Hecttor logo

Privacy Policy

Last Modified: May 31th, 2024

1. Introduction

Hecttor is a software product developed and operated by Saima Inc., a Delaware corporation ("Saima," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, process, and protect information in connection with:

  • the Hecttor website,
  • Hecttor Desktop App,
  • Hecttor Hermes SDK,
  • Hecttor Orpheus SDK,
  • APIs and related services,
  • customer and developer relationships,
  • support interactions,
  • and marketing or business communications.

Saima designs its Services to minimize the collection and retention of personal information wherever reasonably possible.

Where a Customer or Developer/Integrator has entered into a separate written agreement with Saima Inc., including an Order Form, Master Services Agreement (MSA), SDK License Agreement, pilot agreement, or other executed agreement, that agreement governs to the extent of any conflict with this Privacy Policy.

Our Contact Information:

1.1 Who This Policy Applies To

This Privacy Policy applies to:

  • Customers: Organizations or business entities that have entered into an agreement with Saima Inc. to use Hecttor Services.
  • Authorized Users: Individual employees, contractors, or agents of Customer organizations that are granted access to use Hecttor Services.
  • Developers/Integrators: Organizations and developers who integrate the Hecttor SDK into their applications.
  • End Users:Individuals who use applications that have integrated the Hecttor SDK (subject to the integrating developer's privacy policy).
  • Website Visitors: Individuals who visit our website or interact with our marketing materials.
  • Business Contacts: Individuals whose professional contact information we collect for business development, sales, and marketing purposes.

Important: By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

1.2 Access Categories

The Services may be accessed in different ways depending on the relationship between the individual or organization and Saima Inc.

  • Website Visitors may access publicly available website content and marketing materials.
  • Customers and Authorized Users may access Services pursuant to applicable subscriptions, Order Forms, or enterprise agreements.
  • Developers/Integrators may access SDKs, APIs, or developer tools only where separately authorized by Saima Inc.
  • End Users may interact with Customer Applications or systems integrating Hecttor technologies but may not have a direct relationship with Saima Inc.

In some cases, Customers or Developers/Integrators may enter into separate agreements with Saima Inc., including Order Forms, Master Services Agreements, SDK License Agreements, or Data Processing Addenda, which may supplement this Privacy Policy where applicable.

1.3 Our Privacy-First Architecture

Hecttor products are designed to support local or customer-controlled voice and speech processing architectures.

Hecttor Desktop App

Hecttor Desktop App is designed for human-to-human voice clarity and is typically deployed directly on Customer-managed devices used by agents, operators, or employees.

Under standard deployments:

  • audio processing occurs locally on Customer-controlled devices,
  • conversation audio is designed not to be transmitted to Saima Inc. for processing,
  • and Saima Inc. is designed not to collect or access conversation content or personally identifiable information contained within conversations.

Hecttor Hermes SDK

Hecttor Hermes SDK enables Developers and Customers to integrate real-time voice clarity capabilities into communication platforms and applications.

Under standard deployments:

  • audio processing occurs within the host application or Customer-controlled environment,
  • Saima Inc. is designed not to receive conversation audio processed by the SDK,
  • and Developers and Customers retain control over how data is handled within their applications and infrastructure.

The Hecttor Hermes SDK is designed to operate without requiring external audio processing infrastructure.

Hecttor Orpheus SDK

Hecttor Orpheus SDK is designed for human-to-machine voice processing use cases, including speech recognition pipelines, AI voice systems, and speech analytics platforms. The SDK may operate as a pre-processing layer before automatic speech recognition (ASR) systems and may support capabilities such as:

  • voice isolation,
  • noise cancellation,
  • turn-taking detection,
  • voice activity detection (VAD),
  • and machine-ready speech enhancement.

Under standard deployments:

  • audio processing occurs within Customer-controlled or host application environments,
  • the SDK is designed to improve signal quality in real time for downstream speech processing systems,
  • and Saima Inc. is designed not to store or access conversation content or speech transcripts unless otherwise expressly agreed in writing.

1.4 Our Commitment to Privacy

We understand that trust is fundamental to business relationships. Our privacy practices reflect:

  • Transparency: Clear explanations of our data practices
  • Minimization:We collect only what's necessary for service delivery
  • Security: Industry-specific protections, including SOC 2 Type II certification
  • Control: You maintain ownership and control of your data
  • Compliance: Adherence to GDPR, CCPA, and other applicable privacy regulations

Certain deployments may operate in highly regulated or restricted environments, including government, public safety, transportation, healthcare, financial services, and critical communications sectors.

Customers and Developers/Integrators may independently enable recording, transcription, analytics, or storage functionality within their own systems or third-party platforms. Saima Inc. does not control such processing activities.

1.5 Scope of this Policy

This Privacy Policy applies to information collected through:

  • the Hecttor website,
  • Hecttor products and services,
  • SDKs and APIs,
  • customer and developer relationships,
  • marketing and business communications,
  • and related support interactions.

2. Interpretation and Definitions

2.1 Interpretation

Words with capitalized initial letters have specific meanings as defined below. These definitions apply whether the terms are used in singular or plural form.

