SashaSasha helps people living with chronic conditions find and understand online health communities. We know the conditions you track and the communities you look at can be deeply personal, and we treat that information with care. This Privacy Policy explains what we collect, why, who we share it with, and the choices and rights you have.Sasha is operated by Williams CX LLC, a Utah limited liability company ("Williams CX," "we," "us," or "our"), located at 95 E 350 N, Orem, UT 84057. By using Sasha, you agree to this Policy.
A note on health informationSasha is not a healthcare provider, and we are not a HIPAA "covered entity." The conditions you choose to track are not protected health information under HIPAA. They are, however, sensitive to you, and we treat condition information you enter as sensitive personal information. We do not require you to enter any health information to use the basic Service.
1. Information we collectWe collect the following categories of information:
•Account information: your email address and authentication credentials. Sign-in is managed through our identity provider; we do not store your password in readable form.
•Health-related preferences you choose to provide: the conditions you track, the communities you save, and any private notes you add to a saved community.
•Subscription and billing information: your subscription tier and status, and the customer and subscription identifiers from our payment processor. Payment card details are collected and stored by Stripe, not by us.
•Communication preferences: your digest frequency and email and notification settings.
•Usage and technical information: log data, approximate location derived from your IP address, device and browser type, and error and diagnostic data, collected to operate, secure, and improve the Service.
•Cookies and similar technologies: used to keep you signed in and to remember your preferences, as described below.
2. How we use your information
•To provide and personalize the Service, including tracking conditions, saving communities, and generating your digests.
•To process subscriptions, payments, and donations.
•To send you transactional and product emails and the digests you have opted into, and to honor your notification preferences.
•To secure the Service, prevent abuse and automated misuse, and enforce our Terms.
•To analyze usage and improve and develop the Service.
•To comply with legal obligations and respond to lawful requests.
3. How AI processing worksWhen you search for a condition or we generate a community profile or digest, the condition name and related search terms are sent to our AI and search providers so they can generate the results. Community profiles are built from publicly available information about those communities, not from your private account data. We do not sell or use your personal information to train third-party advertising models.
4. How we share informationWe do not sell your personal information for money. We share information only as needed to run the Service, with service providers ("sub-processors") who act on our behalf under contract. These currently include, for example:A current list of sub-processors is available on request. We may also disclose information to comply with the law, enforce our Terms, protect the rights, safety, and security of our users and the Service, or in connection with a merger, acquisition, or sale of assets.
•Stripe — payment processing and subscription billing.
•Resend — transactional and digest email delivery.
•Anthropic — AI generation of community profiles and digests.
•Tavily — web search used to gather publicly available community information.
•Google (Google Analytics) — usage analytics about how the Service is used.
•Sentry — error monitoring and diagnostics.
•Our cloud hosting and database providers — to host the Service and store data.
5. Cookies and trackingWe use cookies and similar local-storage technologies that are necessary to sign you in, keep your session active, and remember your preferences. We also use Google Analytics, a third-party service that uses cookies to help us understand how the Service is used. You can control cookies through your browser settings (disabling them may affect how the Service works), and you can opt out of Google Analytics using Google’s opt-out browser add-on.
6. Data retentionWe keep your information for as long as your account is active or as needed to provide the Service, and afterward only as required to meet legal, accounting, or security obligations or to resolve disputes. When you delete your account, we delete or de-identify your personal information within a reasonable period, except for limited records we are required or permitted by law to retain.
7. SecurityWe use reasonable administrative, technical, and organizational measures, including encryption in transit and access controls, to protect your information. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and any regulators as required by applicable law.
8. Where we operate and process dataSasha is operated from the United States, and the Service is intended for users located in the United States. Your information is stored and processed on servers in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States, where privacy laws may differ from those in your location. The Service is not directed to users in the European Economic Area or the United Kingdom.
9. Your choices and controlsYou have direct control over much of your data from within the Service:
•Download your data: export a copy of your account data from your account settings.
•Delete your account: permanently delete your account and associated personal data from your account settings.
•Manage tracking: add or remove tracked conditions and saved communities at any time.
•Email and notifications: adjust digest frequency and notification settings, or unsubscribe from digests using the link in any digest email.
10. Your privacy rights (United States and California)Depending on where you live, you may have rights to know what personal information we hold about you, to access or receive a copy of it, to correct it, and to delete it. We will not discriminate against you for exercising these rights.If you are a California resident, the CCPA/CPRA gives you the right to know, access, correct, and delete your personal information, the right to opt out of the "sale" or "sharing" of personal information, and the right to limit the use of sensitive personal information. We do not sell your personal information for money. Some analytics cookies (such as Google Analytics) may be treated as a "sale" or "share" under California law; you can opt out of these through the controls described in the Cookies section and any "Do Not Sell or Share My Personal Information" link we provide. We use the sensitive information you provide (the conditions you track) only to provide the Service you have asked for. You may exercise these rights using the controls in your account settings or by contacting us at [email protected], and you may use an authorized agent to do so.
11. ChildrenThe Service is intended for adults 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us and we will delete it.
12. Changes to this PolicyWe may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect means you accept the updated Policy.
13. Contact usFor privacy questions or to exercise your rights, email [email protected] or write to Williams CX LLC, 95 E 350 N, Orem, UT 84057.