Privacy Policy

Last Updated: January 10, 2026

Sarih Tech ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered business idea validation service (SARIH). Sarih Tech is operated as a sole proprietorship. For legal inquiries, contact sarihlegal@gmail.com.

1. Information We Collect

Account Information: When you create an account, we collect your email address and authentication credentials (securely encrypted). We use third-party authentication providers (Google, GitHub) where applicable.

Validation Data: When you submit business ideas for validation, we temporarily process your input to generate analysis results. This includes the idea description and any additional context you provide.

Usage Data: We only collect basic analytics such as timestamps, session duration, and feature usage to improve our service.

Payment Information: Payments are processed by Polar Software Inc. ("Polar"), our Merchant of Record. Polar uses Stripe as their payment processor. We do not store your credit card details. Polar and Stripe handle all payment data according to their respective privacy policies. For more information, see Polar's Privacy Policy and Stripe's Privacy Policy.

2. How We Use Your Information

We use your information to:

  • Provide and operate the validation service
  • Store your validation history in your account
  • Process payments through our Merchant of Record (Polar)
  • Send transactional emails (receipts, account notifications)
  • Improve our service based on aggregate usage patterns

Legal basis (for GDPR regions): Contract performance, legitimate interest (security, improvements), and legal obligation (tax records).

3. How AI Processing Works

When you submit an idea for validation:

  • Your input is processed through our validation system
  • Third-party AI services generate analysis based on your input
  • Your report is stored in your account for your access

4. What We Do NOT Do With Your Data

We want to be clear about our practices:

  • We do NOT train AI models on your business ideas. Your submissions are used only to generate your validation report.
  • We do NOT sell your data to anyone, ever.
  • We do NOT share your specific business ideas with other users, partners, or for marketing purposes.
  • We do NOT use your ideas for our own business purposes or to compete with you.
  • We do NOT monetize your data beyond providing you the service you paid for.

Note: Our third-party service providers (AI APIs, database, infrastructure) may process your data according to their respective privacy policies and may maintain operational logs as required for their services. We select providers with strong privacy practices.

5. Data Storage and Security

Client-Side Encryption (Zero-Knowledge Architecture):

Your business ideas are encrypted on your device before being transmitted to our servers. This means:

  • We cannot read your ideas — even if we wanted to, we don't have the keys
  • Your ideas are encrypted before leaving your device — not just in transit or at rest
  • Zero-knowledge architecture — we literally cannot access your unencrypted data

Additional security measures include:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest on our servers
  • Secure authentication mechanisms
  • Access controls and monitoring

While we implement industry-leading security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

6. Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication
  • Polar (Merchant of Record): Payment processing, billing, and tax compliance. Polar acts as the seller of record for all transactions.
  • Stripe: Payment processing (used by Polar)
  • AI Service Providers: For generating validation analysis

Each third-party service has its own privacy policy governing their data handling practices.

7. Your Rights

Depending on your location, you may have rights under local privacy laws (GDPR, CCPA, PIPEDA, etc.). We do not sell your personal information. You can delete your account from your account settings. For other requests, email sarihlegal@gmail.com. EU/UK users also have the right to lodge a complaint with their local data protection authority if they believe their data has been mishandled.

8. Data Retention

We retain your data while your account is active. If you delete your account, your personal data and validation content will be deleted. We may retain anonymized statistics and records required by law (e.g., payment records for tax purposes). Polar may retain payment records as required by their legal obligations.

9. International Data Transfers

Your data may be processed in countries outside your own, including the United States. For transfers from the EU/EEA/UK, we rely on Standard Contractual Clauses approved by the European Commission or transfers to countries with adequacy decisions. By using SARIH, you acknowledge these transfers.

10. Automated Decision Making

Our validation reports are generated using large language models (LLMs) combined with our proprietary algorithms. These reports are informational only - they do not constitute automated decisions that produce legal or significant effects on you. You are free to use or disregard our analysis.

11. Children's Privacy

SARIH is not intended for users under 18 years of age. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy at any time. Continued use of the Service after changes constitutes acceptance.

13. Contact Us

For privacy-related inquiries, contact us at: sarihlegal@gmail.com

For payment-related privacy inquiries, you may also contact Polar at: support@polar.sh