2.2 Key Definitions

For the purposes of this Policy, the following terms have the meanings specified below:

"Account" means a unique account created for Customer organizations or authorized parties to access the Services or portions of the Services.

"Authorized User"means an individual employee, contractor, agent, or representative authorized by a Customer to access or use the Services under the Customer's account.

"Business" or "Company" refers to Saima Inc. For purposes of the CCPA/CPRA, "Business" refers to Saima Inc. as the entity that collects personal information and determines the purposes and means of processing such information.

"Cookies" means small text files and similar technologies placed on a device to support website functionality, analytics, preferences, authentication, or related purposes.

"Customer" means an organization, business entity, governmental body, or other legal entity that enters into an agreement with Saima Inc. to access or use the Services.

"Customer Application" means an application, platform, product, system, or service developed, operated, or controlled by a Customer or Developer/Integrator that integrates or uses Hecttor software, SDKs, APIs, or related Services.

"Customer Data" means information, data, content, or materials submitted to, processed through, or made available in connection with the Services by or on behalf of a Customer, Authorized User, Developer/Integrator, or End User. Customer Data does not include Operational Data or aggregated and de-identified data generated by Saima Inc.

"Data Controller" under the GDPR means the entity that determines the purposes and means of processing Personal Data. Saima Inc. acts as a Data Controller for business contact information, website visitor information, account information, and related operational activities. Customers and Developers/Integrators typically act as Data Controllers for Customer Data and End User information processed through their applications or deployments.

"Data Processor" or "Service Provider" under GDPR and CCPA/CPRA means an entity that processes Personal Data on behalf of a Data Controller. Saima Inc. may act as a Data Processor where it processes Personal Data on behalf of Customers pursuant to an applicable agreement or Data Processing Addendum.

"Data Subject" means an identified or identifiable individual whose Personal Data is processed.

"Desktop App" means the Hecttor Desktop App software designed for human-to-human voice clarity and installed on Customer-managed or Customer-controlled devices.

"Developer/Integrator" means an organization or individual that integrates Hecttor SDKs, APIs, or related technologies into a Customer Application or service.

"Device" means any device capable of accessing or using the Services, including computers, workstations, smartphones, tablets, servers, or related systems.

"Documentation" means technical documentation, developer materials, integration guides, specifications, manuals, instructions, policies, or related materials made available by Saima Inc. regarding the Services.

"End User" means an individual who uses a Customer Application or other system integrating or utilizing the Services.

"On-Device Processing" means voice or speech processing that occurs locally on Customer-controlled hardware, devices, infrastructure, or within a Customer Application environment rather than through centralized Saima-controlled processing infrastructure.

"Operational Data" means limited technical, diagnostic, telemetry, licensing, configuration, security, usage, or performance-related information generated through operation of the Services. Operational Data does not include conversation audio content or speech transcripts under standard deployments.

"Order Form" means an ordering document, purchase agreement, statement of work, subscription form, quote, pilot agreement, or other written commercial agreement entered into between Saima Inc. and a Customer or Developer/Integrator relating to the Services.

"Personal Data" or "Personal Information" means information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, to an identified or identifiable individual, as defined under applicable privacy laws.

"Sale" under the CCPA/CPRA means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating Personal Information to another business or third party for monetary or other valuable consideration, as defined by applicable law.

"SDK" or "Software Development Kit" means Hecttor software development kits, including Hecttor Hermes SDK and Hecttor Orpheus SDK, made available by Saima Inc. subject to applicable licensing terms, authorization requirements, or written agreements.

"Services" means Hecttor products, software, SDKs, APIs, website functionality, support services, documentation, and related technologies provided by Saima Inc. Certain Services may require separate authorization, subscriptions, Order Forms, or written agreements.

"Software" means software applications, SDKs, APIs, executable components, models, tools, updates, or related technologies provided by Saima Inc. as part of the Services.

"Subprocessor" means a third-party service provider engaged by Saima Inc. to process Personal Data on behalf of Customers or in support of the Services.

"Third-Party Services" means products, platforms, applications, integrations, infrastructure, software, websites, or services provided by third parties that interoperate with or connect to the Services.

"Usage Data" means technical, operational, analytical, or performance-related information collected or generated through use of the Services, including session metadata, feature usage, configuration data, crash reports, diagnostics, and related telemetry.

"Visitor"means an individual who visits the Website or otherwise interacts with Saima Inc.'s marketing materials, communications, or online properties.

"Website"means Hecttor's websites, portals, documentation sites, or related online properties operated by Saima Inc., including https://hecttor.ai.

"You" or "Your" means the individual or legal entity accessing, using, evaluating, integrating, or interacting with the Services, whether as a Customer, Authorized User, Developer/Integrator, End User, Visitor, or representative thereof.

3. Information We Collect

3.1 Information Collected from Customers

Use of Hecttor SDKs, APIs, and related developer tools may require separate authorization, licensing terms, Order Forms, or written agreements with Saima Inc.

