Privacy Policy

Cytisum Digital Consulting Inc., operating as Satua ("we", "us", "our"), operates the Satua platform at satua.io. This Privacy Policy describes our practices under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia's Personal Information Protection Act (BC PIPA), Alberta's Personal Information Protection Act (Alberta PIPA), Quebec's Act Respecting the Protection of Personal Information in the Private Sector as amended by Law 25, and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA). If you are located outside Canada or the United States, additional protections may apply under local law; contact privacy@satua.io. Our Privacy Officer can be reached at the same address.

Satua acts as a data controller for Account Data and Usage Data that we collect directly from Users. Satua acts as a data processor, service provider, or contractor (as applicable) for Lead Data and Tenant Content, which we process on documented Tenant instructions. Lead ingestion runs are initiated and attributed to a specific Tenant through CSV import, manual entry, lists, or the Pipelines workflow. Tenants are solely responsible for the lawful basis of each upload, import, provider-synced request, outreach recipient, and communication.

Satua does not provide, sell, broker, resell, license, or otherwise monetize Lead Data as a standalone data product. We do not operate a lead marketplace, do not sell or share Lead Data for cross-context behavioral advertising, and do not disclose one Tenant's Lead Data to another Tenant or unrelated third party for independent marketing, resale, enrichment, list-building, or brokerage purposes.

When a Tenant connects a third-party data provider (currently Hunter.io) under their own provider account, the data returned by that provider passes through Satua to the Tenant's workspace. The provider's terms classify the integrating party as an independent data controller of the returned personal data, and the provider acts as a processor for the Tenant. As a result, for data accessed through such Tenant-connected provider integrations, Satua acts as an independent data controller in parallel with the Tenant, who separately holds Controller responsibility under their data processing agreement with Satua. This independent-controller chain is a standard B2B-data structure under the GDPR and does not create joint-controllership obligations between Satua and the provider. Satua will, in its capacity as independent controller, comply with applicable data protection law and the Tenant-facing commitments in this Policy and our Terms of Service.

Account Data (collected directly from you): Full name, email address, avatar (from Google OAuth), organization membership, role, authentication identifiers, IP address, and login timestamps.

Usage Data (collected automatically): Feature usage patterns, email sending volumes, API usage, session cookies required for authentication.

Tenant Content (tenant-provided): AI prompts, email templates, company profile text, drafted email content, and messaging configuration.

Lead Data (tenant-provided via CSV upload, manual entry, tenant-authorized provider connections, lists, or tenant-initiated collection flows): Contact names, email addresses, phone numbers, job titles, LinkedIn profiles, company information (name, domain, industry, size, revenue, location, technologies), engagement data (email opens, clicks, bounces), status, tags, and assignment history.

AI Interaction Data: Generation prompts, model outputs, selection and feedback signals.

Device and Network Data: IP address, user agent.

We collect and use personal information for the following purposes: (a) providing and operating the Satua platform; (b) authenticating your identity; (c) processing lead data and sending emails on your behalf; (d) generating AI-powered content at your request; (e) communicating with you about your account and the Service; (f) improving, securing, debugging, and maintaining the Service; (g) enforcing our Terms of Service; and (h) complying with legal obligations. We do not sell Account Data or Lead Data to third parties and do not share it for cross-context behavioral advertising.

We may additionally use Tenant Content, Usage Data, and De-Identified Data derived from Lead Data and email communications for product improvement, analytics, benchmarking, research, and AI model evaluation, as described in Section 8.3 of our Terms of Service. We de-identify Lead Data before using it for these purposes and do not use raw Lead personal information or raw outreach recipient content to train third-party foundation models.

By creating an account and using Satua, you consent to the collection, use, and disclosure of your personal information as described in this Policy. Where we act as a data processor on your behalf (processing lead contact data you upload, import, manually enter, or sync from your own providers), you represent and warrant that you have obtained any necessary consents or have a lawful basis for providing such data to us. You may withdraw consent at any time by contacting us, subject to legal or contractual restrictions and reasonable notice. For Lead Data, consent - where required - must be obtained by the Tenant, not by Satua.

