Skip to content

Privacy Policy

Last updated: April 2026 · OpenSassy

1. Who we are

OpenSassy is the trading name of the OpenSassy platform. Contact us at hello@the-sassy.com.

We are the data controller for personal data relating to our customers and visitors. For personal data that our customers process through our platform (client data, staff data), we act as a data processor — our Data Processing Agreement (DPA) governs this relationship.

Contact: hello@the-sassy.com

2. What data we collect

Account data:

Name, email address, password (hashed), business name, business type. Collected when you sign up.

Business operational data:

Bookings, client records, staff records, services, invoices, payroll figures. This is data you input into OpenSassy to run your business. You are the controller of this data; we process it on your behalf.

Usage data:

Pages visited, features used, timestamps, IP address, browser type. Collected automatically via cookies and server logs.

Payment data:

We use Stripe as our payment processor. We do not store card numbers. Stripe's privacy policy applies to payment processing.

Communications:

Emails, support messages, and chat conversations you send to us.

3. Lawful basis for processing

Contract performance: Processing your account data and business data to provide the OpenSassy service you have subscribed to.

Legitimate interests: Improving our service, detecting fraud and abuse, sending relevant product updates. Where we rely on legitimate interests, we have assessed that our interests do not override your rights.

Legal obligation: Retaining billing records as required by UK law.

Consent: Marketing communications (you can withdraw consent at any time by unsubscribing).

4. How we use your data

  • To provide, maintain, and improve the OpenSassy platform
  • To process payments via Stripe
  • To send transactional emails (account confirmations, invoices, alerts)
  • To send product updates and offers (with consent — opt out anytime)
  • To respond to support requests
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

5. Data storage and residency

All data is stored in Google Cloud Platform's London region (europe-west2). Your data does not leave the UK except where you explicitly integrate third-party services (e.g., Stripe, which stores payment data under its own terms). We do not transfer personal data outside the UK/EEA without appropriate safeguards.

6. Data retention

Active accounts: Data retained for the duration of your subscription.

After cancellation: Your data is retained for 30 days to allow you to export it. After 30 days, all personal data is permanently deleted from our systems.

Billing records: Retained for 7 years as required by UK tax law.

You can request early deletion at any time — see Your Rights below.

7. Third parties we share data with

Stripe: Payment processing. Stripe is PCI-DSS compliant.

Google Cloud Platform: Infrastructure and data storage (London region).

Anthropic / xAI / Google: AI processing for generating responses. We do not share identifiable personal data with AI providers; messages are processed transiently.

We do not sell your data to third parties, ever.

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Access: Request a copy of all data we hold about you
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Request we limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: For any processing based on consent

To exercise any right, email hello@the-sassy.com. We will respond within 30 days.

9. Complaints

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk or 0303 123 1113. We would appreciate the opportunity to resolve any concerns directly first.

10. Changes to this policy

We will notify you by email and update the date above when we make material changes. Continued use of OpenSassy after notification constitutes acceptance.