sayhii Data Privacy Policy
Effective date: January 1, 2026
Applies to: sayhii Services and customer data processed to deliver the Services
1. Purpose
sayhii is committed to protecting the privacy and data of our customers and their employees. This customer-facing document describes, at a high level, how sayhii collects, uses, retains, anonymizes, and deletes customer data when providing the sayhii Software-as-a-Service (SaaS) employee engagement platform.
This document is a summary intended for customers. Contractual terms (including any specific retention or deletion timelines) are governed by your agreement with sayhii.
2. Scope
This document applies to customer data processed in connection with the sayhii Services, including data stored in:
- Cloud-hosted application databases and file/object storage
- Analytics and reporting data stores
- Identity and access management systems used to authenticate users
Certain supporting systems (such as logs, monitoring, and backups) are not considered authoritative sources of customer data and are governed by separate retention and lifecycle controls.
3. Data We Process
sayhii processes the following categories of data to deliver the Services:
3.1 Identity and Organization Data
Information used to identify users and support organizational reporting, such as:
- Name and work email address
- Department and manager relationships
- Job title, job function, and hire date
- Demographic attributes (e.g., age, gender, race, ethnicity), when provided by the customer
- Device identifiers, as applicable, for security and operational purposes
3.2 Survey Response Data
Responses submitted by employees to sayhii questions, including:
- Scale-based responses
- Free-text or open-response fields (when applicable)
3.3 Usage and Technical Data
Information about how users interact with the sayhii platform, such as:
- Application usage patterns
- Page views and errors
- Diagnostic and performance data
4. How We Use Data
sayhii uses customer data to:
- Deliver the Services: Deliver questions and collect responses
- Provide reporting: Provide aggregated insights to customer organizations and customized feedback to individuals
- Support configuration: Support organization setup, group-based insights, and internal operational analytics
- Improve the product: Improve platform functionality, performance, and usability
sayhii does not use personal data for purposes unrelated to service delivery, security, or product improvement.
5. Aggregation and Anonymization
sayhii is designed to protect employee anonymity.
- Individual survey responses are not provided to an organization in a way that identifies the respondent.
- Organizational reporting is limited to aggregated results that meet minimum reporting thresholds.
- Individual-level metrics are visible only to the individual employee and are not shared with the customer organization in an identifying way.
- When data is used for benchmarking or cross-organizational analysis, it is anonymized and aggregated prior to use.
Anonymization includes removing direct identifiers and applying controls intended to reduce the likelihood of re-identification.
6. Data Retention During Active Use
While a customer organization is actively using sayhii:
- Identity, demographic, question responses, and usage data are retained as needed to provide the Services.
- Retention is limited to what is reasonably necessary for service delivery, reporting, support, and security.
- Access to sensitive data is restricted based on role and business need.
7. Customer Requests, Termination, and Data Deletion
7.1 Deletion Triggers
Organization-level deletion may be initiated under one or more of the following conditions, consistent with customer authorization and contractual terms:
- Contract termination or expiration
- Authorized customer request
Individual employees do not directly initiate organization-level deletion requests.
7.2 Data Deleted
When an organization is deleted, sayhii deletes customer data from authoritative systems, including:
- Personally identifiable information (PII) and organization-identifying information
- Tenant mappings and organization configuration data
- Demographic attributes and manager relationships
- Free-text survey responses and other unstructured content
7.3 Data That May Be Retained in Anonymized Form
After deletion of organization-identifying data, sayhii may retain certain de-identified data (for example, fully anonymized question responses and non-identifying usage data) for:
- Product development and improvement
- Statistical analysis
- Generating future benchmarking outputs using aggregated results only
sayhii does not attempt to re-identify individuals or organizations from anonymized retained data.
8. Deletion Controls and Verification
- Deletion processes are designed to be repeatable and may be re-run to ensure completeness.
- Deletion activities are logged and monitored.
- Periodic reviews may be conducted to confirm deletion processes align with this document.
9. Systems Not Considered Authoritative Sources of Customer Data
The following are examples of systems that are not considered authoritative sources of customer data:
- Application and security logs
- Backups and backup snapshots
- Monitoring and diagnostic systems
- Third-party analytics tools
Residual data in these systems is retained only for limited periods based on operational, security, and legal needs, and is subject to lifecycle controls.
10. Review and Updates
This customer-facing description summarizes relevant internal policies and practices. sayhii’s internal policies are reviewed periodically, and this description is updated as necessary to reflect material changes.
For related practices, see the customer-facing overviews in Incident Response and Secure SDLC.
12. Policy Review and Updates
This policy is reviewed at least annually and updated as needed to reflect changes in systems, services, or legal and contractual requirements.