Privacy Policy
Last updated: May 18, 2026
1. Who We Are
Sayfe.ai is an assumed name (DBA) of Vandelay Consulting Inc., a Texas corporation (the "Company," "we," "us," or "our"). We are an authorized OpenAI SMB Channel Partner providing ChatGPT Business deployment, AI consulting, training, and adoption services for small and medium businesses. Our principal place of business is in Brazoria County, Texas.
2. What We Collect
We collect the following categories of personal data:
- Contact information you give us — name, email, company name, role, phone (if provided), industry, team size, geographic location of operations, and free-text answers you provide in our forms (including the AI Compliance Assessment).
- Account-related identifiers — when you sign up for ChatGPT Business through our partner link, OpenAI may share with us limited account information (such as your account having activated) for the purpose of attributing the referral. We do not receive your ChatGPT chat history, prompts, or outputs.
- Usage data — pages visited, clicks, device type, browser, approximate location (country/region only), and referrer URL. Collected via our analytics provider.
- Communications — emails you send us and the contents of our reply, including chat transcripts if you interact with our automated AI Compliance Assessment.
What we do NOT collect
- Your ChatGPT Business conversations, prompts, or outputs — those stay with OpenAI under their data policies.
- Sensitive special categories of personal data (health information, biometric data, etc.). Please do not paste real customer PII, PHI, or financial data into our forms or assessment.
- Children's data. The Service is not intended for users under 18.
3. How We Use It
We use the data we collect for the following purposes:
- Deliver the Service you requested (e.g., generate your AI Compliance Assessment report, schedule a consultation).
- Send you the email follow-up sequence you opt into when completing the assessment. You can unsubscribe at any time.
- Attribute ChatGPT Business referrals so we can credit our partner commission and ensure your free onboarding is applied.
- Improve the Service (aggregate, non-identifiable analytics).
- Comply with legal obligations.
We do not use your personal data to train AI models, sell it to third parties, or rent it to advertisers.
4. Who We Share It With (Sub-Processors)
We use the following data processors. Each one is bound by a Data Processing Agreement that requires them to handle your data on our behalf only, with appropriate safeguards:
| Processor | Purpose | Data shared |
|---|---|---|
| OpenAI (api.openai.com) | Powers the AI Compliance Assessment conversational agent and any ChatGPT Business product features routed via our partner link | Assessment Q&A inputs (not your name/email) |
| Supabase | Database hosting for form submissions and assessment leads | Name, email, company, assessment answers, risk tier |
| Resend | Transactional and follow-up email delivery | Name, email, assessment report content |
| Cloudflare (Turnstile) | Spam & bot protection on forms | IP-derived signals (not your IP itself) |
| Vercel | Website hosting | Standard server logs (IP, user agent, timestamps) |
| Google Fonts | Font delivery | None beyond standard CDN logs (handled by Google) |
If we change sub-processors materially, we will update this list. We do not sell personal data.
5. Where Your Data Is Stored
Sayfe.ai is based in the United States. Most of our sub-processors store data in the U.S., with some maintaining global edge networks. If you are in the EU or U.K., your data may be transferred to and processed in the United States under Standard Contractual Clauses or equivalent safeguards required by GDPR / U.K. GDPR.
6. Your Rights
Depending on where you live, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to fix inaccurate data.
- Deletion — ask us to delete your personal data (subject to certain legal retention requirements).
- Restriction or objection — limit how we use your data, particularly for marketing.
- Portability — receive a machine-readable copy of your data.
- Opt out of automated decision-making — our AI Compliance Assessment is informational and does not make legally binding decisions about you, but you can request human review of any decision affecting you that we make using AI.
- Withdraw consent — for any processing based on consent (e.g., marketing emails), without affecting the lawfulness of processing before withdrawal.
- Lodge a complaint — with your local data protection authority (in the EU/U.K.) or California Attorney General (in California).
To exercise any right, email cbenson@sayfe.ai. We respond within 30 days.
7. Retention
We retain personal data only as long as we have a legitimate business reason or a legal obligation to retain it. Assessment leads are retained for up to 24 months after your last interaction unless you request earlier deletion. Aggregate analytics may be retained indefinitely.
8. Security
We use industry-standard safeguards: HTTPS / TLS in transit, encryption at rest via our sub-processors, principle-of-least-privilege access controls, and audit logging. No system is perfectly secure; if we discover a breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.
9. Cookies
We use a small number of strictly necessary cookies (session, security) and analytics cookies. You can disable non-essential cookies via your browser settings. We do not currently use cross-site tracking or advertising cookies.
10. California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have the rights described in Section 6 above, plus the right to know what categories of personal data we collect, the purposes for which we use it, and the categories of third parties with whom we share it (all disclosed in Sections 2–4). We do not sell or share personal data for cross-context behavioral advertising as those terms are defined under the CPRA. We do not use sensitive personal information for any purpose other than the ones permitted under §7027(m) of the CPRA regulations.
11. Children
The Service is intended for adults engaged in business activities. We do not knowingly collect personal data from children under 18. If we learn we have collected such data, we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if we have your email) or by a prominent notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact
Questions about this policy or our privacy practices: cbenson@sayfe.ai
For data subject requests (access, correction, deletion): cbenson@sayfe.ai