Last updated: May 22, 2026

Privacy Policy

This Policy explains what Sailbit collects, why we use it, which providers help us run the product, and how you can exercise privacy rights.

1. Controller and contact

Sailbit is operated by FLIP TECH LTDA, a company in Brazil. For personal data that we decide how and why to process, FLIP TECH LTDA is the controller.

For privacy questions, data subject requests, or contact with our privacy contact under the LGPD, email felipe@fliptech.dev.

2. Scope

This Policy applies to Sailbit's website, web app, account flows, billing flows, support, and related services. It should be read together with our Terms of Service.

This Policy does not cover third-party websites or services that we do not control.

3. Personal data we collect

  • Account data: email address, authentication identifiers, login provider, session data, account status, and basic profile information made available by your login provider.
  • Workspace data: product names, launch stages, distribution channels, task titles, task types, notes, target dates, weekly plans, review choices, focus sessions, and settings.
  • Attachments and links: files you upload, file metadata, task attachment links, storage paths, file size, and MIME type.
  • Import and AI context: CSV rows, column headers, product names, task data, weekly intent text, and AI inputs or outputs needed to preview imports or intent-fit suggestions.
  • Billing data: Stripe customer ID, subscription ID, plan, subscription status, trial dates, invoice/payment status, and billing portal events. Full card numbers are handled by Stripe, not by Sailbit.
  • Usage and device data: pages or features used, events, approximate technical context, browser/device information, referrer, IP-derived security data, and performance or error signals.
  • Support data: messages you send us, email metadata, and information needed to investigate your request.

4. How we use personal data

  • Provide, secure, authenticate, maintain, and troubleshoot Sailbit.
  • Save and sync your workspace, tasks, products, weekly plans, attachments, settings, and billing access.
  • Process trials, subscriptions, cancellations, invoices, taxes, fraud checks, and access rules through Stripe.
  • Provide optional AI-assisted import previews, classification, and weekly intent-fit suggestions.
  • Understand product usage, diagnose errors, and improve the app without using ad tracking.
  • Respond to support, privacy, security, legal, or billing requests.
  • Comply with laws, enforce our Terms, prevent abuse, and protect rights and safety.

Legal bases we may rely on

  • Contract necessity, when processing is needed to provide Sailbit or paid subscription access.
  • Legitimate interests, such as security, fraud prevention, product improvement, analytics, and support.
  • Consent, where required for optional choices or certain communications.
  • Legal obligation and exercise of rights, such as tax, accounting, compliance, dispute, or consumer protection duties.

5. AI data handling

When you use AI-assisted features, Sailbit may send the relevant task, product, CSV, and weekly-planning context to OpenAI through the OpenAI API. We limit this to the data needed for the requested feature.

Do not include highly sensitive personal data, regulated health data, payment card numbers, government IDs, secrets, or confidential third-party information in tasks, notes, attachments, imports, or weekly intents unless you are authorized to do so and accept the risk.

6. Service providers

Supabase

Authentication, database, storage, server infrastructure, row-level security, and account deletion support.

Stripe

Hosted checkout, payment methods, subscriptions, invoices, billing portal, fraud checks, tax or compliance records, and payment-related emails.

PostHog

Product analytics and event measurement when analytics is configured. Sailbit does not use PostHog for advertising profiles.

OpenAI

AI-assisted task import and weekly intent-fit features when an OpenAI API key is configured.

Google

Google OAuth sign-in if you choose to use it.

7. Cookies, local storage, and analytics

Sailbit uses cookies and similar storage for authentication, session continuity, security, preferences, and product analytics where configured.

We do not sell personal data, use third-party advertising trackers, or run behavioral ad targeting in Sailbit.

8. When we share data

  • With service providers that help us run Sailbit, only for the purposes described in this Policy.
  • With payment and financial infrastructure providers for checkout, subscriptions, fraud prevention, tax, accounting, and compliance.
  • If required by law, legal process, regulators, courts, or to protect rights, safety, and security.
  • In connection with a merger, acquisition, financing, reorganization, or sale of assets, with reasonable protections for user data.
  • With your direction or consent.

9. International transfers

Sailbit is operated from Brazil and uses providers that may process data in Brazil, the United States, the European Economic Area, and other countries. These countries may have privacy laws different from your location.

Where required, we rely on appropriate contractual, technical, and organizational safeguards for international transfers.

10. Retention and deletion

We keep personal data for as long as needed to provide Sailbit, maintain your account, comply with law, resolve disputes, enforce agreements, prevent abuse, and keep reasonable backups.

When you delete your account or ask us to delete it, we delete or de-identify active workspace data where reasonably possible. Some information may remain for a limited time in backups, security logs, billing records, tax/accounting records, legal files, or third-party systems where retention is required or legitimate.

Stripe may retain transaction and compliance records under its own legal obligations. OpenAI API abuse monitoring logs may be retained by OpenAI under its API data policies.

11. Security

  • We use HTTPS, Supabase authentication, row-level security, private storage access patterns, and service-role separation where applicable.
  • We limit external service use to configured providers and design integrations to degrade gracefully when keys are missing.
  • No online service can be guaranteed perfectly secure. If you believe there is a security issue, contact felipe@fliptech.dev.

12. Your privacy rights

Depending on your location, including under Brazil's LGPD, the GDPR, and certain US state privacy laws, you may have rights to confirm processing, access, correct, delete, anonymize, port, restrict or object to processing, withdraw consent, and receive information about sharing and automated decisions.

To exercise rights, email felipe@fliptech.dev. We may need to verify your identity before acting on a request. We will respond within the period required by applicable law.

13. Children

Sailbit is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child provided personal data to Sailbit, contact felipe@fliptech.dev and we will take appropriate steps.

14. Changes to this Policy

We may update this Policy as Sailbit, our providers, or legal requirements change. We will update the date above and, for material changes, take reasonable steps to notify users.

For privacy questions, requests, or complaints, contact felipe@fliptech.dev.