Much of the Lead Data processed through the Service qualifies as business contact information used to communicate with an individual solely in connection with their employment, business, or profession. Such information is exempt from the consent, collection, use, and disclosure requirements of PIPEDA under section 4.01, BC PIPA under section 3(2)(e), and Alberta PIPA under section 4(3)(d). Tenants are responsible for ensuring their use of Lead Data falls within the scope of these exemptions or is otherwise supported by a lawful basis.

We share data with the following third-party services solely to operate the platform. Provider connections selected by a Tenant (currently Hunter.io) are connected under the Tenant's own provider account and are not Satua sub-processors. See Section 2B for the controller relationship that applies to data accessed through such provider connections:

Supabase, Inc. (USA) — Managed database, authentication, and file storage provider. Holds Tenant Content, Lead Data, Account Data, and related platform records. See supabase.com/privacy.
Google LLC (USA) — OAuth identity provider for "Sign in with Google". Receives the authenticating user's email address and basic profile. See policies.google.com/privacy.
Postmark (ActiveCampaign, LLC) (USA) — Tenant email delivery provider. Receives tenant-originated outreach email content, recipient addresses, sender identity, and associated delivery and engagement signals. Does not process system-to-user email. See postmarkapp.com/privacy-policy.
Resend (Resend, Inc.) (USA) — Transactional system-email provider used for internal notifications (for example, workspace invites). Receives internal-user email addresses and notification content. Does not deliver tenant-originated lead outreach.
Stripe, Inc. (USA) — Payment processor for Tenants that pay through the Service. Receives billing-contact identity and invoice amounts. Payment credentials (card, bank account, etc.) are collected directly by Stripe's hosted flows; Cytisum does not see or store full payment credentials. See stripe.com/privacy.
OpenRouter Inc. (USA) — Large-language-model gateway used to route prompts to underlying model providers. Receives prompts and related context necessary to produce AI output. Through OpenRouter, prompts may be processed by OpenAI, L.L.C. (USA), Anthropic, PBC (USA), and Perplexity AI, Inc. (USA) (web-search-grounded reasoning), each acting as an additional sub-processor under their own terms. No raw Lead personal data is used to train any of these providers' foundation models; prompts and outputs are processed for generation only.
Apify Technologies s.r.o. (Czech Republic) — Web-scraping infrastructure used for Tenant-initiated data collection.
Railway Corp. (USA) — Application hosting and compute provider. See railway.com/legal/privacy.

Our hosting provider Railway operates infrastructure in North America; our database provider Supabase operates primarily in the United States. Cross-border transfers of personal information under Quebec Law 25 section 17 are assessed in our Privacy Impact Assessment, available on request to privacy@satua.io.

Your personal information may be transferred to, stored, and processed in countries outside of Canada, including the United States and the European Union, where our sub-processors operate infrastructure. By using the Service, you consent to the transfer of your information to these jurisdictions. Where required by applicable law, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms, to protect your personal information during international transfers.

We use Tenant Content, Usage Data, and De-Identified Data derived from Lead Data and email communications to evaluate model performance, improve product behavior, and analyze user behavior for product improvement. Before Lead Data or email body content is used for de-identified analysis, we apply de-identification techniques that remove or tokenize direct identifiers. We do not use raw Lead personal information or raw outreach recipient content to train third-party foundation models. The contractual basis for this processing is described in Section 8.3 of our Terms of Service.

Satua provides tools that enable you to send commercial electronic messages. You are solely responsible for ensuring compliance with all applicable anti-spam laws, including Canada's Anti-Spam Legislation (CASL), the U.S. CAN-SPAM Act, and the EU ePrivacy Directive. We provide the technical infrastructure for email delivery; we do not determine the recipients, content, or timing of messages you send. You are the sender for the purposes of anti-spam legislation. Recipient-side consent for commercial electronic messages is the Tenant's responsibility; Satua provides the technical infrastructure and does not determine CEM recipients, content, or timing.

