This Privacy Policy explains how Savnt.io, LLC ("Savnt," "we," "us," or "our") handles information in connection with the Savnt platform (the "Platform"), our website at savnt.io, and our related sales, support, and marketing activities. It describes what information we collect, how we use and share it, how the Platform is built to protect personal information, and the choices and rights available to you.
The Savnt Platform is a multi-tenant, AI-native operational intelligence platform. It ingests, structures, and analyzes operational data and produces findings, recommendations, and operational direction for franchise and multi-unit operators. Privacy is not a policy layer bolted onto that system — it is built into how the Platform captures, separates, and analyzes data. This document explains both the commitments we make and the architecture that backs them.
This Policy works alongside our other documents rather than replacing them. For customers, the Master Agreement, the applicable Order Form, and — where executed — a Data Processing Addendum govern the contractual terms for processing personal information; in the event of a conflict with this Policy as to a customer's data, those documents control. The Acceptable Use Policy governs how the Platform may be used. Capitalized terms not defined here have the meanings given to them in the Master Agreement.
This Policy applies to:
How this Policy applies to you depends on the role in which we interact with you, which is set out in Section 3.
Privacy law distinguishes between the party that decides *why and how* personal information is processed (the "controller") and the party that processes it *on another's instructions* (the "processor"). Savnt acts in both roles, depending on the data:
This distinction matters for your rights: requests concerning operational data are generally directed to the relevant Customer as the controller (see Section 12).
When you use savnt.io or communicate with us, we collect what you choose to provide. Through our contact form this includes your name, email address, the role you select (for example, franchisee, franchisor, multi-unit operator, or investor), an optional indication of the number of units or locations you operate, and the content of your message. If you email or otherwise correspond with us, we keep that correspondence and the information it contains.
Our website is hosted by a third-party hosting provider that, like most web infrastructure, automatically records standard technical information when a page is requested — such as IP address, browser type, and the pages requested — for security, reliability, and basic operational analytics. Our public marketing website does not serve third-party advertising and does not use cross-site advertising trackers.
Customers and their authorized integrations submit operational data to the Platform — for example, point-of-sale and sales data, labor and scheduling data, inventory and operational records, field reports, and configuration declarations. This is Customer Data as defined in the Master Agreement. Operational data may include or relate to personal information about a Customer's employees, workers, and other individuals.
How the Platform receives, separates, and protects this personal information is the subject of Section 5. The defining characteristic is that the Platform is built to analyze operational reality without carrying identity into the layers where analysis happens.
To provision and secure access, the Platform maintains user account information — such as usernames, authentication credentials (including multi-factor tokens), role and permission assignments, and access and activity logs used for security, support, and audit.
To consume data from approved External Data Sources and to provide AI-enabled features, the Platform authenticates to those sources and to approved AI providers using credentials that Savnt provisions and manages on the Customer's behalf. These credentials are held in a secure vault, encrypted at rest, and are not accessible in plaintext to any User. They are used only to authenticate to, and retrieve data or AI services from, the designated sources and providers.
The Platform's privacy posture is architectural, not merely procedural. The governing principle is simple: risk lives in the joins, not in the elements. The Platform draws a hard line precisely where real exposure occurs — the junction between a person's identity and their compensation, and the junction between identity and automated analysis — and enforces that line in the structure of the system, while letting operational data flow freely everywhere it is safe to do so.
As data enters the Platform, direct personal identifiers are separated from the analytical record at the ingestion boundary. Names and gendered pronouns are replaced with neutral placeholders before the data is written to the Platform's foundational (raw) analytical layer; from that point forward the analytical layers do not hold names or gendered pronouns. Sensitive personal identifiers that the Platform has no need to retain — such as government identification numbers and personal email addresses and phone numbers — are dropped at ingestion rather than stored.
Within the Platform, individuals are represented by pseudonymized identifiers rather than names, and gendered pronouns are normalized. The components that form metrics, benchmarks, behavioral observations, and recommendations operate on these pseudonymized identifiers. The analytical layer is, by design, not in a position to see who it is analyzing or to infer gender from pronouns — which is what allows the Platform to find patterns while structurally limiting bias and identity exposure.
A person's name is reconnected to analytical results only at the moment output is delivered to an authorized human, and only to the extent that person's permissions allow. This re-joining is a rendering step performed by a single, audited identity-resolution service — not a step in the analysis, and not written back into the analytical record. Two viewers of the same report may see different levels of identity depending on their role. Every such event is logged.
The part of the Platform that can resolve who a person is and the part that processes compensation and labor data are separated as a structural matter. Compensation is analyzed against pseudonymized identifiers, not names. The Platform is designed so that an individual's identity and that individual's compensation are not joined for analytical purposes, and the Platform does not make, or present data for, an individual compensation decision.
