SageGate
Privacy Policy
SageGate is a privacy-first AI chat client. In the base app, your conversations, API keys, and personal data stay on your device, and your chats travel directly from your device to the AI providers you configure — we are not in that path and never see it. Optional paid cloud tiers add document storage and retrieval, and an optional Cloud Inference feature adds server-side answer generation. SageGate also includes an optional feedback and support form, where you may choose to send us a message and optional contact information so we can respond. We do not sell or share personal information. There are no ads, no trackers, and no analytics SDKs. The English text of this policy is authoritative; translations may follow.
What We Collect
For the base chat app: nothing is sent to us by default. No usage data, conversation history, device identifiers, or personal information is transmitted to us merely by using local chat features.
If you subscribe to a paid cloud tier or choose to contact us through the app, we handle only what the feature requires:
- An opaque tenant identifier derived from Apple's signed purchase transaction. It proves a valid subscription without telling us who you are.
- The documents you choose to upload for retrieval, stored per tier as described below.
- If you enable the optional syncs: your profile file and, off by default, your saved memories.
- If you enable optional Cloud Inference: chat content processed transiently to generate answers — never stored, as described below.
- If you submit feedback or a support request: your message and any optional contact information you choose to provide, such as email, phone number, WeChat, Telegram, WhatsApp, or LINE.
- Operational logs that contain request metadata (timestamps, tenant identifier where applicable, model used where applicable, token counts, errors) and never message content except for feedback/support messages you intentionally submit. Logs rotate on standard schedules.
What Stays on Your Device
The following data is stored locally on your device only:
- Conversation history and message content
- API keys (stored in iOS Keychain, encrypted by the operating system)
- App settings and preferences
- Custom skills, memory entries, and uploaded files (unless you enable a cloud sync described below)
- Token usage statistics and cost tracking data
This data never leaves your device except as described in this policy.
Third-Party AI Providers
SageGate connects directly from your device to the AI providers you configure. When you send a message using the base app, it is transmitted directly to the provider whose API key you have entered. SageGate does not route, proxy, or log these requests.
Supported providers include Anthropic, OpenAI, Google, xAI, DeepSeek, OpenRouter, Together AI, SiliconFlow, Doubao, Qwen, MiniMax, Zhipu, Moonshot, LingYi, iFlytek, Baidu, Tencent, and any custom endpoint you configure.
Each provider has its own privacy policy governing how they handle your messages and data. You should review the privacy policy of each provider whose API you use. SageGate has no control over how third-party providers handle data once it is transmitted to them.
Subscriptions Without Accounts
Subscriptions are Apple in-app purchases. Apple processes your payment; we receive only Apple's signed transaction and derive from it the opaque tenant identifier that unlocks your paid features. We cannot connect that identifier to your name, email, or payment details, because we never receive them. Plain-English gloss: we can recognize your subscription without recognizing you.
Cloud Document Storage
Paid tiers let you upload documents so SageGate can retrieve from them during chat. Where they live depends on your tier:
- Self-Host (T2): documents go directly from your device to your own Amazon S3 bucket. Our servers are never in that data path at all.
- Private Cloud (T3): documents are processed by SageGate's pipeline but stored in your own AWS account, which we access through an IAM role you grant and can revoke at any time. Revoking the role cuts off our access immediately.
- Managed Cloud (T4): documents are stored in SageGate's AWS infrastructure, isolated per tenant and encrypted at rest.
Deletion and retention. "Erase Cloud Data" in the app permanently deletes your stored cloud data at any time. If a Managed Cloud subscription lapses, we retain the data for 30 days — so a missed renewal doesn't destroy your knowledge base — and then permanently delete it. Self-Host and Private Cloud documents live in your own AWS account, so retention there is under your control.
Optional Syncs: Profile and Memories
A profile file you write, and (off by default) your saved memories, can each be synced to the same tier storage locations above. Each is an explicit toggle that names its destination before you turn it on. If you never enable them, nothing syncs.
Cloud Inference (Optional, Off by Default)
By default — on every tier — answers are generated from your device using your own provider, exactly like the base app. Cloud Inference is an optional feature that moves answer generation server-side. It is off by default, requires an explicit opt-in acknowledgment, is clearly badged in the interface while active, and can be turned off at any time.