When organizations subscribe to Hecttor's Services, we collect:

Account Information:

  • Company name and business details
  • Primary contact name, email address, and phone number
  • Number of seats/licenses purchased

Technical and Usage Information:

  • Application installation and configuration data
  • Device and system specifications (operating system, hardware requirements)
  • Operational telemetry is limited to technical and service-related metadata such as license status, SDK version, feature usage, performance metrics, and diagnostic information.
  • Error logs and diagnostic information for troubleshooting
  • Integration data with Customer telephony systems or contact center platforms

3.2 Information Collected from Authorized Users

For individual users accessing Hecttor through their organization's account, we may collect:

User Profile Information:

  • Name and email address (provided by Customer for account provisioning)
  • User role and permissions within the Customer's organization
  • Login credentials and authentication tokens

Application Usage Data:

  • Feature usage patterns (which speech adjustment features are utilized)
  • Session metadata (frequency of use, duration, general performance metrics)
  • Preference settings configured by users
  • Technical performance data for quality assurance

Important: We do NOT collect, record, store, or have access to:

  • Voice recordings or audio content from calls
  • Conversation transcripts or content
  • Personally Identifiable Information (PII) discussed during calls
  • Customer or caller information beyond what's necessary for service delivery

3.3 Information Collected from Developers/Integrators (SDK Users)

When developers integrate the Hecttor SDK into their applications, we collect:

Developer Account Information:

  • Company/organization name
  • Developer contact name, email address
  • API keys and authentication credentials
  • SDK version and integration details

SDK Integration Data:

  • SDK initialization and configuration data
  • Integration platform information (iOS, Android, web, etc.)
  • SDK version usage and update patterns
  • Technical implementation details for support purposes

SDK Performance Metrics:

  • Aggregate SDK performance data (processing speed, resource usage)
  • Error logs and crash reports (anonymized)
  • Feature utilization statistics
  • SDK session metadata (frequency, duration)

CRITICAL: Data Saima Inc. Does NOT Collect from SDK Integrations:

  • Audio data processed by the SDK - All audio processing occurs within customer-controlled or host application environments.
  • End User personal information - The SDK does not transmit End User data to Saima Inc.
  • Conversation content or transcripts - No speech content is sent to our servers
  • End User identifiers - We do not collect device IDs, user IDs, or other End User identifiers
  • Application-specific data - We do not access data from the host application

3.4 Information Collected from Website Visitors

When you visit our website, we collect:

Automatically Collected Information:

  • IP address and general location information (for authentication and security purposes only)
  • Browser type and version (for web-based access)
  • Device information and operating system
  • Pages visited, time spent on pages, and navigation patterns
  • Referring website or source

Voluntarily Provided Information:

  • Name, email address, and company name when requesting demos or information
  • Information provided through contact forms
  • Survey responses and feedback

CRITICAL PRIVACY PROTECTION: What We DO NOT Collect:

We do NOT collect, record, store, or have access to:

  • Voice recordings or audio content from calls
  • Conversation transcripts or content
  • Customer names, phone numbers, or personal information discussed during calls
  • Caller information or customer data beyond what's necessary for service delivery
  • Biometric voiceprints or voice identification data
  • Any personal data contained within conversations

Our on-device architecture means that the most sensitive data—your actual conversations—never leaves your infrastructure.

Cookies and Similar Technologies: We use cookies, pixels, and similar tracking technologies to enhance user experience, analyze site traffic, and improve our Services. See Section 9 for detailed information about cookies.

3.5 Information from Third Parties

We may receive information from:

Business Partners and Integrations:

  • Information from contact center platforms or CRM systems when you integrate Hecttor with those services
  • Data from analytics and marketing platforms to improve our Services
  • Authentication data from single sign-on (SSO) providers (e.g., Okta, Azure AD, Google Workspace)
  • Usage analytics from third-party platforms to improve our Services

Payment Processors:

  • Transaction confirmation and payment status (we do not store credit card details)
  • Billing details necessary for invoicing
  • Subscription status and renewal information

Data Enrichment and Marketing Platforms:

  • Professional information from publicly available sources for sales and marketing purposes (company websites, LinkedIn, business directories)
  • Company information and technographic data from B2B intelligence platforms
  • Email verification and validation data to ensure delivery
  • Event attendance and engagement data from webinar platforms

Referral and Affiliate Partners:

  • Contact information when you're referred to us by a partner or existing customer
  • Professional relationship context to personalize our outreach

Important Note: When we receive information from third parties, we verify that those parties have appropriate rights to share the information with us and that their data collection complies with applicable privacy laws.

4. How We Use Your Information

We process Personal Information for specific purposes and based on lawful grounds. Below, we explain why we collect information, how we use it, and the legal basis for processing (particularly relevant for GDPR compliance). Saima Inc. does not use Customer conversations, audio, or transcripts to train foundation models or generalized AI systems.

The information we process depends on your relationship with Saima Inc., including whether you are a Website Visitor, Customer, Authorized User, Developer/Integrator, or End User of a Customer Application.