These are properties of how the system is built, not promises about how someone will choose to operate it. As with any system, the protections in this Section operate together with the administrative, physical, and technical security measures described in Section 11, and with each Customer's own responsibility to use the Platform lawfully and to configure access appropriately.
We use the information described above for the following purposes:
For operational data, the purposes are set by the Customer as controller; we process it to provide the Platform and on the Customer's instructions.
The Platform generates Aggregate Data — anonymous, aggregated statistics and usage information — and operates a cross-tenant model layer that compounds learning across customers without exposing any single tenant's data to another. We use Aggregate Data and de-identified learnings to operate, secure, benchmark, and improve the Platform and our AI Technology. As provided in the Master Agreement, the de-identified contribution to our AI Technology is authorized as a core function of the Platform and continues on a perpetual basis.
Where we describe data as de-identified, we mean that direct identifiers — such as a company name, location names, store numbers, and street addresses — are not shown. We do not represent that de-identified data has been irreversibly anonymized or stripped of all possibility of indirect identification. Some residual indirect identifiability may remain (for example, a very small operator may in some circumstances be inferable from operational characteristics). We state this plainly rather than promise a standard of anonymization we do not undertake to meet.
Some Customers elect, in their Order Form, to permit Savnt to use their data and Output for demonstration and marketing purposes. This use is opt-in and is off unless a Customer affirmatively elects it. Where elected, the scope and any permission to identify the Customer by name and logo are governed by the Master Agreement and the Order Form. Absent that election, we do not use a Customer's data or Output to market to third parties.
Each Customer — including a franchisor and its franchisees — operates within its own account, separated from every other account by the Platform's tenant boundary. A Customer's sources, data, and Output are not made available to any other organization by default.
Sharing a source across organizations is dormant unless and until the Customer takes deliberate, affirmative steps: a Savnt-administered connection is established between the accounts, the Customer completes the Platform's source-sharing attestation for the specific source, and the Customer executes the applicable addendum. Absent all of these, no cross-organizational access to a Customer's sources exists on the Platform. A Customer may discontinue sharing on a going-forward basis through the Platform.
We do not sell personal information. We share information only as described here:
We retain information for as long as needed for the purposes described in this Policy and as required to meet our legal, contractual, and operational obligations.
Where a Data Processing Addendum has been executed, its provisions on retention, return, and deletion govern the operational details for the Customer's personal information.
Savnt maintains commercially reasonable administrative, physical, and technical security measures, together with the architectural isolation controls described in Section 5, consistent with industry standards for the protection of personal information processed through the Platform. These include encryption of credentials at rest, role- and permission-based access controls, tenant isolation, and audit logging of identity-resolution and access events.
No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. Users share responsibility for security: keep credentials confidential, do not share login credentials, promptly deactivate access for individuals whose authorization has ended, and report any known or suspected unauthorized access. Security obligations and incident-reporting channels are set out in the Acceptable Use Policy and, for Customers, the Master Agreement.
Depending on where you live and the role in which we process your information, you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal information, and to withdraw consent where processing relies on it. We honor these rights as required by applicable law.
We will not discriminate against you for exercising these rights. We may need to verify your identity before acting on a request, and some rights are subject to legal limits and exceptions.
Savnt is based in the United States, and the Platform and our service providers process data in the United States, India, and other jurisdictions in which we or our sub-processors operate. Where personal information is transferred across borders, we rely on appropriate safeguards as required by applicable law. Where a Data Processing Addendum has been executed, its cross-border transfer mechanisms govern the operational details for a Customer's personal information.
The Platform and our website are intended for businesses and their authorized personnel. They are not directed to children, and we do not knowingly collect personal information from children. If you believe a child's information has been provided to us, please contact us so we can address it.
We may amend this Policy from time to time. The current version will be available at:
https://www.savnt.io/legal/privacy-policy
The version posted at the above URL controls upon posting. If we make a material change, we will take reasonable steps to provide notice as appropriate. Your continued use of the website or the Platform following an amendment constitutes acceptance of the amended Policy.
Questions about this Policy, or requests concerning your personal information, may be directed to:
Savnt.io, LLC
Atlanta Tech Village
3423 Piedmont Rd NE
Atlanta, GA 30305
privacy@savnt.io
legal@savnt.io
This Privacy Policy explains Savnt's data practices and is published alongside the Acceptable Use Policy and the Master Agreement. For customers, the Master Agreement and any executed Data Processing Addendum govern the contractual terms for the processing of personal information; in the event of any conflict between this Policy and those agreements with respect to a customer's personal information, those agreements control.