Sapphyx Privacy Policy

Last updated: 2026-03-28

Table of Contents

  1. Introduction
  2. Scope
  3. Information We Collect
  4. How We Use Information
  5. Legal Bases Where Applicable
  6. How We Share Information
  7. Public and In-Service Visibility
  8. Retention
  9. Cookies and Similar Technologies
  10. International Transfers
  11. Security
  12. Your Rights and Choices
  13. Children's Privacy
  14. Regional Disclosures
  15. Changes to This Policy
  16. Contact

1. Introduction

This Privacy Policy explains how Sapphyx collects, uses, stores, discloses, and otherwise processes personal information in connection with the Sapphyx website, applications, APIs, and related services (collectively, the "Service").

In this Privacy Policy, "Sapphyx," "we," "us," and "our" refer to the Sapphyx service and the people operating it.

2. Scope

This Privacy Policy applies to information we collect when you:

  • create or use an account;
  • browse, search, or interact with the Service;
  • submit grievances, affirmations, comments, flags, appeals, reports, claims, or support requests;
  • upload evidence or other files;
  • verify ownership of an identifier or linked account;
  • communicate with us or receive emails from us.

This Privacy Policy does not govern third-party websites, services, social platforms, app stores, or tools that we do not control, even if they are linked from or used with the Service.

3. Information We Collect

We may collect the following categories of information.

A. Information you provide directly

This may include:

  • account information, such as email address, password-related data, and account security settings;
  • profile information, such as nickname, handle, bio, pronouns, gender fields, language preference, profile image, and related settings;
  • submitted content, such as grievances, affirmations, comments, responses, flags, appeals, and support messages;
  • identifier information, such as phone numbers, email addresses, usernames, social handles, platform names, linked account values, display names, and claim-related verification data;
  • uploaded evidence, such as files, images, videos, and documents, together with file names, MIME types, sizes, and storage references;
  • communications, such as password-reset requests, one-time passcodes, two-factor authentication emails, and account verification interactions.

B. Information collected automatically

When you use the Service, we may automatically collect:

  • device, browser, and app information;
  • IP address and approximate network-level location information derived from that IP address where applicable;
  • log data, timestamps, request metadata, and interaction data;
  • session identifiers, cookies, and authentication/session state;
  • language or locale preferences;
  • security and abuse-prevention signals, including CAPTCHA-related data and risk signals made available by anti-abuse providers.

C. Information from claims, moderation, and safety workflows

Because Sapphyx includes identity-linking, moderation, and trust/safety features, we may also collect and generate:

  • claim verification codes and status records;
  • identity-resolution or linked-account records;
  • moderation history, restrictions, flags, warning states, and appeal records;
  • internal review notes, enforcement metadata, and investigation records;
  • records showing whether content was hidden, limited, removed, or made visible with warnings.

D. Information from other sources

We may receive information from:

  • authentication providers and security providers;
  • email delivery providers;
  • cloud storage and infrastructure providers;
  • app stores and platform providers;
  • other users who submit content referencing a person, identifier, or account;
  • public sources or publicly visible online profiles where relevant to identity verification, moderation, or integrity of the Service.

4. How We Use Information

We may use personal information to:

  • provide, operate, maintain, and improve the Service;
  • create and manage accounts, sessions, and preferences;
  • authenticate users and secure accounts;
  • enable search, profile display, grievances, affirmations, comments, responses, evidence uploads, and linked-account features;
  • process identity claims and verification workflows;
  • detect, prevent, investigate, and respond to spam, fraud, abuse, security incidents, and other harmful activity;
  • moderate content and enforce our Terms, policies, and community rules;
  • process flags, reports, and appeals;
  • communicate with you about your account, security matters, service notices, and support matters;
  • comply with legal obligations and respond to lawful requests;
  • protect the rights, safety, property, and interests of users, affected individuals, Sapphyx, and the public;
  • analyze service performance and usage trends;
  • develop new features and improve safety systems.

Because Sapphyx deals with sensitive trust-and-safety information, we also design parts of the Service to reduce misuse and unintended exposure. Depending on the feature and context, this may include report and flagging workflows, moderation review, appeals, rate limits, account-security checks, visibility controls, opt-out settings, warning states, and masking or partial display of certain usernames, contact methods, or identifiers where appropriate.

5. Legal Bases Where Applicable

Where applicable law requires a legal basis for processing, we generally rely on one or more of the following:

  • performance of a contract, such as when we provide the Service you request;
  • legitimate interests, such as operating the Service, improving safety, preventing abuse, securing accounts, moderating content, and defending legal claims;
  • consent, where we ask for it;
  • compliance with legal obligations;
  • protection of vital interests or the public interest, where recognized by law.

Because Sapphyx may process sensitive or high-risk information in trust-and-safety contexts, we may rely on additional lawful grounds recognized by local law, including grounds relating to legal claims, substantial public interest, safety, fraud prevention, or content moderation.