4.1 Service Delivery and Performance

Legal Basis: Performance of Contract, Legitimate Interests

We use your information to fulfill our contractual obligations and provide Hecttor Services:

  • Account Management: Creating, maintaining, and managing Customer, Developer/Integrator, and Authorized User accounts
  • Service Provision: Enabling access to speech adjustment features and ensuring application functionality
  • SDK Support: Providing technical support, documentation, and updates to Developers/Integrators
  • Authentication and Access Control: Verifying user identity and managing secure access to Services
  • Integration Support: Enabling connections with your existing contact center, telephony, or CRM systems
  • Technical Support: Providing customer support, troubleshooting issues, and responding to service requests
  • Billing and Payments: Processing subscription payments, generating invoices, and managing financial accounts
  • Contract Performance: Fulfilling terms of service agreements and managing customer relationships
  • Communication: Sending service-related notifications, security alerts, updates, and critical service announcements

4.2 Service Improvement and Development

Legal Basis: Legitimate Interests, Consent

  • Product Development: Analyzing usage patterns to improve features and develop new functionality
  • Quality Assurance: Monitoring service performance and identifying areas for improvement
  • SDK Enhancement: Using aggregated, anonymized data to improve SDK performance and capabilities
  • Research and Development: Conducting research to advance speech processing technology
  • Bug Fixes and Updates: Identifying and resolving technical issues
  • Feature Optimization: Understanding which features are most valuable to users

4.3 Business Operations

Legal Basis: Legitimate Interests

  • Internal business analytics and reporting
  • Financial accounting and audit requirements
  • Managing Customer and Developer/Integrator relationships
  • Business planning and strategic development
  • Vendor and partner management

4.4 Marketing and Communications

Legal Basis: Legitimate Interests / Consent

  • Sending service-related notifications and updates
  • Marketing communications about our Services (with opt-out option)
  • Conducting customer surveys and feedback collection
  • Hosting and promoting webinars, events, and conferences
  • Generating case studies and testimonials (with explicit consent)
  • Developer outreach and education programs

4.5 Legal and Security

Legal Basis: Legal Obligation / Legitimate Interests

  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our Terms of Service and other agreements
  • Protecting against fraud, security threats, and illegal activities
  • Defending legal claims and protecting our rights and property
  • Ensuring network and information security
  • Responding to law enforcement requests

5. How We Share Your Information

Saima Inc. does not sell, rent, or trade personal information. We share information only in the following circumstances:

5.1 Service Providers and Subprocessors

We engage trusted third-party service providers to perform functions on our behalf, including:

  • Cloud hosting and infrastructure providers (AWS, Google Cloud)
  • Payment processing services
  • Customer relationship management (CRM) platforms
  • Email delivery and communication services
  • Analytics and monitoring tools
  • Customer support platforms
  • Security and fraud prevention services

All service providers:

  • protect your information,
  • process data only for specified purposes on our behalf,
  • maintain appropriate security and confidentiality measures,
  • and are subject to data processing agreements compliant with GDPR and other regulations.

A current list of subprocessors is available upon request or through a designated subprocessor page.

5.2 Customer Organizations and Developers/Integrators

End Users generally interact with Hecttor technologies through Customer-controlled applications, systems, or deployments and may not have a direct relationship with Saima Inc.

For Desktop Application:

  • Authorized User information may be shared with the Customer organization for account administration.
  • Usage data and analytics may be provided to Customers for their business purposes.
  • Customers control how they use and manage Authorized User information within their organization.

For SDK Integrations:

Important: Developers/Integrators who integrate the Hecttor SDK act as Data Controllers for their End Users.

  • Saima Inc. does not collect or receive End User data through the SDK.
  • Developers/Integrators are responsible for their End Users' personal data.
  • Any End User data processed by the SDK remains within the Developer/Integrator's control.
  • Developers/Integrators must provide their own privacy notices to End Users.

5.3 SDK Developer Responsibilities

If you are a Developer/Integrator using the Hecttor SDK:

Your Responsibilities as Data Controller:

  • You are the Data Controller for all End User data processed through your application
  • You must provide appropriate privacy notices to your End Users
  • You must obtain all necessary consents from End Users
  • You must comply with applicable privacy laws (GDPR, CCPA, etc.) for your End Users
  • You are responsible for responding to End User data subject rights requests
  • You must disclose the use of the Hecttor SDK in your privacy policy

What You Must Disclose to Your End Users:

  • That your application uses the Hecttor SDK for speech adjustment functionality
  • That audio processing is designed to occur locally on the End User's device
  • That Hecttor (Saima Inc.) does not collect or receive audio data or End User personal information
  • Your own data collection and usage practices
  • Link to this Privacy Policy for reference

SDK Data Flow Transparency:

  • The Hecttor SDK processes audio data locally within your application
  • Under standard deployments, audio data is not transmitted to Saima Inc. servers
  • You retain control over End User data at all times

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy:

  • Your information may be transferred as part of the business transaction
  • We will notify affected parties and ensure the continued protection of information
  • The acquiring entity will be bound by this Privacy Policy unless you consent to a new policy

5.5 Legal Requirements

We may disclose information when required to:

  • Comply with valid legal processes (subpoenas, court orders, warrants)
  • Respond to government or regulatory requests
  • Enforce our Terms of Service or investigate violations
  • Protect the rights, property, or safety of Saima Inc., our Customers, or the public
  • Prevent fraud, security breaches, or illegal activities

We will notify affected parties of legal demands for information unless prohibited by law or court order.

5.6 With Your Consent

We may share information with your explicit consent for specific purposes, such as:

  • publishing customer testimonials or case studies,
  • featuring your organization in marketing materials,
  • or participating in co-marketing initiatives.

