Privacy, security and your data
A plain-English guide to what Sageon does with your data, where it lives, and where to read the formal policies.
The short version
- You own everything you put in. Your projects, RAID entries, HR records, CRM data — all yours.
- One organisation can never see another's data. Database-level isolation, not just app-layer checks.
- We don't train AI on your data. Sage uses Anthropic's Claude API, which doesn't train on customer prompts. We don't either.
- UK-based. Sageon Ltd is registered in England and Wales. Primary data hosting is in the EU.
- Essential cookies only. No tracking, no advertising, no third-party analytics — so there's no consent banner gate.
Where your data lives
| Layer | Provider | Region |
|---|---|---|
| Database | Supabase (Postgres) | EU (Frankfurt) |
| App hosting | Vercel | EU edge preferred |
| File storage | Supabase Storage | EU |
| Email delivery | Resend | EU/US |
| Payments | Stripe | UK/EU/US |
| AI (Sage) | Anthropic Claude API | US |
| Backups | Encrypted, 30-day retention, EU |
Full list at sageon.co.uk/subprocessors.
Security in brief
- TLS 1.2+ on every connection
- AES-256 encryption at rest
- Row-level security — your
organisation_idis enforced at the database, not just the app - Role-based access — five built-in roles plus five custom slots
- Daily encrypted backups with 30-day retention
- Audit log of admin actions (invites, role changes, deletions) — 12 months
Full details at sageon.co.uk/security.
What Sage (AI) sends and doesn't send
When you chat with Sage, we send a focused prompt — the message you typed, plus a tightly scoped slice of context (e.g. the project you're on, recent RAID items if you're asking about risks). We do not send:
- Salary, compensation or bank details
- Personal employee information (DOB, NI numbers, addresses)
- Files or attachments
- Data from other organisations
Sage's outputs are AI-generated and may be inaccurate. Always verify before acting on them. Full disclosure: sageon.co.uk/ai-disclosure.
Your GDPR rights
If you're an individual whose personal data is held in Sageon (either as a user account or as an HR/CRM record managed by an org), you have the right to:
- Access your data
- Correct inaccurate data
- Delete ("right to be forgotten")
- Export in a portable format
- Object to certain processing
For your own user account: edit/delete from Settings → Account. For data your employer holds about you in Sageon: contact your employer first — they're the data controller. For anything else: email hello@sageon.co.uk with subject "Privacy request".
If you process personal data through Sageon Business
You're the data controller for employee, customer and project data you upload. Sageon is your data processor. The terms of that relationship are in our Data Processing Agreement, which is automatically incorporated into our Terms of Service — no signature needed, but we'll counter-sign on request.
Cancellation and data retention
When you cancel:
- 0–90 days: your data is retained for export or recovery.
- After 90 days: permanently deleted from production systems.
- +30 days: rolling encrypted backups expire. All data gone within ~120 days.
Want it deleted sooner? Email hello@sageon.co.uk from the org owner's address.
All the policies, in one place
- Privacy policy
- Terms of service
- Cookie policy
- Data Processing Agreement
- Subprocessor list
- Acceptable use policy
- AI usage disclosure
- Security and trust
- Service availability
- Refunds policy
Reporting a vulnerability
Email hello@sageon.co.uk with subject "Security report". Please don't test on real customer data or run automated scans against production. We aim to acknowledge within one business day.