Privacy Policy

This Privacy Policy governs the manner in which Yellow Space S.R.L. - with registered office at street Rezervelor, number 68A, floor 8, apartment 74, city Chiajna, Ilfov, Romania - processes personal information collected from users (each, a "User") of the website ("Site").

Personal Data Collected For Users' Online Accounts

Names and email

We collect personal information in the form of name and email of Users when they sign up on the site for the purpose of creating an online account so that we can provide products and services and for the purpose of communicating important information (account information, failed payments, links to invoices, password reset emails) to the User by email.

From Paddle, our reseller, we collect the email used with Paddle when purchasing credits to use our service, for the purposes of showing, inside Sayfli's profile page, where Paddle will email the invoices.

Legal basis for the processing: the collection and subsequent processing of the above data is necessary for the performance of a contract: the delivery of products and services by Sayfli .

Retention period: the above data can be deleted at any time by the user, if they choose to delete their accounts. We do keep anonymous data for reporting.

Other recipients: None.

IP and User Agent

We collect the IP and User Agent of the device used by the User to sign up and sign in.

Legal basis: legitimate interests of the controller, namely to ensure the security and availability of our accounts, network and information security, fraud prevention and identifying possible criminal acts.

Retention period: the above data will be held for 1 year after the account has been deleted.

Other recipients: None.

Personal Data Collected By Our Website Web Servers

IP, user agent and visited URLs

We collect and temporarely store all HTTP requests made against the web server by Users whenever they visit a page of our Site. HTTP requests include the IP, user agent and the visited URL including any GET parameters and their values.

Legal basis for the processing: legitimate interests of the controller, namely to ensure the security and availability of our Site, network and information security, fraud prevention, identifying possible criminal acts and to identify & remedy problems in our Site.

Retention period: the above data will be held for 1 month.

Other recipients: None.

Data transfers: The above data will be stored on cloud servers located in Europe provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. You can read their Privacy Policy here.

Web Browser Cookies

Our Site uses only strictly necessary cookies, which are needed for the Sign In and Sign Up processes. User's web browser places cookies on their hard drive to know if a user is signed in or not. The cookies are set to automatically expire after 6 hours. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, the Sign In or Sign Up process may not function properly.

Other Personal Data You May Provide to Us

Voice input

When you use our Site to have a conversation with our AI, the voice input processing is necessary for the performance of a contract. We do not store the voice input, we only process it in real time to provide the service.

Legal basis for the processing: legitimate interests of the controller, namely to ensure the performance of a contract, so that the conversation with the AI can function.

Retention period: None: data is not stored

Other recipients: None.

Data transfers: Temporarily sent to OpenAI for processing. OpenAI has a Zero data retention policy for audio processing.

Your Rights Under the GDPR

You have the following rights:

  • The right to be informed of the processing of your data.
  • The right of access to data. You have the right to obtain confirmation from us that personal data concerning you are being processed or not and, if so, to receive access to such data and to the information required by Article 15(1) GDPR.
  • The right to rectify inaccurate or incomplete data. You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you.
  • The right to erasure ('right to be forgotten'). In the circumstances referred to in Article 17 GDPR, you have the right to request and obtain the deletion of personal data. The data subject can also delete his or her data directly from the Pipe services interface.
  • The right to restriction of processing. In the cases referred to in Article 18 GDPR, you have the right to obtain from us a restriction of processing.
  • The right to transfer the data to another controller ('right to data portability') in the cases referred to in Article 20 GDPR.
  • The right to object to the processing of data. In the cases referred to in Article 21 GDPR, you have the right to object to the processing of data.
  • In cases referred to in Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • The right to go to court for the defence of your rights and interests.
  • The right to lodge a complaint with a Supervisory Authority

You have the right to lodge a complaint with Romania's National Supervisory Authority For Personal Data Processing which can be contacted at

How We Protect Your Information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information and data stored on our Site.

Sharing Your Personal Information

We do not sell, trade, or rent Users personal information to others. We may share generic aggregated information that is not linked to any personal identification information regarding visitors and users with our business partners and trusted affiliates.

Third Party Websites

This Privacy Policy does not cover other third-party applications or websites that you can reach by accessing links on our website because these applications or websites are not under our control. We encourage you to read the Privacy Policy on any website and application before providing your personal data.

Changes To This Privacy Policy

Sayfli has the discretion to update this privacy policy at any time. When we do, we will post a notification on the "Privacy Policy" page of our Site. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

Your Acceptance of These Terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

Contacting Us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at

Data Protection Officer

Sayfli designated Remus Sebastian Negrota as a DPO, he can be contacted at

Security measures

  • We only process a minimum amount of information related to you and your account.
  • Sayfli account passwords are salted and hashed. If you lose your password, it can't be retrieved - it must be reset.
  • If you use a Google account to sign in we do not store a password.
  • When you update your authentication credentials (Sayfli account password, Sayfli account e-mail, Google account) all other signed in sessions of the same type are invalidated.
  • All authentication activity is saved in detail for auditing.
  • The Sayfli dashboard area (including but not limited to the sign in, sign up, reset password, talk page, profile page) is served securely through an encrypted TLS connection.
  • The audio conversation itself is ephemeral. It only temporarily exists while logged in for the conversation session. Any traces of it on the server side are instantly deleted as soon as the conversation session ends.
  • Database data and backups are encrypted at rest.
  • External libraries loaded (JS, fonts, CSS) have been reduced to a minimum.


February 6th, 2024 - first version of this document