6. How We Share Information

We may share information:

  • with service providers and infrastructure vendors that help us operate the Service, such as hosting, storage, authentication, email, anti-abuse, and security providers;
  • with other users, to the extent information is made visible through profile, search, grievance, affirmation, comment, response, flag, or moderation features;
  • with professional advisers, auditors, insurers, or potential acquirers in connection with organizational or legal matters;
  • with law enforcement, regulators, courts, or other third parties where required by law or where we believe disclosure is necessary to protect users, prevent harm, investigate abuse, or defend rights;
  • with your direction or consent.

We do not state in this Policy that we sell Your Content to third parties as a business model. However, we may disclose information as described in this Policy, and some privacy laws define "sale" or "sharing" broadly. See the Regional Disclosures section for applicable rights.

7. Public and In-Service Visibility

Sapphyx is designed to make some user-submitted and profile-related information visible within the Service.

Depending on the feature and your settings, the following may be visible to other users:

  • profile details you choose to provide;
  • linked identifiers or portions of them;
  • grievances, affirmations, comments, responses, and related timestamps;
  • whether a person has opted out or limited visibility;
  • moderation labels, warnings, or status indicators where applicable.

We may limit, redact, mask, partially display, or withhold certain identifiers, contact methods, uploaded materials, or account-linked details when we believe that doing so helps reduce harassment, scraping, impersonation, retaliation, or other misuse, while still allowing the Service to function for safety and accountability purposes.

Even if you edit, hide, or opt out of some public displays, copies, logs, backups, moderation records, and historical references may remain retained by Sapphyx as described in this Policy.

8. Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Policy, including to:

  • provide and operate the Service;
  • maintain account and security integrity;
  • investigate complaints, disputes, moderation matters, and abuse;
  • comply with legal, tax, accounting, and record-keeping obligations;
  • establish, exercise, or defend legal claims.

Retention periods may vary depending on the type of data, the sensitivity of the information, whether a record is subject to a dispute or investigation, and whether deletion would undermine safety or legal compliance.

9. Cookies and Similar Technologies

We may use cookies, local storage, tokens, and similar technologies to:

  • authenticate users and maintain sessions;
  • remember preferences such as language and interface settings;
  • support security features;
  • understand service performance and reliability.

Your browser or device may allow you to manage certain cookies or storage settings, but blocking them may affect Service functionality.

10. International Transfers

The Service may be operated using infrastructure and providers located in multiple countries. Your information may be processed and transferred to jurisdictions that may not provide the same level of data protection as your home jurisdiction.

Where required by law, we will use appropriate safeguards for cross-border transfers.

11. Security

We use reasonable technical, administrative, and organizational measures designed to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security.

Those measures may include moderation and review workflows, abuse-detection systems, access controls, credential protections, security checks, storage controls, logging, and service-level protections designed to reduce unauthorized access, misuse, and unintended exposure of sensitive information.

You are responsible for maintaining the security of your own devices, credentials, and account access methods.

12. Your Rights and Choices

Depending on your location and applicable law, you may have rights to:

  • access personal information we hold about you;
  • correct inaccurate information;
  • request deletion of certain information;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • request portability of certain information;
  • lodge a complaint with a regulator.

You may also be able to manage certain information directly in the Service, such as profile details, linked identifiers, security settings, and visibility or opt-out choices.

These rights are not absolute. We may decline or limit a request where permitted by law, including where retention is necessary for safety, moderation integrity, fraud prevention, legal compliance, exercise or defense of claims, or protection of other users and affected persons.

13. Children's Privacy

The Service is not directed to children, and you must not use the Service if you are too young to do so under applicable law.

If we learn that we collected personal information from a child in violation of applicable law, we may take steps to delete it or restrict the related account, except where retention is required by law or necessary for safety or legal reasons.

14. Regional Disclosures

A. European Economic Area, United Kingdom, and Switzerland

If you are in the EEA, UK, or Switzerland, you may have rights under applicable data-protection law, including rights of access, rectification, erasure, restriction, objection, portability, and complaint to a supervisory authority.

Because Sapphyx may process trust-and-safety, moderation, and user-report data, we may continue processing certain information where necessary for legitimate interests, legal obligations, the establishment or defense of legal claims, or other grounds permitted by law.

B. United States

Depending on your state of residence, you may have rights relating to access, deletion, correction, portability, and opting out of certain processing classified under state privacy laws.

We do not describe Sapphyx as selling personal information in the ordinary commercial sense. If a state law treats certain third-party disclosures as "sale" or "sharing," you may contact us to make an applicable request once Sapphyx publishes a formal privacy-rights contact channel.

C. Mainland China, Hong Kong SAR, Macao SAR, and Taiwan Region

If you are in one of these regions, additional local laws may apply to personal information processing, sensitive personal information, cross-border transfers, complaint handling, and platform rules for online publication.

If required, Sapphyx may publish additional regional disclosures, consent flows, separate rules for sensitive data, or transfer-specific notices.

D. Other Regions

If local law gives you privacy rights that are not fully described here, those rights apply to the extent required by law.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the Service or by other reasonable means. The updated version will become effective when posted, unless otherwise stated.

16. Contact

For privacy questions, requests, or complaints relating to Sapphyx, use the privacy or support contact channel that Sapphyx makes available through the Service.

If Sapphyx later publishes a dedicated legal entity name, address, or privacy contact point, that information will supplement this Policy.