Privacy Policy

Last updated: April 12, 2026

Overview

Saga PM ("Saga," "we," "us," or "our") operates the website sagapm.io and the Saga PM application at app.sagapm.io (together, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Password (stored as a cryptographic hash — we never store plaintext passwords)
  • Organization name and role
  • Authentication method (email/password, SSO via Google, Microsoft, or Okta)

Usage Data

We automatically collect:

  • Pages visited and features used within the Service
  • Browser type, operating system, and device information
  • IP address and approximate geographic location
  • Timestamps of access and actions

Content You Provide

We store the content you create within the Service, including goals, projects, milestones, records, comments, ideas, and file attachments. This content belongs to your organization.

Demo Request Information

If you submit a demo request, we collect your name, work email, company name, team size, role, and any message you provide.

How We Use Your Information

  • To provide, maintain, and improve the Service
  • To authenticate your identity and manage your account
  • To send transactional emails (password resets, invitations, notifications)
  • To respond to demo requests and support inquiries
  • To monitor Service performance, security, and reliability
  • To comply with legal obligations

We do not sell your personal information. We do not use your content to train machine learning models.

Data Isolation

Each organization's data is stored in a separate database schema, providing strong isolation between tenants. Your organization's content (goals, projects, records, etc.) is not accessible to other organizations.

Third-Party Services

We use the following third-party services to operate:

  • DigitalOcean — cloud infrastructure and hosting (US-based data centers)
  • Cloudflare — DNS, CDN, and DDoS protection
  • Postmark — transactional email delivery
  • Ory Kratos — self-hosted authentication (your auth data stays on our infrastructure)

We do not use third-party analytics that track you across other websites. Our marketing site uses Cloudflare Web Analytics, which is privacy-friendly and does not use cookies or track individual users.

Cookies

The Service uses session cookies to maintain your authenticated session. These are strictly necessary for the Service to function and are not used for advertising or tracking. We do not use third-party advertising cookies.

Data Retention

We retain your account information and content for as long as your account is active. If you or your organization administrator deletes your account, we will delete your personal data within 30 days, except where retention is required by law. Backups containing your data are automatically purged within 90 days.

Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS) and at rest
  • Schema-per-tenant database isolation
  • Regular security monitoring and logging
  • Role-based access controls within the application

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise these rights, contact us at privacy@sagapm.io.

Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy, contact us at privacy@sagapm.io.