Privacy Policy

This Privacy Policy applies to: • visitors to our website; • users who create an account with SaySo; • businesses using SaySo to create and send proposals; • customers or recipients who view, approve or sign a proposal created through SaySo. This Policy is designed to reflect the Australian Privacy Principles under the Privacy Act 1988 where they apply to our handling of personal information.

SaySo may handle personal information in different ways depending on the context. For account, billing, product usage, support, security and business administration data, SaySo generally acts as the organisation responsible for handling that information. For information that a business user uploads or enters about its own customers, including proposal content, recordings, transcripts, customer details and signatures, the business user is generally responsible for deciding what information is collected and why. SaySo processes that information to provide the service. Business users are responsible for ensuring they have the right permissions, notices and legal basis to upload, record, send or otherwise process personal information through SaySo.

We may collect the following types of personal information: • account information, such as name, email address, business name, login details, language preferences and account settings; • proposal content, such as customer names, proposal text, prices, services, terms, notes, uploaded files, logos, brand assets, approvals and signatures; • voice and transcription data, such as audio recordings uploaded or recorded by a user, transcripts and structured information extracted from those recordings; • recipient information, such as information about a person who receives, views, approves or signs a proposal; • proposal viewing data, such as when a proposal link is opened, approximate viewing activity, device type, browser type, IP address and related technical logs; • payment and subscription information, such as plan type, billing status, payment amount, currency, billing country, tax information and transaction identifiers. We do not store full credit card numbers on our own systems; • technical and usage information, such as IP address, browser type, device information, operating system, pages visited, actions taken in the service, error logs and security events; • support communications, such as emails, chat messages, feedback, bug reports and other communications you send to us.

SaySo is not designed for collecting sensitive information. We ask users not to upload, record or include sensitive information unless it is strictly necessary for the proposal and the user has the required permission to do so. Because SaySo allows users to create free text and voice recordings, a user may include sensitive information unintentionally or by choice. This may include information about health, personal circumstances, financial circumstances, religious beliefs, racial or ethnic origin, political opinions, trade union membership, sexual orientation or other sensitive matters. If sensitive information is included in content uploaded by a user, we process it only as necessary to provide the service, maintain security, comply with law, or protect our legal rights.

We may collect personal information: • directly from you when you create an account, use the service, upload content, record audio, create proposals, contact support or complete a form; • from business users who enter or upload information about their customers or proposal recipients; • automatically through the website or application, including through cookies, local storage, server logs and analytics tools; • from payment providers, authentication providers, hosting providers and other service providers involved in operating the service; • from proposal recipients when they open, view, approve or sign a proposal.

We use personal information to: • create and manage user accounts; • provide the SaySo service; • transcribe recordings, extract proposal details and generate draft proposal content; • allow users to edit, save, send and manage proposals; • allow proposal recipients to view, approve or sign proposals; • show basic viewing activity to the business user who sent the proposal; • process payments, subscriptions, taxes, invoices and billing support; • provide customer support and respond to enquiries; • maintain security, prevent misuse, detect fraud, investigate errors and protect the service; • improve the product, user experience and performance of the service; • send service messages, such as account, billing, security and product notices; • send marketing communications where permitted by law; • comply with legal obligations, resolve disputes and protect our rights.

SaySo uses artificial intelligence and automated tools to help transcribe recordings, extract relevant information, structure proposal content and improve proposal wording. AI-generated output may contain errors, omissions or inaccurate wording. Users must review and approve proposals before sending them to customers. We do not intend for AI tools to make final legal, financial or contractual decisions on behalf of users or proposal recipients. The user remains responsible for the final proposal content, price, terms and commercial offer.

When a business user sends a proposal through SaySo, the proposal may be made available through a unique proposal link. We may record basic viewing activity, including when the proposal was opened, approximate viewing duration, device and browser information, IP address and related technical data. This information is made available to the business user who sent the proposal so they can manage their sales process and customer communication. We do not use proposal viewing activity to track recipients across unrelated websites.

We may use cookies, local storage and similar technologies to operate and improve the service. These may include: • essential cookies, needed for login, security, language settings and basic operation of the service; • functional cookies, used to enable optional features such as live chat support. Enabled by default; can be declined through the consent banner; • analytics cookies, used to understand product usage and improve the service; • marketing cookies, used for advertising or campaign measurement, where enabled and permitted by law. Where required, we will request consent before using non essential cookies. You may also manage cookies through your browser settings.

