Skip to main content

Privacy Policy

For the Sammy app · Last updated: 30 June 2026 · Effective: 30 June 2026

This Privacy Policy explains what data Sammy collects, how we use it, and the choices you have. The data controller is Keep DS Pty Ltd (ABN 91 695 408 756) (“Keep DS”, “we”, “us”), an Australian company at Suite 193, Level 5, 33 Stewart St, Richmond VIC 3121, Australia. Sammy is built to be privacy-conscious: where we can keep data on your device, we do.

1. On-device first

When you use on-device mode, your requests are processed by a local model on your device and your conversation is not sent to us. When you use Sammy Cloud mode, your messages and any attachments you include are sent to our cloud to generate a response. Some features always use the cloud, including web search, weather, and news; when you use them, your request (such as a search query) and an approximate location may be sent to outside providers to fulfil it. See section 5.

2. Information we collect

  • Account information: when you create an account, your email and basic profile details, handled through our authentication provider.
  • Content you provide: messages, attachments, memories, and settings. In cloud mode this is processed in our cloud; in on-device mode it stays on your device.
  • Device data you let Sammy use: with your permission, Sammy can access your calendar, reminders, contacts, and photos to provide a feature you ask for, such as adding an event or attaching a photo. When you ask Sammy to act on this in cloud mode, the relevant content is sent to our cloud to carry out your request and is not used for anything else.
  • Email content (connected Gmail): if you connect Gmail and ask Sammy to read, summarise, or send mail, the relevant email content and details are processed, including by our cloud AI providers, only to carry out that request. It is not used to train AI models and is not kept beyond providing the feature.
  • Approximate location: when you ask Sammy for something local, such as weather or “near me”, an approximate location is used for that request and may be sent to the relevant provider. It is held only briefly in memory on your device and is not stored by us.
  • Voice: speech-to-text for voice notes is processed on your device. In voice chat, a cloud feature, your spoken request is transcribed and sent to our cloud to generate a reply.
  • Usage information: limited records, such as request counts and token usage, used to enforce plan limits and keep the Service running.
  • Subscription status: your plan and entitlement, validated with Apple.
  • Connected integrations: if you connect a service like Google, the access tokens needed to provide that feature are stored securely in your device’s keychain, not on our servers.
  • Diagnostics and crash reports: basic technical logs, plus crash and hang reports, which can include stack traces and your device and OS details, that are uploaded and linked to your account to help us find and fix stability problems. These are used only to operate and improve the Service, never for advertising. We do not log the contents of your access tokens.

3. How we use your data

We use data to provide and improve the Service, generate responses, enforce plan limits, prevent abuse, keep your data in sync, and provide support. We do not sell your personal data, and we do not use your conversations to train AI models.

4. Backups

You can back up your data to iCloud and/or Google Drive. Backups are encrypted before they leave your device. They are stored under your own iCloud or Google account and are controlled by you: you choose when to back up and when to restore.

5. Who we share data with

We use trusted service providers (“sub-processors”) to run Sammy. They may only use data to provide their service to us:

  • Authentication, database, and backend: our hosting and database provider (Supabase), which stores your account, subscription, usage, and safety and diagnostic records. Your conversations, memories, and attachments are kept on your device and in any backups you create, not on our servers; in cloud mode they are sent to AI providers to generate a response and are not stored at rest by us.
  • Apple: for sign-in, payments, and iCloud backup.
  • Google: for the integrations and Drive backup you choose to enable.
  • AI model providers: the services that process Sammy Cloud requests. General chat runs on an inference host (Akash / AkashML) using open models, and some responses and image understanding use Anthropic (Claude). Your messages are sent to them only to generate the response you asked for.
  • Web search, news, and local information: when you run a web search or use a briefing or local feature, your query, chosen topics, or an approximate location may be sent to search, news, sports, weather, and image providers, such as Brave Search, SerpAPI, Jina, GNews, Google News, TheSportsDB, Open-Meteo, and Unsplash, to return a result.
  • Email delivery: our email provider (Resend) sends account and waitlist emails on our behalf.

6. Safety and content reports

If you choose to report a response, the reported message and the message you sent just before it are sent to us so we can review quality and safety. You’re shown what is included before you submit a report. Reports are kept, linked to your account, for safety and quality review, and are removed when you delete your account (see section 7).

7. Data retention and deletion

We keep data for as long as your account is active or as needed to provide the Service. You can delete your account and associated data at any time from within the app (Settings, then account), which removes your data from our systems. Backups stored in your own iCloud or Google account are deleted through those services.

8. Security

We use encryption in transit, encrypted backups, and the device keychain for sensitive values. Voice transcription for voice notes runs on your device. No system is perfectly secure, but we work to protect your data.

9. Age and children

Sammy is for users aged 18 and over. When you sign up we ask for an age signal, either Apple’s age-range check or a date of birth you enter, only to confirm you are 18 or over. We use it solely for that check and we do not store your date of birth; we keep only the result that you are an adult. Sammy is not directed at children, and we do not knowingly collect data from anyone under 18. If you believe a child has provided us data, contact us at the address below and we will delete it.

10. International users

Your data may be processed in countries other than your own, including where our service providers operate.

11. Your choices and rights

You can access and delete your data from within the app, control which integrations and permissions you grant, and choose on-device mode for supported features. Depending on where you live, you may have additional rights under laws such as the GDPR, the Australian Privacy Principles, or the CCPA, including rights to access, correct, or delete your data, or to make a complaint. To exercise these, contact us.

12. Changes

We may update this policy; we will change the “last updated” date above when we do.

13. Contact

Keep DS Pty Ltd (ABN 91 695 408 756) is the data controller for the Sammy app. For any privacy question or request, email support@sammyai.app (our privacy contact) or write to Keep DS Pty Ltd, Suite 193, Level 5, 33 Stewart St, Richmond VIC 3121, Australia.

← Back to home