Privacy Policy

Effective date: 12 April 2026

1. Introduction

This Privacy Policy explains how Sagewai ("we", "us", or "our") collects, uses, stores, and protects personal data when you visit our websites (sagewai.ai and docs.sagewai.ai), use our open-source software, or interact with us in any other way. We are committed to protecting your privacy in accordance with the European Union General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the ePrivacy Directive (2002/58/EC), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data Controller

The data controller responsible for the processing of your personal data is:

Ali Arda Diri
Berlin, Germany
hello@sagewai.ai

3. Data We Collect

3.1 Data you provide voluntarily

When you contact us by email, submit a form, or participate in community discussions, you may provide your name, email address, and the content of your message. We process this data solely to respond to your enquiry.

3.2 Automatically collected data

When you visit our websites, our hosting provider (Cloudflare) may automatically collect certain technical information, including your IP address (anonymised), browser type, operating system, referring URL, pages visited, and the date and time of your visit. This data is collected through server logs and is used to ensure the security and availability of our websites.

3.3 Cookies and similar technologies

We use cookies and similar client-side storage mechanisms. For detailed information about the cookies we use and how to manage your preferences, please visit our Cookie Preferences page.

4. Legal Basis for Processing

We process personal data on the following legal bases under GDPR Article 6:

  • Consent (Art. 6(1)(a)) — for non-essential cookies and analytics, where you have given explicit consent through our cookie banner.
  • Contractual necessity (Art. 6(1)(b)) — to provide services you have requested, such as responding to support enquiries.
  • Legitimate interests (Art. 6(1)(f)) — to maintain the security of our websites, prevent fraud, and improve our services, provided such interests are not overridden by your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable laws and regulations.

5. Cookies and Tracking

Our websites use cookies categorised as follows:

  • Essential cookies — necessary for basic website functionality such as theme preferences. These do not require consent under the ePrivacy Directive.
  • Analytics cookies — help us understand how visitors interact with our websites. Only activated with your consent.
  • Marketing cookies — used to deliver relevant content and measure campaign effectiveness. Only activated with your consent.
  • Preference cookies — remember your settings and personalisation choices. Only activated with your consent.

You can manage your cookie preferences at any time on our Cookie Preferences page.

6. Third-Party Services

We use the following third-party services:

  • Cloudflare — content delivery, DDoS protection, and website hosting. Cloudflare may process minimal technical data (such as IP addresses) to provide these services. For details, see Cloudflare's Privacy Policy.
  • GitHub — source code hosting and community discussions. Interactions on GitHub are subject to GitHub's Privacy Statement.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Enquiry and correspondence data: up to 3 years after last contact.
  • Server logs: up to 90 days.
  • Cookie consent records: for the duration of the consent or until withdrawn.

When personal data is no longer needed, it is securely deleted or anonymised.

8. Your Rights Under the GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — obtain confirmation of whether we process your personal data and request a copy.
  • Right to rectification (Art. 16) — correct inaccurate or incomplete personal data.
  • Right to erasure (Art. 17) — request deletion of your personal data under certain conditions.
  • Right to restriction (Art. 18) — request that we limit the processing of your personal data.
  • Right to data portability (Art. 20) — receive your personal data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with a supervisory authority. In Germany, the competent authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

9. Your Rights Under the CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you the following rights:

  • Right to know — request information about the categories and specific pieces of personal data we have collected.
  • Right to delete — request deletion of personal data we have collected from you.
  • Right to opt-out — opt out of the sale or sharing of your personal data. We do not sell personal data.
  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.

10. International Data Transfers

Your data may be processed by third-party service providers located outside the EEA. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or the EU-US Data Privacy Framework, as applicable.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), access controls, and regular security reviews.

12. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us so we can promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on this page with a revised effective date. We encourage you to review this page periodically.

14. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

hello@sagewai.ai