Skip to main content

Privacy Policy

Last updated: May 2026

The Short Version

This page describes what happens when you visit sammyai.app and join the waitlist. The Sammy app, when it launches, will have its own privacy policy. We don’t sell your data, we don’t train AI models on it, and we keep what we collect minimal and specific. The list below is literal, not a generic claim.

What We Save When You Join the Waitlist

When you sign up, the following is stored in our database (Supabase):

  • Your email address - so we can send you a welcome email and the occasional update.
  • A referral code we generate for you (e.g. a7b9k2pq) - your unique link for inviting others.
  • The referral code you signed up with, if any - so the friend who invited you gets credit.
  • A count of people who joined via your code - so we can grant early-access tiers based on referrals.
  • Timestamps for when you signed up and when your address was confirmed.

That is the entire row we keep about you in our database. We don’t store your IP address, your browser, your device, or anything else.

We process this data on two bases: your consent when you submit the form (so we can email you a welcome note and the occasional progress update), and our legitimate interest in operating a fair waitlist with a working referral mechanic. You can withdraw consent at any time by unsubscribing or by emailing us to delete your row.

When the dedicated sign-up flow ships, it will also ask for your first name and which phone you use (iOS or Android), and that will be added to your row. This page will be updated at the same time.

Cookies on This Site

We set one cookie of our own:

  • locale - remembers which region’s prices to show you (Australia, US, UK, Canada, NZ, Europe). No personal data, no tracking. Lasts a year. You can clear it any time.

When you first visit the site you’ll see a consent banner asking whether to allow analytics cookies. Your choice is stored in localStorage under the key sammy_consent_v1, so we don’t ask again on return visits. You can change your decision at any time by clicking .

If you accept, we load Google Analytics 4 to count aggregate page visits with IP anonymisation enabled. We use this only to understand which pages are read and which referral sources work. We don’t use Analytics audiences, advertising features, or remarketing. If you reject, no analytics script is loaded at all.

Cloudflare, the platform that hosts this site, may set bot-detection cookies (__cf_bm, cf_clearance) on its own. We don’t read or store these.

To prevent abuse of the signup form, Cloudflare also briefly checks your IP against a short rolling counter (5 signups per minute, then it resets). The counter isn’t persisted, and we don’t log the IP ourselves.

Welcome Emails and Updates

We use Resend to send transactional email. When you join the waitlist, you’ll receive one welcome email with your referral link. From time to time we may send a short update with progress on the launch. One click unsubscribes you from any email.

Resend keeps its own delivery logs (whether the email arrived, whether it was opened). Open tracking works by your email client loading a small image when the message is displayed; you can block this by turning off remote images in your email client. We use these logs to confirm sends, not to profile you.

Where Your Data Lives

Your waitlist data is held with the following processors:

  • Supabase (Postgres database, hosted in the United States) - holds the waitlist row described above.
  • Resend (transactional email and mailing-list, United States) - sends the welcome email and any progress updates, and stores the audience for one-click unsubscribe.
  • Cloudflare (edge hosting and rate-limiting, global) - serves this site and runs the signup endpoint.
  • Google Analytics (United States) - only loaded if you accept the cookie banner. Records aggregate page views with IP anonymisation; does not build a profile of you.

Where data crosses borders (for example from the EU or Australia to the United States), we rely on each processor’s Standard Contractual Clauses or the EU-US Data Privacy Framework, whichever applies, to provide an adequate level of protection.

What We Never Do

  • We never sell your personal data.
  • We never share your email with third parties for advertising.
  • We never fingerprint you, build user profiles, or sync identifiers across sites. Aggregate page-view analytics only run if you opt in; see Cookies above.
  • When the Sammy app launches, we never use your conversations to train AI models.

Your Privacy Rights

Wherever you live, you can email us at hello@sammyai.app to:

  • See what we hold about you.
  • Correct anything that’s wrong.
  • Delete your row entirely.
  • Stop receiving updates (or use the one-click unsubscribe link in any email).
  • Object to how we process your data, or ask us to restrict it.

We aim to respond within 30 days, usually much sooner. The notes below explain how this maps to the specific laws that may apply where you live.

If you live in the EU, UK, or Switzerland (GDPR / UK GDPR)

You have rights under Articles 15-22 of the GDPR: access, rectification, erasure, restriction, data portability, and objection. The lawful bases for our processing are your consent (the welcome email, mailing-list updates, analytics cookies) and our legitimate interest in operating a fair waitlist with a working referral mechanic. You can withdraw consent at any time, and you have the right to lodge a complaint with your local supervisory authority (for EU residents, this is your national data-protection authority; for UK residents, the ICO).

If you live in California (CCPA / CPRA)

You have the right to know what we hold, to delete it, to correct it, and to opt out of the selling or sharing of your personal information. We will not discriminate against you for exercising any of these rights. We don’t sell or share personal information for cross-context behavioural advertising, so there is nothing to opt out of, but the right exists and we honour it.

If you live in Australia (Privacy Act 1988)

You can access or request correction of your personal information under Australian Privacy Principles 12 and 13. If you believe we’ve mishandled your data, you can raise it with us first, and then with the Office of the Australian Information Commissioner if you’re not satisfied with our response.

The Sammy App (Coming Soon)

The Sammy iOS and Android apps will have their own privacy controls and a dedicated privacy policy when they ship. The two sections below explain how Sammy is being built so you know what to expect.

Where Sammy Cloud Will Run

For Core and Premium tiers in the Sammy app, Sammy Cloud handles inference on a decentralised AI compute marketplace called AkashML. Your conversations run across a network of independent GPU operators rather than a single tech giant’s data centre.

AkashML itself does not store prompts or responses. We do not log, retain, sell, or train on your conversations. Because compute runs on third-party operators, the upside is no central honeypot to leak, sell, or be hacked. The trade-off is that compute is run by independent operators rather than a single audited vendor, which is part of why we keep on-device first whenever the model can handle it.

Your Data, Your Control (in the App)

The Sammy app is being built so that conversations live on your device by default. The on-device model (Google’s open-source Gemma) runs entirely offline. Nothing leaves your phone. When Sammy Cloud is used, conversations are sent only for the duration of the inference request and are not retained.

The full app privacy policy will detail backup, export, and deletion controls when the app launches.

Contact

Questions about privacy? Email us at hello@sammyai.app.

← Back to home