Sakha
Sakha
Get Started

Legal

Privacy Policy

Effective January 1, 2026

Amna Labs, Inc. ("Sakha," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website at sakha.ai, sign up for an account, or use the Sakha platform and any related services (collectively, the "Services").

By accessing or using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree with any part of this Policy, please do not use the Services.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account, configure a workspace, or interact with Sakha, we collect the information you choose to provide, including:

  • Account information: name, work email, job title, company name, and billing details.
  • Workspace content: documents, policies, contracts, onboarding flows, knowledge base entries, and any files you upload to your workspace.
  • Communications: messages you exchange with our support team and any feedback you submit.
  • Employee data: if you, as an administrator, enter information about your new hires or employees (name, role, department, start date, manager), you are responsible for ensuring you have the legal basis to share that data with Sakha.

1.2 Information Collected Automatically

When you use the Services we automatically receive certain information, including:

  • Device and log data: IP address, browser type, device identifiers, operating system, referring URLs, and access timestamps.
  • Usage data: pages viewed, features used, queries asked of the Sakha bot, time spent in the application, and similar interaction data.
  • Cookies and similar technologies: we use cookies, web beacons, and local storage to operate the Services, remember preferences, authenticate sessions, and analyze usage.

1.3 Information from Third-Party Integrations

If you connect Sakha to a third-party service (for example Slack, Google Workspace, Notion, Confluence, GitHub, Microsoft Teams, Linear, or Jira), we receive information from those services in accordance with the permissions you grant during the integration. This may include user identities, channels, files, calendar events, and document contents that you explicitly authorize Sakha to access.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, secure, and improve the Services.
  • Process and respond to questions through the Sakha bot, generate semantic search results, draft onboarding flows, review contracts, and produce policy suggestions.
  • Authenticate users, manage subscriptions, and process payments.
  • Communicate with you about product updates, security alerts, and support requests.
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms of Service.

3. AI Models and Training

Sakha uses third-party large language models and our own internal pipelines to power features like the knowledge bot, contract review, and policy generation. We do not use your customer content to train, fine-tune, or improve any foundation model, and we contractually require our model providers to honor that same restriction with respect to data we send to them on your behalf.

Aggregated, fully anonymized telemetry (for example, "average response latency across all workspaces") may be used to improve our service quality. This data cannot be linked back to any individual or workspace.

4. How We Share Information

We do not sell or rent personal information. We share information only in these cases:

  • Service providers: with vendors who process data on our behalf to provide the Services (cloud hosting, payment processing, customer support, analytics, AI inference). These vendors are bound by confidentiality and data-protection obligations.
  • Within your organization: content you upload or create is accessible to authorized members of your workspace based on the role and permission settings you configure.
  • Legal requirements: when we believe disclosure is required by applicable law, regulation, legal process, or governmental request, or to protect our rights, property, or safety, or that of others.
  • Business transfers: in connection with a merger, acquisition, reorganization, financing, or sale of assets, in which case we will provide notice before your information is transferred.
  • With your consent: for any other purpose disclosed at the time we collect the information or with your subsequent authorization.

5. Data Retention

We retain personal information for as long as your account is active and as needed to provide the Services. After account termination, we delete or anonymize your customer content within 30 days, except where retention is required to comply with legal obligations, resolve disputes, or enforce our agreements. Backup copies are purged on a rolling 90-day cycle.

6. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

  • Encryption in transit (TLS 1.2 or higher) and at rest (AES-256).
  • Row-level isolation between customer workspaces.
  • Role-based access controls and least-privilege principles for our personnel.
  • Regular vulnerability scanning, penetration testing, and security audits.
  • SOC 2 Type II controls covering security, availability, and confidentiality.

No method of transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your personal information, subject to certain legal exceptions.
  • Object to or restrict certain processing activities.
  • Receive a copy of your information in a portable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at privacy@sakha.ai. We will respond within the timeframes required by applicable law.

8. International Data Transfers

Sakha is operated from the United States, and the personal information we process may be transferred to, stored in, and processed in countries other than your country of residence. Where required, we rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms to protect personal information transferred from the European Economic Area, United Kingdom, or Switzerland.

9. California Privacy Rights (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. These include the right to know what personal information is collected, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information, and the right to limit the use of sensitive personal information.

Sakha does not sell personal information and does not share personal information for cross-context behavioral advertising.

10. Children's Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without verified parental consent, we will delete that information promptly.

11. Cookies and Tracking

We use first-party cookies for authentication and session management, and we use a small number of third-party analytics cookies to understand how the Services are used. You can control cookies through your browser settings. Disabling cookies may impact the functionality of the Services.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice in the Services prior to the change taking effect. The "Effective" date at the top of this Policy indicates when it was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Amna Labs, Inc.
Email: privacy@sakha.ai
Data Protection Officer: dpo@sakha.ai