Privacy Policy
Last updated: May 15, 2026
1. Responsible Party (Data Controller)
The party responsible for processing your personal data within the meaning of Art. 4 No. 7 GDPR is:
Contact contact@sami-agent.com for operator identity.
(address not yet configured)
E-Mail: contact@sami-agent.com
For privacy-related enquiries or to exercise your data-subject rights, write to the email address above with the subject line "Privacy Request".
2. Scope of This Policy
This policy applies to personal data processed when you visit https://sami-agent.com, create an account, use the S.A.M.I. platform (the web dashboard and the managed model service at https://api.sami-agent.com), or download the S.A.M.I. desktop application. It does not cover third-party services that have their own privacy policies.
3. Categories of Personal Data We Process
| Category | Examples | Retention |
|---|---|---|
| Account data | Email address, hashed password (industry-standard memory-hard algorithm), full name (optional), profile preferences, TOTP 2FA secret (encrypted) | Until account deletion, then 30 days |
| Billing data | Stripe customer ID, subscription plan, payment status — we never store card numbers; those remain with Stripe | 7 years (statutory billing-record retention obligation) |
| Chat / agent content | Messages you compose in the SAMI Desktop IDE, agent runs, saved prompts | Not persistently stored by SAMI — local copy on your device; messages may be transiently relayed for AI inference (see Section 9) |
| Usage records | Token consumption per model, credit debits, plan quota checks | 7 years (billing retention obligation) |
| Audit logs | Login timestamps, IP address, security events (failed auth, 2FA, plan change) | 1 year |
| Technical data | IP address, browser user-agent, HTTP request metadata (collected by our hosting and CDN infrastructure — see subprocessors above) | 30 days (infrastructure logs) |
We do not process special categories of personal data (Art. 9 GDPR) and do not perform automated decision-making with legal or similarly significant effects (Art. 22 GDPR).
4. Purposes and Legal Bases (Art. 6 GDPR)
Art. 6(1)(b) — Performance of a contract
Account creation and authentication, plan provisioning, managed model routing, agent-run execution, and customer support. Without this data we cannot provide the service.
Art. 6(1)(c) — Legal obligation
Retention of billing records and transaction data for 7 years as required by the applicable commercial and tax-record retention obligations at the Operator's place of incorporation (to be confirmed at entity formation).
Art. 6(1)(f) — Legitimate interests
Security monitoring, abuse detection, rate limiting, and fraud prevention. These interests are not overridden by your privacy rights because processing is limited to the minimum necessary and is not used for profiling or advertising. You may object to this processing at any time (see Section 8).
Art. 6(1)(a) — Consent
Optional analytics cookies and marketing communications are only activated with your explicit prior consent. You can withdraw consent at any time in Cookie Settings.
5. Recipients and Subprocessors
We use the following categories of processors and sub-processors. Each is bound by a data-processing agreement (DPA) or equivalent contractual safeguard.
AI Model Providers (subject to model selection)
When you submit a request that is routed to an AI model, the content of that request is forwarded to the relevant provider. The provider depends on the model you select in the platform:
- OpenAI, LLC (US) — Standard Contractual Clauses
- Anthropic, PBC (US) — Standard Contractual Clauses
- Google LLC / Google DeepMind (US) — Standard Contractual Clauses
- xAI Corp (US) — Standard Contractual Clauses
- Mistral AI SAS (France, EU) — EU adequate
- DeepSeek (Hangzhou DeepSeek AI, CN) — Standard Contractual Clauses
- Groq, Inc. (US) — Standard Contractual Clauses
- Together AI, Inc. (US) — Standard Contractual Clauses
- Cohere, Inc. (Canada) — adequacy decision
- OpenRouter, Inc. (US) — Standard Contractual Clauses
These providers process inference requests ephemerally; we do not permit them to use your content to train their models (where their terms allow us to opt out, we do). Requests do not include your name or email — only the conversation content you submit.
The complete sub-processor list — including roles, transfer mechanisms, and data-residency details for each — is maintained at /legal/subprocessors. We notify users via this page when the sub-processor list changes.
6. International Data Transfers
Where personal data is transferred to recipients in countries outside the European Economic Area (EEA) that do not have an adequacy decision under Art. 45 GDPR (in particular the United States), transfers are safeguarded by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR as adopted by the European Commission. You may request a copy of the applicable SCCs by writing to contact@sami-agent.com.