6. Data Security and Protection

6.1 Security Measures

Saima Inc. implements commercially reasonable administrative, technical, and organizational security measures designed to protect personal information.

Technical Safeguards:

  • On-device processing architecture (no cloud transmission of call audio)
  • End-to-end encryption for data in transit
  • Encryption at rest for stored data
  • Secure authentication and access controls
  • Regular security audits and vulnerability assessments
  • Intrusion detection and prevention systems
  • Automated backup and disaster recovery procedures
  • Secure SDK distribution and updates

Organizational Safeguards:

  • Strict access controls based on the least privilege principle
  • Non-disclosure agreements with all personnel
  • Employee security training and awareness programs
  • Incident response and breach notification procedures
  • Regular security policy reviews and updates
  • Third-party security assessments

SDK-Specific Security:

  • Code signing and integrity verification
  • Secure SDK initialization and configuration
  • Protection against reverse engineering
  • Regular security patches and updates
  • Vulnerability disclosure program

Security researchers may report vulnerabilities to [email protected].

Compliance Certifications:

  • SOC 2 Type II audited – demonstrating controls for security, availability, processing integrity, confidentiality, and privacy.
  • Saima Inc. follows security practices informed by ISO 27001 standards.
  • Maintains GDPR- and CCPA-compliant data protection practices.

6.2 Data Breach Notification

In the unlikely event of a data breach affecting personal information, where required by applicable law, we will:

  • provide breach notifications within legally required timeframes,
  • include in the notification the nature of the breach, affected data, and remedial actions,
  • cooperate with regulatory authorities and affected parties to mitigate harm,
  • and for SDK integrations, notify Developers/Integrators who may need to notify their End Users.

6.3 Limitations

While we implement robust security measures, no system is completely secure. We cannot guarantee the absolute security of information transmitted over the internet or stored electronically. Users are responsible for maintaining the security of their login credentials and devices.

7. Data Retention

7.1 Retention Periods

We retain information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, considering:

  • The amount, nature, and sensitivity of the information
  • The purposes for which we collect and process the data
  • The length of our relationship with you and the provision of Services
  • Applicable legal, regulatory, tax, and accounting requirements
  • Whether retention is necessary for the establishment, exercise, or defense of legal claims

7.2 Specific Retention Periods

Customer Account Information:

  • Active accounts: Retained for the duration of the business relationship
  • After account termination: Maintained for up to 7 years for legal, tax, and accounting requirements
  • Billing and payment records: Retained for 7 years as required by law
  • Contract documents: Retained for 7 years after contract expiration or as required by applicable law

Developer/Integrator Account Information:

  • Active accounts: Retained for the duration of SDK usage and support
  • After account termination: Deleted within 90 days unless longer retention is required by law
  • SDK integration documentation: Retained for 2 years after last SDK usage
  • Support tickets and communications: Retained for 3 years for quality assurance

Authorized User Information:

  • Active users: Retained while the user's organization maintains an active account
  • Deactivated users: User profiles are deactivated immediately upon Customer request
  • After account termination: Deleted within 90 days unless longer retention is required by law
  • Authentication logs: Retained for 12 months for security purposes

SDK Performance and Technical Data:

  • Aggregated analytics: Retained indefinitely after anonymization (reasonably designed not to identify individuals or developers)
  • Error logs and diagnostic data: Typically retained for 90 days for troubleshooting purposes
  • SDK version usage data: Generally retained for 24 months for support purposes
  • Performance metrics: Retained for 12 months in identifiable form, then anonymized

Usage and Technical Data:

  • Aggregated analytics: Retained indefinitely after anonymization (reasonably designed not to identify individuals)
  • Identifiable usage data: Retained for 12–24 months, depending on data type
  • Error logs and diagnostic data: Retained for 90 days for troubleshooting purposes
  • Security logs: Retained for 12 months to detect and respond to security incidents
  • Session metadata: Retained for 6 months for service quality monitoring

Website Visitor Data:

  • Cookie data: Retained per cookie consent preferences (typically up to 24 months)
  • Contact form submissions: Retained for 36 months or until withdrawal of consent
  • Marketing and newsletter data: Retained until opt-out or consent withdrawal
  • Demo and sales inquiry data: Retained for 24 months for business development purposes
  • Event and webinar data: Retained for 24 months following event attendance

Business Contact Information:

  • Active business contacts: Retained for the duration of the business relationship
  • Prospects and leads: Retained for 36 months from last engagement, or until opt-out
  • Partner and vendor information: Retained for the duration of the partnership plus 7 years

7.3 Deletion and Anonymization Procedures

Upon Account Termination or Deletion Request:

Within 30 days:

  • User access to Services is disabled
  • Personal data in production systems is flagged for deletion

Within 90 days:

  • Personal information is permanently deleted or anonymized from active systems
  • Deletion is verified through audit procedures
  • Customer/Developer receives confirmation of deletion (if requested)

Within 12 months:

  • Backup systems containing Personal Information are purged according to standard backup rotation cycles
  • Legacy archives are reviewed and cleansed of expired data

Exceptions to Deletion: We may retain certain information longer when:

  • Required by legal, regulatory, tax, or accounting obligations
  • Necessary for the establishment, exercise, or defense of legal claims
  • Required to comply with law enforcement requests or legal processes
  • Needed to resolve disputes or enforce our agreements
  • Retained in aggregated, anonymized form (no longer identifies individuals)

7.4 Your Right to Request Deletion

You may request deletion of your Personal Information at any time (subject to certain legal exceptions). See Section 8 for information on exercising your privacy rights. We will respond to verified deletion requests within legally required timeframes (30 days under GDPR, 45 days under CCPA).