Email Tracking: When you send outreach emails through Satua, our tenant email delivery provider (Postmark) may use tracking pixels and link tracking to provide delivery, open, and click analytics. You are responsible for disclosing this tracking to recipients where required by applicable law.

We use strictly necessary cookies to maintain your authenticated session. These cookies are set by our authentication provider (Supabase) and are required for the Service to function. We do not use advertising cookies, tracking pixels on our own website, or third-party analytics cookies.

Account Data: Retained for the duration of your active account plus 30 days after deletion to allow for recovery.
Lead Data: Retained for as long as your organization's Tenant account is active. Upon termination, lead data is deleted within 90 days.
Email Content and Engagement Data: Retained for 24 months from the date of sending, unless earlier deletion is requested.
Usage and Billing Data: Retained for 7 years to comply with Canadian tax and record-keeping requirements.
Audit Logs: Retained for 12 months.

For Tenants subject to Quebec Law 25, personal information will be destroyed or anonymized once the purposes for which it was collected or used are achieved, in accordance with our internal destruction schedule. De-Identified Data may be retained indefinitely.

We protect personal information with security safeguards appropriate to the sensitivity of the information, including encryption at rest and in transit, row-level security policies, access controls, and regular security assessments. Despite these measures, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Under PIPEDA (Canada): You have the right to access your personal information, request corrections, and challenge our compliance. Upon written request, we will inform you of the existence, use, and disclosure of your personal information and provide access to it.

Under BC PIPA and Alberta PIPA: You have additional access, correction, and complaint rights enforced by the Office of the Information and Privacy Commissioner for your province.

Under Quebec Law 25: You have rights of access (s.27), rectification (s.28), deletion and cessation of dissemination (s.28.1), data portability (s.27), and withdrawal of consent (s.13), plus the right to file a complaint with the Commission d'accès à l'information.

Under the California CPRA: California residents have rights to know, delete, correct, opt out of sale or sharing, and limit the use of sensitive personal information.

Under GDPR (EEA/UK reference): If you are located in the European Economic Area or United Kingdom, you may have additional rights including: the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), withdrawal of consent (Art. 7(3)), and the right to lodge a complaint with a supervisory authority (Art. 77).

To exercise rights regarding your Account Data, contact privacy@satua.io. We will respond within 30 days or the period required by applicable law.

If you are a Lead whose personal information is held by a Tenant through the Service, your access, correction, deletion, and other rights requests must be directed to the Tenant that holds your data, not to Satua. Where a request is sent to Satua, we will forward it to the relevant Tenant within 10 business days.

Where GDPR applies, we process personal information on the following legal bases: (a) Contract Performance (Art. 6(1)(b)) for processing necessary to provide the Service; (b) Legitimate Interests (Art. 6(1)(f)) for security, fraud prevention, and service improvement; (c) Consent (Art. 6(1)(a)) where you have given explicit consent; and (d) Legal Obligation (Art. 6(1)(c)) where processing is required by law.

In the event of a data breach involving your personal information that poses a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA. For Tenants subject to Quebec Law 25, we will notify the Commission d'accès à l'information and affected individuals as required by section 3.5. Under CPRA, we will notify the California Attorney General where the breach affects 500 or more California residents. Where applicable under GDPR, we will notify relevant supervisory authorities within 72 hours of becoming aware of the breach.

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

We may update this Privacy Policy from time to time. Each version of this Policy is assigned a version identifier and date. We will notify you of material changes by posting the updated Policy, updating the "Last Updated" date, and emailing each Tenant's primary billing contact at least 30 days before the changes take effect. Non-material changes may take effect immediately on posting. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

For privacy-related questions or to exercise your rights, contact our Privacy Officer at privacy@satua.io.

Cytisum Digital Consulting Inc.
Operating as Satua
privacy@satua.io

In accordance with Quebec Law 25 section 3.1 and PIPEDA Principle 1, Cytisum designates its Chief Executive Officer as its Privacy Officer. The Privacy Officer is responsible for Cytisum's compliance with this Policy and applicable privacy legislation and can be contacted at privacy@satua.io.