Privacy Policy

Sageon Ltd, a company registered in England and Wales (company no. 17218060), with registered office at 66 Paul Street, London EC2A 4NA.

We are the data controller for personal data you provide directly to us (your account details, payment info, communications). For data your organisation processes through Sageon Business (project data, employee records, contacts), your organisation is the controller and Sageon is the processor - see our Data Processing Agreement.

ICO registration: in progress. The registration number will appear here once issued.

• Account data: name, email address, organisation name, role.
• Billing data: processed by Stripe - we never store full card details.
• Usage data: pages visited, clicks, features used.
• Content you create: projects, RAID entries, prompts you save, etc. Only used to deliver the service.
• Communications: emails you send us, support tickets.

We use your personal data to:

• Provide and improve the Sageon products you signed up for
• Process payments and manage subscriptions
• Send transactional emails (sign-up confirmation, receipts, password resets)
• Send occasional product updates (only if you subscribed to the newsletter)
• Respond to support enquiries
• Comply with legal obligations (tax records, fraud prevention)

• Contract - to deliver the service you signed up for
• Consent - for marketing emails (withdraw any time)
• Legitimate interest - for product analytics and improvement
• Legal obligation - for tax records, fraud prevention, court orders

We use the third-party subprocessors listed on our subprocessor page. These include Stripe, Supabase, Resend, Vercel, Cloudflare and Anthropic.

We do not sell your data, ever. We do not share data with advertisers or data brokers.

We may disclose data if required by law (court order, regulatory request). We challenge requests we believe are overbroad or unlawful.

If you use Sage AI features, your queries and relevant organisational context (project names, RAG status, financial summaries) are sent to Anthropic (PBC) for processing. Anthropic does not use API data to train their models.

See our AI usage disclosure for full details.

Under UK GDPR you have the right to:

• Access personal data we hold about you
• Correction of inaccurate data
• Erasure (right to be forgotten)
• Restriction of processing
• Objection to processing for marketing
• Portability - export your data in machine-readable format
• Complain to the ICO at ico.org.uk

Email hello@sageon.co.uk to exercise any right. We respond within 30 days.

We keep account data while your account is active, plus 90 days after cancellation for recovery. Billing records are kept for 6 years (HMRC).

Some processors (Stripe, Anthropic, Cloudflare) are based in the United States. We rely on the UK-US Data Bridge, EU-US Data Privacy Framework, and Standard Contractual Clauses (with the UK addendum) to protect data transferred outside the UK.

We use only essential cookies (authentication, session, CSRF). No advertising trackers, no profiling analytics. See our Cookie Policy for the full list.

We use appropriate technical and organisational measures - encryption in transit (TLS), encryption at rest, role-based access, audit logging. See our Security page for details.

Sageon is a business product. We do not knowingly collect data from anyone under 18.

We may update this policy. The “Last updated” date reflects recent changes. Material changes are announced via email to active customers and a notice on this page for 30 days.

For privacy questions: hello@sageon.co.uk

For complaints: the UK Information Commissioner's Office at ico.org.uk