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland:

  • Right of Access: Request copies of personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information under certain circumstances
  • Right to Restriction: Request limitation of processing under certain conditions
  • Right to Data Portability: Receive your data in a structured, machine-readable format and transfer it to another controller
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

8.2 Rights Under CCPA/CPRA (California)

California residents have the right to:

  • Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom we share information
  • Delete: Request deletion of personal information (subject to certain exceptions)
  • Correct: Request correction of inaccurate personal information
  • Opt-Out: Opt out of the "sale" or "sharing" of personal information (Note: Saima Inc. does not sell personal information)
  • Non-Discrimination: Exercise privacy rights without discriminatory treatment
  • Limit Use of Sensitive Personal Information: Request limitations on use of sensitive personal information (where applicable)

8.3 Other Jurisdictions

Residents of other jurisdictions may have additional rights under local privacy laws. Contact us to inquire about rights available in your location.

8.4 How to Exercise Your Rights

The applicable privacy rights process depends on your relationship to the Services and whether Saima Inc. acts as a data controller, processor, or technology provider.

To exercise any of these rights:

Email: [email protected] with "Privacy Rights Request" in the subject line

Provide: Your name, email address, and specific request details

Verification: We will verify your identity before processing requests

For Authorized Users:Your organization (Customer) is the primary data controller. Please contact your organization's privacy officer or account administrator first. We will cooperate with your organization to fulfill your requests.

For End Users of SDK-Integrated Applications: Contact the developer/company whose application you are using. They are the data controller for your information. Saima Inc. does not collect or have access to your personal data.

Response Timeline: We will respond to verified requests within 30 days (45 days for complex requests, with notification of extension).

Authorized Agents:If you use an authorized agent to submit a request, we require written authorization signed by you and verification of the agent's identity.

9. Cookies and Tracking Technologies

Cookies are small text files placed on your device by websites and applications. We, along with authorized third parties, use cookies, pixels, web beacons, local storage, and similar tracking technologies to collect information about your use of our Website and Services.

9.1 Types of Cookies We Use

Strictly Necessary Cookies:

  • Essential for website functionality and security
  • Cannot be disabled as they are required for the Services to function
  • Examples: Session management, load balancing, fraud prevention

Performance and Analytics Cookies:

  • Collect information about how visitors use our website
  • Help us improve website performance and user experience
  • Examples: Google Analytics, Hotjar (anonymized)

Functionality Cookies:

  • Remember your preferences and settings
  • Enhance user experience through personalization
  • Examples: Language preferences, region settings

Marketing and Advertising Cookies:

  • Deliver relevant advertisements and track campaign effectiveness
  • Used for remarketing to previous website visitors
  • Examples: Google Ads, LinkedIn Insight Tag (with consent)

9.2 Managing Cookies

You have several options to control and manage cookies:

Browser Settings: Most browsers allow you to:

  • View and delete existing cookies
  • Block cookies from specific websites
  • Block all third-party cookies
  • Delete all cookies when you close your browser
  • Set exceptions for specific websites

Instructions for popular browsers:

  • Chrome:Settings > Privacy and Security > Cookies and other site data
  • Firefox:Settings > Privacy & Security > Cookies and Site Data
  • Safari:Preferences > Privacy > Manage Website Data
  • Edge:Settings > Cookies and site permissions

Our Cookie Consent Banner:

  • When you first visit our Website, you'll see a cookie consent banner
  • You can accept all cookies, reject optional cookies, or customize your preferences
  • Access cookie settings anytime via the link in our website footer

Cookie Preference Center:

  • Manage cookie preferences by category
  • Toggle individual cookie types on or off
  • Update your choices at any time
  • Link available in website footer: "Cookie Preferences"

Third-Party Opt-Out Tools:

  • Google Analytics opt-out browser add-on
  • Network Advertising Initiative (NAI) Consumer Opt-Out
  • Digital Advertising Alliance (DAA) Opt-Out Portal
  • European Interactive Digital Advertising Alliance (EDAA) Your Online Choices

Important Notes:

  • Disabling cookies may affect website functionality
  • Strictly necessary cookies cannot be disabled
  • Preferences are stored per browser and device
  • Clearing browser data may reset your cookie preferences

9.3 Do Not Track (DNT) Signals

Our website does not currently respond to "Do Not Track" signals from browsers, as no uniform standard has been adopted. We honor explicit opt-out requests made through:

  • Our cookie consent banner
  • Cookie preference center
  • Direct contact to [email protected]
  • Third-party opt-out mechanisms listed above

For more information about DNT, visit: https://allaboutdnt.com

9.4 SDK and Tracking

Important for Developers/Integrators: The Hecttor SDK does not use cookies or similar tracking technologies to collect End User data. The SDK:

  • Does not place cookies or tracking pixels
  • Does not collect device identifiers for tracking purposes
  • Does not perform cross-site or cross-app tracking
  • Processes audio data locally without external communication

Developers/Integrators using the Hecttor SDK are responsible for their own cookie and tracking policies in their applications.