We offer live customer-support chat through a third-party service called Crisp.chat, operated by Crisp IM SAS, a French company. When you open the chat in our website or app, we may collect your name and email address (if you provide them), the conversation content, and basic technical information such as IP address, browser type and time of contact. The data is stored on Crisp's servers in the European Union and is used for support purposes, responding to inquiries and improving our service. No audio or video recordings are stored. The service requires cookies in the "Functional" category. This category is enabled by default and can be declined through the cookie consent banner. If you decline, the chat button will not load, no Crisp cookies will be set, and no data will be collected through the service. Crisp is our sub-processor and operates under a GDPR-compliant Data Processing Agreement. Crisp's privacy policy is available at https://crisp.chat/en/privacy/.

Authorised members of the SaySo team may, in limited circumstances, view a specific proposal of a business user. Such access is permitted only for one of three defined purposes: Support — assisting a business user with a reported issue. Security — investigating a security incident, automated alert or suspected misuse. Quality assurance — sampling system output to improve product quality and fix defects. Before each access, the authorised staff member must select the purpose and may add free-form notes. The selection and notes are recorded automatically in our internal audit log, together with the time of access, the proposal identifier and the staff member identifier. As a business user, you can review recent access events from the Settings → Account page, including the access reason and any notes provided. Access is granted only to authorised employees of ALMA Ads and never to unrelated third parties. We do not use viewed information for marketing, sale or training of AI models without your separate consent.

We may use your contact details to send marketing communications about SaySo where permitted by law. You can opt out of marketing communications at any time by using the unsubscribe link in the message or contacting us. We will still send non marketing service messages where necessary, such as account, billing, security, legal or operational notices.

We may share personal information with trusted service providers who help us operate SaySo. These may include providers of: • cloud hosting and database infrastructure; • authentication and account management; • AI transcription and content generation; • email delivery; • live chat support (Crisp Chat — EU servers, only when functional cookies are accepted); • payment processing and subscription management; • analytics and product monitoring; • customer support tools; • security, logging and error monitoring. These providers are only allowed to handle personal information as needed to provide services to us, subject to contractual, technical and organisational safeguards.

SaySo is operated using global cloud based services. Personal information may be stored, accessed or processed outside Australia, including in countries such as Israel, Ireland, Germany, the United States and other locations where our infrastructure or service providers operate. Where personal information is disclosed to overseas recipients, we take reasonable steps designed to ensure that those recipients handle personal information appropriately and consistently with applicable privacy obligations.

Payments may be processed by an external payment provider or merchant of record. We may provide the payment provider with information needed to process payments, manage subscriptions, issue invoices, calculate taxes, prevent fraud and provide billing support. This may include your email address, billing country, billing postcode, plan, payment amount, currency, subscription status and internal customer identifier. We do not store full credit card numbers on our own systems.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. These steps may include access controls, encryption where appropriate, secure hosting providers, authentication controls, monitoring, backups, logging and internal access restrictions. No online service can guarantee complete security. Users are responsible for maintaining the confidentiality of their login details and for using strong passwords and appropriate account controls.

We retain personal information for as long as reasonably necessary for the purposes described in this Policy. Retention periods may depend on the type of information, the user's account status, legal requirements, billing obligations, security needs and dispute resolution. As a general approach: • account information is retained while the account is active and for a reasonable period afterwards; • proposal content is retained while needed to provide the service, unless deleted by the user or required to be kept for legal, tax, contractual or evidentiary reasons; • signed or approved proposals may be retained for a longer period to support contractual records, billing, dispute resolution and legal compliance; • raw audio recordings may be retained only for a limited period required for processing, unless the service configuration or user action requires otherwise; • technical logs are retained for a limited period for security, troubleshooting and service integrity; • billing and tax records are retained as required by applicable law. Deletion from backups may take additional time according to backup cycles and technical processes.

You may request access to personal information we hold about you. You may also request correction of personal information if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading. To make a request, contact: niv@alma-ads.co.il We may need to verify your identity before responding. In some cases, we may refuse access or correction where permitted by law, for example where the request affects another person's privacy, is unreasonable, or conflicts with legal obligations.

If you believe we have mishandled your personal information, you can contact us at: niv@alma-ads.co.il Please include enough detail for us to understand and respond to your complaint. We aim to respond to privacy complaints within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

If we become aware of a data breach involving personal information, we will assess the incident and take steps to contain and respond to it. Where required by law, we will notify affected individuals and the relevant regulator.

SaySo is intended for business use and is not directed to children. Users must be legally able to create an account and enter into a binding agreement. If we become aware that a child has created an account without appropriate authorisation, we may delete the account and related information.

If you received a proposal created through SaySo, the business that sent you the proposal is usually the primary party responsible for the content of the proposal and for deciding how your information is used. You may contact that business directly for questions about the proposal, its content, or your relationship with that business. You may also contact SaySo about privacy issues relating to the operation of the proposal page.

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify users, such as by posting a notice in the service or sending an email to registered users. The latest version will always be available through our website or application.

For privacy questions, requests or complaints, contact: Niv Einy Email: niv@alma-ads.co.il