (the text you enter) are redacted before the report is transmitted.

2.4 Voice input

If you use voice input, your speech is converted to text using Apple's speech recognition. Depending on your device, Apple transcribes it on-device or via Apple's speech service; either way the audio is handled by Apple's Speech framework under Apple's privacy policy, and this is disclosed in the microphone/speech permission prompt. Sayfirst never uploads, stores, or writes your audio to a file — only the resulting text is used, and it is treated exactly like text you typed (section 2.1).

2.5 Data we do not collect

• An email address or password, unless you choose to create an account (section 2.1).
• Phone number, physical address, government IDs.
• Location, GPS, or IP address logged for your identity.
• Contacts, photos, microphone audio, or camera imagery — except a screenshot you explicitly attach in Respond (section 2.1), and voice handled per section 2.4.
• Health data from HealthKit, Apple Health, or any other health platform.
• Financial data.
• Browsing history, cross-app activity, advertising identifiers.

We do not track you across other apps or websites. The app displays no ads and contains no third-party advertising SDKs.

3. Why we collect it

• To make the app work. The guidance Sayfirst generates depends on what you give it — without your input, there is nothing to work with.
• To get sharper over time. The longer you use it, the better Sayfirst can anchor its guidance in what you've actually been dealing with, rather than generic patterns.
• To let you sign in and recover access. Account email and password exist so you can use Sayfirst across devices and recover your account.
• To fix bugs and crashes. Crash reports help us find and fix problems that affect your experience.

We do not use your data for advertising, marketing lookalikes, selling to third parties, or any purpose outside the app's own function.

4. Who we share it with

4.1 Anthropic (AI processing)

The guidance you see is generated by Claude, an AI model operated by Anthropic PBC. When you submit an interaction, the text you wrote — plus a compressed context block (your patterns, recent activity) and any screenshot you attached — is sent to Anthropic's API. Anthropic processes this in real time to generate the response and, per their commercial terms, does not persist this content for training or other purposes. Anthropic is a data processor acting on our instruction.

4.2 Postmark (transactional email)

If you create an account or request a password reset, we use Postmark to send the verification code or reset email. Postmark receives your email address and the contents of that transactional message for the sole purpose of delivering it. We do not use Postmark for marketing.

4.3 Sentry (error monitoring)

Crash and performance telemetry is sent to Sentry for error monitoring. We redact user-content fields before transmission, so the text you enter does not leave your device through Sentry.

4.4 Our infrastructure (Railway)

Your user record — your entries, Self Model, settings, and account — is stored in a Postgres database hosted on Railway. Railway is a hosting provider, not an independent user of your data.

4.5 Anyone else

We do not sell, rent, trade, or share your personal information with any other party.

5. How long we keep it

• While your account is active: your entries, Self Model, settings, and account stay in our systems as long as you keep using the app.
• After you delete your data: everything associated with you is removed from our production systems and any backups within 30 days. Deletion is triggered by the "Delete all my data" action in Profile, which hard-deletes your user record and all associated rows, plus wipes your local storage and secure-store credentials on the device.
• Crash data: retained per Sentry's default retention (90 days), not linked to your identity after redaction.

6. Your rights

6.1 Access and export

You can export your data at any time from Profile → Download my data. This generates a file containing everything we have about you, shared via the system share sheet.

6.2 Deletion

You can delete your account and all associated data from Profile → Delete all my data. Deletion is immediate on our production systems and completes through backups within 30 days.

6.3 Rights under GDPR (if you are in the EEA, UK, or Switzerland)

In addition to access and deletion above, you have the right to correct inaccurate data, object to or restrict processing, withdraw consent and close your account, and lodge a complaint with your local data-protection authority. Email support@sayfirst.ai to exercise any of these rights.

6.4 Rights under CCPA (if you are a California resident)

You have the right to know what personal information we collect, to delete it, and to opt out of any sale — we do not sell personal information. Email support@sayfirst.ai to exercise these rights.

7. Children

Sayfirst is for people 13 and older. We confirm age at onboarding (a 13+ affirmation before any data collection begins). If we learn that someone under 13 has registered, we delete that account. If you believe a child under 13 has used the app, email support@sayfirst.ai.

8. Security

• Data transmitted between the app and our backend is encrypted in transit (HTTPS/TLS).
• Your authentication token and anonymous device ID are stored in iOS's secure keychain, not in regular app storage.
• Account passwords are stored only as a secure hash.
• Your data on our backend is hosted by Railway with their infrastructure security.
• No security system is perfect. If you believe your account has been compromised, email support@sayfirst.ai.

9. International transfers

Our backend infrastructure is hosted in the United States. If you use the app from outside the US, your data will be transferred to and processed in the US. Anthropic, Postmark, and Sentry also operate primarily from the US. By using the app you agree to this transfer.

10. Changes to this policy

If we change this policy we will update the "Effective" date at the top. Material changes (changes to what we collect, who we share it with, or how long we keep it) will be announced in-app before they take effect.

11. Contact

Email support@sayfirst.ai for any privacy-related question, or to exercise any of the rights above. Sayfirst is operated by Csenge Forstner.