Legal

Privacy Policy

Savvy Sales AI LLC · Last updated: June 23, 2026

Introduction

This Privacy Policy describes how Savvy Sales AI LLC, a Wyoming limited liability company (“Hylo,” “we,” “us,” or “our”) collects, uses, stores, and shares information in connection with the Hylo application for the connected CRM platform (the “Platform”), available as a marketplace app embedded at app.hylo.pro and through the Hylo platform at hylo.pro (collectively, the “Service”).

By installing, accessing, or using the Service, you agree to the practices described in this Privacy Policy.

1. Who We Are

Hylo is an automation assistant for the Platform. It connects to your connected account, provides an AI chat interface, and executes the Platform's API actions on your behalf (for example, creating contacts, sending conversations, managing opportunities and workflows).

2. Information We Collect

2.1 Connected account data (via OAuth)

When you install the Service from the app marketplace, you authorize Hylo through the Platform's OAuth flow. We request a broad set of the Platform's permission scopes (currently 106 scopes) so the Service can read and act on your Platform data on your instruction. Depending on the actions you take, this may include:

  • Contacts and their fields, tags, and notes
  • Conversations and messages
  • Opportunities and pipelines
  • Workflows and automations
  • Calendars, appointments, and other Platform objects accessible through the Platform's API

Hylo accesses this data only to perform the operations you request through the chat interface or that you have configured. We do not browse or harvest your Platform data for unrelated purposes.

2.2 Authentication and identity data

  • We authenticate you via the Platform's single sign-on (SSO) when the app loads inside the Platform's embedded view.
  • We store identifiers such as your sub-account ID and user/account identifiers needed to scope your data and connections.

2.3 Chat content and uploaded files

  • Chat messages you send to the AI assistant, and the assistant's responses.
  • Uploaded files, including images (stored in Supabase Storage) and PDFs (from which we extract text). These are used to generate AI responses to your requests.

2.4 Billing and usage data

  • Wallet and billing records for the prepaid token wallet (per sub-account), processed through Stripe.
  • Usage logs recording, for example, token consumption and which operations were run, used for billing, support, and abuse prevention.
  • We do not store your full payment card details. Card data is collected and processed by Stripe; we receive only limited information such as transaction status and identifiers.

2.5 Credentials you provide

  • The Platform's OAuth tokens are stored encrypted at rest (Fernet encryption).

3. How We Use Your Information

We use the information described above to:

  • Operate the Service and execute the Platform actions you request;
  • Generate AI assistant responses to your messages and uploaded files;
  • Authenticate you and maintain your session;
  • Process billing, maintain your token wallet, and prevent abuse;
  • Provide support, debug issues, and improve reliability and security of the Service.

We do not sell your personal information. We do not use your Platform data or chat content to train our own models.

4. How AI / LLM Processing Works (Important)

The Service is an AI assistant. To generate responses, your chat messages, relevant context, and the content of files you upload are transmitted to a third-party Large Language Model (LLM) provider.

  • Hylo uses Anthropic (Claude) as the LLM provider.

The LLM provider processes this content to produce a response, which is returned to you through the Service. Your use of the AI features is therefore also subject to the privacy practices of the LLM provider. Please review their policy:

Do not submit information through the AI chat that you are not authorized to share with this third-party provider.

5. How We Store and Secure Your Data

  • Encryption at rest: The Platform's OAuth tokens are encrypted at rest using Fernet symmetric encryption.
  • Hosting: Our backend runs on Render; application data is stored in PostgreSQL (Render-managed) and in Supabase (including Supabase Storage for uploaded images).
  • Transport security: Data is transmitted over encrypted (HTTPS/TLS) connections.
  • Access controls: Stored connections, chat history, and wallets are scoped per user and per sub-account.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Sub-Processors

We share data with the following third-party service providers (“sub-processors”) strictly as needed to provide the Service:

  • Connected CRM platform — The platform the Service integrates with. Data shared: connected account data via API and OAuth.
  • Anthropic — LLM provider for AI responses. Data shared: chat messages, context, file content.
  • Supabase — Database and file/object storage. Data shared: chat history, uploaded files, stored records.
  • Render — Backend hosting and PostgreSQL database. Data shared: all application data processed by the backend.
  • Stripe — Payment processing for the token wallet. Data shared: billing/transaction data and payment details.

7. Data Retention

  • We retain your Platform OAuth tokens, chat history, uploaded files, wallet/billing records, and usage logs for as long as your installation is active and as needed to provide the Service.
  • Upon uninstall (see Section 8), we clean up your stored OAuth tokens.
  • We may retain certain records (such as billing records and usage logs) for a longer period where required for legal, accounting, tax, or fraud-prevention purposes.
  • You may request deletion of your data as described in Section 9.

We do not currently apply fixed retention windows: we retain your data until you delete it or request deletion, except where longer retention is required for the legal, accounting, tax, or fraud-prevention purposes noted above.

8. Uninstall Behavior

When you uninstall the Hylo app from the Platform, the Platform sends an UNINSTALL webhook to our backend. On receiving it, we clean up the stored Platform OAuth tokens associated with your installation so the Service can no longer access your connected account.

Other data (such as chat history, wallet balances, and usage logs) may persist after uninstall as described in Section 7. To request full deletion, contact us per Section 9.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Delete your information;
  • Object to or restrict certain processing;
  • Export your data in a portable format.

To exercise these rights, contact us at david@savvysales.ai. We will respond within the timeframe required by applicable law.

You can also disconnect the Service at any time by uninstalling the app from the Platform.

10. Children's Privacy

The Service is intended for business use and is not directed to children under the age of 16. We do not knowingly collect personal information from children.

11. International Data Transfers

Your information may be processed and stored in countries other than your own, including by the sub-processors listed in Section 6. Where required, we rely on appropriate safeguards for such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

Questions about this Privacy Policy or our data practices?