Privacy Policy — Sazi

Last updated: June 10, 2026Version françaiseTerms of Service

Sazi is built on a simple principle: your health data stays on your phone. This policy describes what is processed, where, why, and your rights (GDPR).

1. Data controller

SmartAI Labs (SIREN 102 229 911) — contact@smartailabs.tech.

2. Local-first: what never leaves your device

The health data you enter is stored only on your device, in the app's private storage:

  • your doses (amounts, injection sites, notes)
  • your weight and weigh-in history (including the read-only Apple Health import)
  • your perceived side effects
  • your meals and your coach conversation history

3. Transit without retention

Two features send data to our servers for immediate processing, without retention:

Meal photos (Sazi Scan): the photo travels encrypted, is analyzed in memory and then discarded. It is never stored or logged server-side. Only the structured result (foods, estimates) and a technical fingerprint of the photo are cached for 24 hours to avoid analyzing the same photo twice.

Coach messages: the server is stateless — it receives the latest messages of your conversation and a minimal context, replies, and keeps nothing. The history lives only on your device.

4. What is kept server-side

Hosting: Microsoft Azure, West Europe region (Netherlands). Only the following is kept:

  • your anonymous identifier (UUID generated by the app — no account, no email, no name)
  • your subscription plan (free or Premium) and its expiry date
  • usage counters (analysis and message quotas)
  • meal analysis results cached for 24 hours

5. Payment

Purchases are processed by Apple (App Store) or Google (Google Play), and subscription management by our processor RevenueCat (GDPR-compliant data processing agreement). SmartAI Labs never sees or stores any banking data. RevenueCat only receives your anonymous identifier and your subscription status.

6. Analytics

We use PostHog, hosted in the European Union, to understand overall app usage: anonymous events (for example “a scan was performed”), tied only to your anonymous identifier, with no health data whatsoever (never your weight, medication, side effects or message content).

You can turn analytics off at any time in Profile > Privacy.

7. Legal bases and retention

Contract performance (Terms): app operation, subscription, quotas. Legitimate interest: anonymous analytics (with opt-out). Server data is kept while the app is in use; the analysis cache expires after 24 hours; subscription events are kept for the duration of the contractual relationship and accounting obligations.

8. Your rights

Under GDPR you have the rights of access, rectification, erasure, restriction and objection. Local data is deleted by uninstalling the app. For server data, send your anonymous identifier (shown in the app) to contact@smartailabs.tech and we will delete the associated records. You may lodge a complaint with the CNIL (cnil.fr) if you believe your rights are not respected.