- Private Cloud (T3) variant: SageGate's backend performs retrieval and calls Amazon Bedrock inside your own AWS account, using the IAM role you granted. The model runs in your account, on your AWS bill. Your chat content for these requests transits our backend transiently for request and response processing.
- Managed Cloud (T4) variant: SageGate's backend performs retrieval and calls Amazon Bedrock in SageGate's own AWS account. This is the only mode in which SageGate's infrastructure directly processes your chat message content end-to-end.
What "transient" means, precisely: for Cloud Inference requests, SageGate does not store your chat prompts or completions on our servers beyond the processing needed to produce the answer. Our operational logs carry request metadata only — never message text.
Amazon Bedrock: AWS states in its published Amazon Bedrock commitments that Bedrock does not store or log your prompts and completions, does not use them to train AWS models, and does not distribute them to third parties. Those commitments are AWS's, stated in AWS's Bedrock documentation and service terms, and they apply to Cloud Inference traffic.
Cloud Inference never uses or transmits your own provider API keys.
Feedback and Support
SageGate may include an optional feedback and support form for bug reports, feature requests, and similar messages. If you use that form, we collect the message you submit. You may also choose to provide contact information so we can follow up, such as an email address, phone number, WeChat, Telegram, WhatsApp, or LINE. Contact information is optional.
Feedback and support submissions are sent to SageGate's backend and delivered to contact@sagegate.ai by email. We use this information only to read, respond to, troubleshoot, improve SageGate, and maintain abuse prevention for the feedback system. We do not sell it, share it for advertising, or use it for tracking.
Please do not include API keys, passwords, payment information, health information, or other highly sensitive information in feedback messages.
Agent Features
SageGate may include agentic capabilities that allow the AI to take multi-step actions, access local files, query memory servers, or interact with external services via MCP (Model Context Protocol) integrations. All such actions are:
- Initiated explicitly by you
- Executed using connections you configure
- Not monitored, logged, or processed by HT Holding Enterprise LLC except where an optional cloud feature described in this policy is enabled
When agent features interact with external MCP servers or services you have configured, data may be transmitted to those services. You are responsible for reviewing the privacy practices of any external servers or integrations you connect to SageGate.
API Keys
Your API keys are stored exclusively in the iOS Keychain on your device. They are never transmitted to HT Holding Enterprise LLC or any server operated by us. Keys are used solely to authenticate your requests directly to the respective AI providers.
Your Rights and Deletion
Because SageGate has no accounts, most data rights are exercised through the app itself. "Erase Cloud Data" permanently deletes your stored cloud data at any time; lapsed Managed Cloud data is purged automatically after 30 days; revoking the Private Cloud IAM role ends our access to your account.
For feedback and support messages, contact us at contact@sagegate.ai if you want us to delete a message or optional contact information you submitted. We may need enough detail to locate the request, such as the contact method or approximate submission date.
Where the GDPR applies: we process cloud-tier data to perform our contract with you; we process Cloud Inference chat content on the basis of your explicit consent (the opt-in, revocable at any time by turning the feature off); we process feedback and optional contact information to respond to your request and improve the app; and we keep content-free operational logs on the basis of our legitimate interest in running a secure, reliable service. We do not sell personal information and do not share it for cross-context behavioral advertising (CCPA). HT Holding Enterprise LLC is a US company; Managed Cloud processing occurs in the United States, so cloud-tier data from other countries is transferred to and processed in the US as described here. For anything this policy does not answer: contact@sagegate.ai.
Children's Privacy
SageGate is not directed at children under the age of 13. We do not knowingly collect information from children. If you believe a child has used this app in a way that raises privacy concerns, please contact us at contact@sagegate.ai.
Changes to This Policy
We may update this Privacy Policy as the app evolves. Material changes will be noted in the app's update release notes, and a material change to how Cloud Inference handles content will be presented in-app for fresh acknowledgment before the feature continues. Continued use of SageGate after changes constitutes acceptance of the updated policy. The current version is always available at https://www.sagegate.ai/privacy-policy/.