Privacy Policy

1. Who We Are

Saj Link is a sovereign encrypted communications platform operated by Sajdak Group Holdings. Our registered address is Manama, Kingdom of Bahrain. Questions about this policy may be directed to privacy@sajlink.com.

2. Data We Collect

• Account data: Email address and phone number used to register your account. We use phone number as your primary identity.
• Messages: Encrypted message payloads are transmitted through our servers. We cannot read your messages — they are end-to-end encrypted using Signal Protocol (V1) and Saj Protocol V2 (post-quantum). Our servers store only ciphertext.
• Voice audio: Voice messages are processed on your device before transmission. Transcription is performed on-device using our local AI model — audio never leaves your device in plaintext.
• Contacts: We use a k-anonymity protocol (SHA-256 hashed phone numbers) to help you discover contacts who are also on Saj Link. We never receive your full contact list.
• Usage metadata: Connection timestamps, message delivery status (sent/delivered/read), and session identifiers. We minimise metadata collection by design.
• Push notification tokens: APNs (Apple) and FCM (Google) device tokens, stored encrypted, used only to deliver message notifications.

3. End-to-End Encryption

All messages and calls use end-to-end encryption. The Saj Link server acts as a relay for ciphertext only. We have no technical ability to read your messages, listen to your calls, or view your media. Encryption keys are generated on your device and never transmitted to our servers.

We implement Signal Protocol V1 (X3DH + Double Ratchet) for standard encryption and Saj Protocol V2 (post-quantum ML-KEM-768 + Triple Ratchet + Ascon-AEAD128) for users who opt in to quantum-resistant encryption.

4. On-Device Voice Processing

Wake word detection runs entirely on your device. Voice transcription for voice messages is performed locally using our on-device AI model. No audio is sent to external transcription services. You control whether transcripts are shared with message recipients.

5. Data Retention

• Account data: retained until account deletion, then deleted within 30 days.
• Messages: stored as encrypted blobs until delivered, then deleted from servers (delivery ACK model). Stored on your device per your local settings.
• Ephemeral rooms: automatically destroyed per configured timer (minimum 1 hour, maximum 30 days).
• Audit logs: retained for 90 days (Free plan) to 2 years (Enterprise plan) for security purposes.
• Push tokens: deleted when you unregister a device or delete your account.

6. Third-Party Services

• Resend (resend.com) — transactional email for account verification, security alerts, and welcome emails. Your email address is transmitted to Resend for delivery.
• Amazon Web Services (AWS) — our infrastructure runs on AWS in the ap-southeast-2 (Sydney) region. Data is stored on AWS RDS (PostgreSQL) and AWS S3, both encrypted at rest using AWS KMS.
• Apple APNs — push notification delivery for iOS devices. Notification payloads are encrypted (ephemeral ECDH + AES-256-GCM) before transmission to APNs. Apple cannot read notification content.
• Google FCM — push notification delivery for Android devices. Same encrypted payload architecture as APNs.
• Twilio — SMS-based phone number verification during account registration. Used only for OTP delivery.
• Paddle — payment processing for premium subscriptions. We do not store payment card data. Paddle's privacy policy applies to billing data.

7. Your Rights (GDPR / Australian Privacy Act)

If you are located in the European Economic Area, United Kingdom, or Australia, you have the following rights regarding your personal data:

• Access: Request a copy of all data we hold about you.
• Rectification: Correct inaccurate data in your account settings.
• Erasure: Delete your account and all associated data via Settings → Account → Delete Account. We will process erasure within 30 days.
• Portability: Export your data in JSON format via Settings → Account → Export Data.
• Restriction: Restrict processing of your data while a dispute is resolved.
• Objection: Object to processing based on legitimate interests.

To exercise any right, email privacy@sajlink.com with your registered phone number and the specific request.

8. No Tracking or Advertising

Saj Link contains no advertising. We do not sell your data to third parties. We do not use tracking pixels, behavioural analytics SDKs, or fingerprinting. Our app does not request advertising identifiers (IDFA / GAID).

9. Security

We implement industry-standard security practices: TLS 1.2+ for all network communications, AES-256-GCM encryption at rest, hardware security modules for key management, rate limiting on all authentication endpoints, and SOC 2-aligned audit logging. All database tables have row-level security enabled.

10. Children

Saj Link is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe a child has registered, contact privacy@sajlink.com and we will delete the account.

11. Cookies and Local Storage

The Saj Link web application uses browser local storage and session storage to maintain your authentication session and application preferences (such as language choice and notification settings). We do not use third-party advertising cookies. We do not use tracking cookies. Cloudflare, our CDN provider, may set a strictly-necessary __cf_bm cookie for bot management — this cookie is functional and does not track you across sites. If you use the marketing site (sajlink.com), no persistent cookies are set by Saj Link itself.

12. Changes to This Policy

We will notify you of material changes via in-app notification and email at least 14 days before changes take effect. Continued use of Saj Link after that date constitutes acceptance of the updated policy.

13. Contact

Data Controller: Sajdak Group Holdings, Manama, Kingdom of Bahrain.
Privacy enquiries: privacy@sajlink.com