STAGING ENVIRONMENT — NOT PRODUCTION
Sarah

Sarah — Privacy Policy

Last updated: 15 April 2026

1. Who We Are

This Privacy Policy applies to Sarah, operated by Přesčas s.r.o., company registration number 28550714, registered at Sudoměřská 1293/32, Žižkov, 130 00 Praha 3, Czech Republic. We are the data controller for personal data collected through yoursarah.com. Contact us at legal@dunross.cz.

2. What Data We Collect

Data you provide directly:

  • Email address and password when you create an account
  • Your name and preferred language
  • Your city or timezone
  • Any information you share with Sarah in conversation — reminders, tasks, notes, dates, and anything else you tell her

Data we collect automatically:

  • Usage data including message timestamps and feature usage
  • Device type and browser for push notification delivery
  • Token usage for billing and service management

3. How We Use Your Data

We use your data to provide and improve the Sarah service, to send you reminders and notifications you have requested, to send transactional emails such as account verification and password reset, to manage your subscription and billing, and to monitor service performance and fix issues.

We do not use your data for advertising. We do not sell your data to third parties. We do not share your data with third parties except as described in section 4.

4. Third Parties We Share Data With

We use the following third-party services to operate Sarah:

  • OpenAI — processes your messages to generate Sarah's responses. OpenAI's privacy policy applies to this processing.
  • Supabase — stores your data securely in Hamburg, Germany, within the European Union.
  • Brevo — used to send transactional emails such as verification and password reset emails.
  • Stripe — processes payments. Stripe handles payment data directly and we do not store your card details.
  • Hetzner — provides the server infrastructure in Helsinki, Finland, within the European Union.

All third-party providers are required to handle your data securely and in accordance with applicable law.

5. Data Storage and Security

Your data is stored within the European Union. We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and access controls. No system is completely secure and we cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, your data enters a 14-day recovery window and is then permanently deleted. You may request earlier deletion by contacting legal@dunross.cz.

7. Your Rights Under GDPR

As a user in the European Union you have the right to access the personal data we hold about you, to correct inaccurate data, to request deletion of your data, to object to or restrict certain processing, and to data portability. To exercise any of these rights, contact us at legal@dunross.cz. You also have the right to lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů) at uoou.cz.

8. Cookies

Sarah uses session storage and local storage in your browser to keep you logged in and to remember your preferences. We do not use third-party tracking cookies or advertising cookies.

9. Children

Sarah is not intended for users under the age of 16. We do not knowingly collect data from children under 16. If you believe a child under 16 has created an account, please contact us at legal@dunross.cz and we will delete the account.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email. The current version is always available at yoursarah.com/privacy.

11. Contact

For any privacy-related questions or requests, contact us at legal@dunross.cz.