Trust Center: Our Commitment to Data Protection & International Transfers

Last Updated: August 3, 2025

At SageTalk.ai, trust and transparency are core to our mission. As a company based in the European Union (Estonia), we are fully committed to upholding the rigorous standards of the General Data Protection Regulation (GDPR). This page explains how we protect your personal data when it is transferred internationally to our essential service providers.

Our Approach to International Data Transfers

To provide you with our real-time AI assistance, we partner with a limited number of best-in-class service providers based in the United States for critical functions like AI processing and payment management.

Any transfer of personal data from the European Economic Area (EEA) to the United States is conducted in strict compliance with GDPR. Our primary legal mechanism for these transfers is the Standard Contractual Clauses (SCCs), as approved by the European Commission. These SCCs are integrated into our Data Processing Agreements (DPAs) with all our non-EU subprocessors.

Transfer Impact Assessment (TIA)

As required by the Court of Justice of the European Union's Schrems II ruling, we do not rely on SCCs alone. We have conducted a detailed Transfer Impact Assessment (TIA) to evaluate the risks associated with transferring data to the United States, specifically considering the potential for access by U.S. public authorities under laws like FISA 702 and the CLOUD Act.

Our TIA concluded that while such risks exist, we can effectively mitigate them to ensure a level of data protection that is essentially equivalent to that guaranteed within the EU by implementing robust supplementary measures.

Supplementary Measures: How We Protect Your Data

To mitigate the risks identified in our TIA, we have implemented the following technical, organizational, and contractual safeguards:

1. Technical Safeguards:

  • Strong Encryption in Transit: All data transferred between your device and our subprocessors is encrypted using industry-standard Transport Layer Security (TLS 1.2 or higher) with strong cipher suites. This protects your data from interception.
  • Encryption at Rest: Any of your data that is stored (such as your account information) is encrypted at rest using AES-256, a leading encryption standard.
  • Ephemeral Processing of Sensitive Data: This is our most critical safeguard. Your raw Media Data (screen content and microphone audio) is never stored on our servers or our subprocessors' servers. It is processed in-memory for the sole, immediate purpose of providing real-time AI assistance and is then immediately discarded. This "data in motion" approach drastically minimizes the data available to be accessed by any third party.

2. Organizational Safeguards:

  • Data Minimization: We are committed to processing only the minimum amount of personal data necessary to deliver our Service. We do not collect or process data that is not essential for the core functionality you use.
  • Transparency Reports: We continuously monitor the transparency reports published by our subprocessors regarding government data requests.

3. Contractual Safeguards:

  • Robust DPA and SCCs: Our agreements with subprocessors contractually obligate them to adhere to the high standards of GDPR.
  • Obligation to Challenge: We require our subprocessors to challenge any government access request they deem unlawful and to notify us of any such request to the extent legally permissible, allowing us to intervene on behalf of our users.

By combining the legal framework of the SCCs with these robust supplementary measures, we ensure that your data remains protected, secure, and under your control, no matter where it is processed.

For any questions about our data transfer practices, please contact us at support@sagetalk.ai.