7. Cookies and Tracking
Strictly necessary cookies (always active)
- sami_access_token — short-lived JWT session token (HttpOnly)
- sami_refresh_token — long-lived refresh token for silent re-authentication (HttpOnly)
- sami_csrf — CSRF token for state-changing requests (billing, account, admin actions)
Legal basis: Art. 6(1)(b) GDPR (contract performance). These cookies are required for the service to function. You cannot opt out while using the platform.
Preference cookies (set after interaction)
- cookie_consent — records whether you have acknowledged the cookie banner (12 months)
- theme — stores your dark / light mode preference (12 months)
- sami_locale — stores your language preference (en / de) (12 months)
These cookies are set only after you interact with the relevant UI control. They do not track you across sites. Full cookie inventory: /legal/cookies.
Analytics cookies (consent required)
We currently do not set any analytics cookies. If we introduce analytics tooling in the future, we will request your explicit prior consent (Art. 6(1)(a) GDPR) before setting any such cookies, and they will never be used for advertising.
Marketing cookies (consent required)
We do not currently operate marketing / retargeting campaigns. If we introduce such cookies in the future, we will request your consent separately.
Manage your cookie preferences in Cookie Settings (requires sign-in).
8. Your Rights as a Data Subject (Art. 15–21 GDPR)
You have the following rights, exercisable free of charge by contacting contact@sami-agent.com:
- Access (Art. 15) — obtain a copy of the personal data we hold about you.
- Rectification (Art. 16) — correct inaccurate or incomplete data.
- Erasure (Art. 17) — request deletion of your personal data where no legal retention obligation applies. Note: billing records are kept for 7 years even after account deletion (see Section 9).
- Restriction of processing (Art. 18) — request that we restrict processing in certain circumstances (e.g. while disputing accuracy).
- Data portability (Art. 20) — receive your data in a structured, machine-readable format. Use the data-export function in your dashboard settings.
- Objection (Art. 21) — object to processing based on our legitimate interests (Section 4, Art. 6(1)(f)). We will cease that processing unless we demonstrate compelling legitimate grounds.
- Withdrawal of consent (Art. 7(3)) — where processing is based on your consent, you may withdraw it at any time; this does not affect lawfulness of prior processing.
You also have the right to lodge a complaint with a supervisory authority, in particular the authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement. The competent supervisory authority for the Operator will be identified in the Imprint once the operating entity is incorporated. Until then, write to contact@sami-agent.com for any privacy enquiry.
9. Chat Content — Local Storage; No Persistent Server Retention
Conversations in the Desktop IDE are kept on your device. SAMI does not persistently store chat message content on our servers — no database writes, no chat history API, and no server-side export. When you send a message, content is transiently relayed to the AI model you selected so the service can respond; that relay is not a durable archive on SAMI infrastructure.
What this means in practice:
- Your conversation history persists locally for as long as your device has disk space — there is no expiry date set by SAMI.
- SAMI has no access to the content of your conversations. We cannot read, search, or export your chat history.
- There is no cloud sync of chat content. Conversations do not leave your device unless you explicitly copy and share them.
- If you uninstall the Desktop IDE or clear its local storage, your chat history is gone — SAMI cannot restore it, as we never held a copy.
- Image attachments: Images you attach to a message are forwarded inline to the AI model you selected, in the same way as the text message itself. Like the text, they are not stored on SAMI servers — no database write, no disk cache, no thumbnail. The model provider may retain the request per their own terms (see Section 5).
- Voice input: When you dictate a message, the audio is sent to a transcription model, returned as text, and the audio is discarded immediately. Only the resulting text becomes part of your locally-stored conversation.
The only server-side data associated with chat usage is usage records (token counts, credit debits) required for billing. These records do not contain message content — only the volume of tokens consumed per model and session identifier.
10. Retention After Account Deletion
When you delete your account, the following timeline applies:
- Chat content: not held server-side — nothing to delete. Your local chat history remains on your device until you remove it yourself.
- Account profile data (name, email, hashed password): anonymised or deleted within 30 days of account closure.
- Billing transaction records and usage invoices: retained for 7 years from the transaction date under the applicable statutory billing-record retention obligation.
- Security audit logs: retained for 1 year from the recorded event, even after account deletion, for fraud prevention and legal-obligation purposes.
11. Technical and Organisational Security Measures
We implement appropriate technical and organisational measures pursuant to Art. 32 GDPR, including: TLS encryption in transit, industry-standard memory-hard password hashing, versioned encryption of sensitive fields at rest, IP-based rate limiting, TOTP two-factor authentication, and access control restricted to the minimum necessary. Infrastructure is hosted in EU data centres certified to ISO 27001.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.