Discover Events

Happening soon on Sayzio

Browse all events

GDPR Statement

Last updated: July 1, 2026

This GDPR Statement explains how Sayzio complies with the EU General Data Protection Regulation (GDPR) and the UK GDPR, including the lawful bases on which we process personal data, the rights you have as a data subject, our sub-processor arrangements and how you can contact us with any concerns. For data-protection matters you can reach us at privacy@1in.me.

1. Who we are (controller information)

The Service is operated by Sayzio, registered office Hyderabad, Telangana, India. For your account information, you are the data subject and Sayzio is the data controller. For personal data of your visitors and contacts that you collect through Sayzio (e.g. form submissions, leads, followers), you are the data controller and we act as your data processor under a Data Processing Agreement ("DPA"). You can reach us about data protection at privacy@1in.me.

2. Our data-protection principles

We process personal data in line with the Article 5 GDPR principles: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability. We only collect the personal data we need for the purposes described in our Privacy Policy, and we keep it only for as long as necessary.

3. Lawful bases

We process personal data on the following lawful bases under Article 6 GDPR:

  • Performance of a contract (Art. 6(1)(b)) — to provide the Service to you.
  • Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent abuse and improve our product, balanced against your rights and interests.
  • Legal obligation (Art. 6(1)(c)) — to keep records required by tax, accounting and abuse-reporting laws.
  • Consent (Art. 6(1)(a)) — for optional marketing communications and non-essential cookies, which you can withdraw at any time.

4. Data subjects and categories of data

We process personal data of:

  • Sayzio account holders and the teammates they invite;
  • visitors to our marketing site and to public pages published on Sayzio;
  • contacts captured by account holders through forms, follows and other engagement features.

The categories of personal data processed are described in our Privacy Policy.

5. Your rights as a data subject

Under the GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you (Art. 15).
  • Rectification — request that we correct inaccurate or incomplete data (Art. 16).
  • Erasure — request that we delete your data, subject to legal exceptions (Art. 17).
  • Restriction — request that we limit how we process your data (Art. 18).
  • Portability — receive your data in a structured, commonly used, machine-readable format (Art. 20).
  • Objection — object to processing based on legitimate interest, including profiling (Art. 21).
  • Withdraw consent — at any time, where consent is the lawful basis (Art. 7(3)).
  • Lodge a complaint with your supervisory authority (Art. 77).

6. How to exercise your rights

Most rights are self-service from your account settings (export, delete, correct). For the rest, contact us at privacy@1in.me or through the contact page from the email address on your account — or, if the data we hold about you was collected by another Sayzio customer (e.g. you submitted their form), contact that customer directly. We respond to verified requests within 30 days, extendable by a further two months for complex requests.

7. Automated decision-making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing, including profiling. AI features process only the content you choose to submit and are used to generate or improve content at your request, not to make decisions about you.

8. International transfers and SCCs

We host the Service on Amazon Web Services (AWS) and use AI sub-processors (OpenAI, OpenAI Whisper, ElevenLabs); personal data may therefore be processed outside the EU/EEA or the UK. Where personal data is transferred internationally we rely on the European Commission's Standard Contractual Clauses (Module 2 or 3 as applicable) and the UK International Data Transfer Addendum with each sub-processor. Where additional supplementary measures are required by local law, we apply them.

9. Sub-processors

We engage trusted sub-processors to help us deliver the Service, each bound by a written data-processing agreement that imposes obligations equivalent to those we accept under our DPA:

  • Cloud hosting & storage — Amazon Web Services (AWS), including Amazon RDS (database) and Amazon S3 (file/media storage).
  • AI providers — OpenAI (text generation/embeddings), OpenAI Whisper (speech-to-text) and ElevenLabs (text-to-speech), which process the content you submit to the AI features.
  • Operations — transactional email, SMS, payments, analytics, support tooling and error monitoring.

The current detailed list of sub-processors is available on request.

10. Data Processing Agreement

If you use Sayzio to process personal data of your own visitors and contacts, our Data Processing Agreement (DPA) governs that processing and forms part of our Terms. The DPA sets out the subject matter and duration of processing, the nature and purpose of processing, the types of personal data and categories of data subjects, and the obligations and rights of the controller. A copy is available on request at privacy@1in.me.

11. Retention

We keep personal data only for as long as necessary for the purposes described in our Privacy Policy, after which it is deleted or anonymised. Specific retention periods, including our post-deletion timelines for active systems and backups, are set out in the "How long we keep your data" section of the Privacy Policy.

12. Personal data breach notification

In the unlikely event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority within 72 hours of becoming aware of it, in accordance with Article 33 GDPR, and we will inform affected users without undue delay where required by Article 34.

13. Data Protection Officer

You can contact our Data Protection Officer at privacy@1in.me, or by post at Hyderabad, Telangana, India, or through the contact page. Please mark your message clearly so it can be routed to the DPO.

14. Grievance Officer

For users in India, and in accordance with the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000, you may raise a data-protection grievance with our Grievance Officer at grievance@1in.me, or by post at Hyderabad, Telangana, India. We will acknowledge your grievance within 24 hours and endeavour to resolve it within 15 days of receipt, or sooner where the law requires.

15. Supervisory authority

If you live in the EU/EEA or the UK and believe that we have not handled your personal data in accordance with the law, you have the right to lodge a complaint with your local data-protection supervisory authority. We would, however, appreciate the opportunity to address your concerns first — please contact us before going to the authority.

Questions about this policy?

We're happy to clarify anything you read on this page. Reach out and a real person on our team will get back to you.

⌘I