9.5 Mobile Device Tracking

For Mobile App Users (if applicable):

iOS Devices:

  • Go to Settings > Privacy > Advertising
  • Enable "Limit Ad Tracking"

Android Devices:

  • Go to Settings > Google > Ads
  • Enable "Opt out of Ads Personalization"

Location Services: You can disable location tracking by:

  • iOS: Settings > Privacy > Location Services
  • Android: Settings > Location > App permissions

10. International Data Transfers

10.1 Data Processing Locations

Saima Inc. is headquartered in the United States. Information may be transferred to, processed, and stored in the United States and other countries where we, our affiliates, or service providers operate.

10.2 Safeguards for International Transfers

For transfers of personal data from the EEA, UK, or Switzerland to countries without adequacy decisions:

Standard Contractual Clauses (SCCs):

  • European Commission-approved SCCs (updated June 2021)
  • UK Addendum for transfers from the United Kingdom
  • Swiss amendments for transfers from Switzerland

Additional Safeguards:

  • Transfer Impact Assessments conducted for high-risk transfers
  • Supplementary technical and organizational measures (encryption, access controls)
  • Binding Corporate Rules under development

On-Device Processing Advantage: Since Hecttor processes audio locally on Customer devices and within Developer/Integrator applications, sensitive voice data stays in the local infrastructure, eliminating cross-border transfer concerns for the most sensitive data.

10.3 SDK and International Data Transfers

For Developers/Integrators:

  • Audio data processed by the Hecttor SDK remains within your application environment
  • No cross-border transfers of audio data occur through the SDK
  • You are responsible for international data transfer compliance for your End User data
  • Only minimal SDK performance metrics (anonymized) are transmitted to Saima Inc.

11. Children's Privacy

The Services are intended for business and enterprise use and are not directed to children. We do not knowingly collect personal information from children under 16.

For SDK Integrations:

  • Developers/Integrators are responsible for ensuring COPPA (Children's Online Privacy Protection Act) compliance if their applications are directed at or knowingly collect information from children under 13
  • Developers must implement appropriate age verification and parental consent mechanisms
  • Developers must not enable Hecttor SDK features for users under the minimum age without proper consent

If we learn that we have collected information from a child under 16 without parental consent, we will delete it promptly. If you believe a child has provided information to us, please contact [email protected].

12. Third-Party Links and Services

Our website and Services may contain links to third-party websites, applications, or services not operated by Saima Inc. We are not responsible for the privacy practices of these third parties.

Customer Integrations:When Customers integrate Hecttor with third-party contact center platforms, CRM systems, or other business applications, those third parties' privacy policies govern their use of information. Customers are responsible for reviewing and complying with third-party privacy practices.

SDK Developer Integrations: When Developers/Integrators embed the Hecttor SDK into their applications:

  • The Developer/Integrator's privacy policy governs End User data
  • Developers are responsible for all third-party integrations within their applications
  • Must ensure their third-party partners comply with applicable privacy laws
  • Saima Inc. is not responsible for Developer/Integrator privacy practices or third-party integrations

We encourage users to review the privacy policies of any third-party services they access through or in connection with Hecttor Services.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations.

Notification of Changes:

  • Material changes will be communicated via email to Customers and Developers/Integrators at least 30 days before the effective date
  • The "Last Updated" date at the top of this policy will be updated
  • We will post notice on our website homepage for significant changes
  • Continued use of Services after changes constitutes acceptance

For SDK Integrations:

  • Developers/Integrators will be notified of material policy changes via email
  • Developers should review and update their own privacy policies to reflect any changes affecting End Users
  • Are encouraged to notify their End Users of relevant changes

Version History: We maintain a version history of this Privacy Policy. Previous versions are available upon request.

14. Business Contacts and B2B Processing

Much of Saima Inc.'s data processing involves business contact information (names, business email addresses, job titles, and company names) collected and used for legitimate business purposes.

Legitimate Interest Basis: We process business contact information based on legitimate interests in:

  • Operating and growing our business
  • Marketing our Services to appropriate business contacts
  • Managing customer relationships
  • Conducting business development activities and supporting Developer/Integrator community

Where permitted under applicable law, Saima Inc. may process publicly available professional contact information for legitimate business development and B2B communication purposes.

Opt-Out: Business contacts can opt out of marketing communications at any time via unsubscribe links in emails or by contacting [email protected].

15. Data Processing Addendum (DPA)

For Customers and Developers/Integrators who require a Data Processing Addendum (DPA) to comply with GDPR, CCPA, or other privacy regulations:

Standard DPA Available: We offer a standard DPA incorporating:

  • Roles and responsibilities as data controller and processor
  • Data processing instructions and limitations
  • Security obligations and measures
  • Subprocessor management
  • Data subject rights assistance
  • Data breach notification procedures
  • Audit rights
  • Standard Contractual Clauses (for international transfers)

SDK-Specific DPA Terms:

  • Clarification that SDK processes data locally within Developer/Integrator's environment
  • Developer/Integrator responsibilities as Data Controller for End Users
  • Technical specifications of SDK data processing

Request a DPA: Contact [email protected] or your account manager to execute a DPA.

16. Your Role as a Customer or Developer/Integrator

16.1 Customers Using Hecttor Desktop App

Customers are responsible for:

  • determining the legal basis for processing Authorized User data,
  • providing required notices to Authorized Users,
  • obtaining any required consents,
  • responding to applicable privacy rights requests,
  • and ensuring lawful use of the Services within their organization.

Where Saima Inc. processes Personal Data on behalf of a Customer, Saima acts as a processor in accordance with applicable agreements and documented Customer instructions.

16.2 Developers/Integrators Using Hecttor SDKs

Developers and Integrators using Hecttor SDKs act as the data controllers for their End Users and remain responsible for:

  • their own privacy notices and disclosures,
  • obtaining required consents,
  • complying with applicable privacy, telecommunications, biometric, AI, and consumer protection laws,
  • responding to End User rights requests,
  • maintaining appropriate security measures,
  • and ensuring lawful implementation of the SDK within their applications and environments.

Developers/Integrators must clearly disclose to End Users:

  • That their application uses Hecttor SDK technology
  • That audio processing may occur locally or within Customer-controlled environments under standard deployments
  • Their own data collection, processing, and retention practices

Developers/Integrators may not use Hecttor SDKs to:

  • Create biometric identification or voice identity profiles
  • Process data unlawfully
  • Record or transmit conversations without required authorization
  • Use the Services in violation of applicable laws or agreements

Under standard deployments, Saima Inc. is designed not to collect or control End User conversation audio processed through SDK integrations unless otherwise expressly agreed in writing. Developers/Integrators remain responsible for their applications, End User relationships, third-party integrations, and compliance obligations.

17. AI and Automated Decision-Making

Use of AI in Services: Hecttor uses proprietary AI algorithms to process speech in real-time for speed adjustment. This processing:

  • Occurs entirely on-device (desktop application) or within the integrating application (SDK)
  • Does not involve automated decision-making that significantly affects individuals
  • Does not create user profiles or behavioral tracking
  • Uses technical voice characteristics only, not content

Hecttor is not designed or intended for biometric identification, speaker recognition, voice authentication, or voice identity profiling.

No Profiling: Saima Inc. does not engage in profiling as defined under GDPR Article 22.

For SDK Integrations:

  • AI processing remains within the Developer/Integrator's application environment
  • Developers/Integrators are responsible for disclosing AI use to their End Users
  • Developers must ensure AI processing complies with applicable AI regulations

17.1 AI and Automated Processing Disclaimer

The Services use automated signal processing and AI-based technologies to improve speech clarity and processing quality.

Customer remains responsible for evaluating whether the Services are appropriate for Customer's use case, including regulated, safety-critical, emergency-response, healthcare, financial, governmental, or other sensitive environments.

Saima does not guarantee that the Services will be error-free, uninterrupted, suitable for any particular purpose, or sufficient to satisfy legal, operational, or compliance requirements.

Saima Inc. monitors evolving AI regulatory frameworks, including the EU AI Act, and evaluates compliance obligations applicable to its technologies and deployment models.

18. Compliance and Certifications

Saima Inc. maintains the following security and privacy certifications:

  • SOC 2 Type II (AICPA/SSAE 21)
  • Information security practices aligned with ISO 27001 principles
  • GDPR Compliant (EU General Data Protection Regulation)
  • CCPA/CPRA Compliant (California Consumer Privacy Act)

Audit reports and certificates of compliance are available to Customers and Developers/Integrators under NDA by request to [email protected].

19. Export Controls and Sanctions

The Services may be subject to U.S. export control and sanctions laws. Users may not access or use the Services in violation of applicable export control or sanctions regulations.

You may not access, use, export, re-export, or otherwise make the Services available:

  • In violation of applicable export control or sanctions laws,
  • To prohibited or sanctioned persons or entities,
  • Or within jurisdictions subject to applicable trade restrictions or embargoes.

Users are responsible for ensuring that their use of the Services complies with all applicable export control and sanctions regulations.

20. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

General Privacy Inquiries:

Data Protection Officer:

For SDK-Related Privacy Questions:

Mailing Address: Saima Inc. 2150 Shattuck Ave Berkeley, CA 94704 United States

Response Time: We will respond to inquiries within 5 business days and will resolve requests within 30 days (or 45 days for complex matters, with notification).

For End Users of Applications Using Hecttor SDK: If you are an end user of an application that has integrated the Hecttor SDK, please contact the developer or company whose application you are using. They are the Data Controller for your personal information. If you cannot identify or reach the appropriate party, contact us at [email protected] and we will assist in directing your inquiry.

End of Privacy Policy

This Privacy Policy is effective as of the "Last Updated" date above and supersedes all prior versions.

Document Control

Policy Owner: Saima Inc. Legal Department

Last Reviewed: May 22, 2026

For questions about this policy, contact [email protected]