Samva is in early access — self-serve signup is limited. Have a team invite? Sign up with that email. Contact us for access.

Skip to content
Samva
Legal · Data

Privacy Policy

Last updated June 2026Version 3.0

1. Overview

Samva is a product of Arya Labs, Inc. ("Arya Labs," "we," "our," or "us"), which is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Email Communication Platform.

This policy applies to all users of our Services, including customers, message recipients, and visitors to our website. By using our Services, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and contact information (email)
  • Company name and business details
  • Billing address
  • Authentication credentials

2.2 Usage Data

We automatically collect information about your use of our Services:

  • API usage statistics and logs
  • IP addresses and device information
  • Browser type and operating system
  • Access times and referring URLs
  • Dashboard interactions and preferences

2.3 Message Data

When you send messages through our platform:

  • Recipient email addresses
  • Message content and templates
  • Delivery status and timestamps
  • Inbound reply metadata (sender address, subject, received-at)

2.4 Payment Information

For billing purposes, we collect:

  • Payment method details (processed by Stripe)
  • Transaction history and invoices
  • Credit balance and usage
  • Tax and invoicing details

3. How We Use Information

We use the collected information to:

  • Provide Services: Process and deliver messages, manage accounts
  • Billing: Process payments, generate invoices, manage credits
  • Compliance: Honour unsubscribe and consent, prevent fraud and abuse
  • Communication: Send service updates, respond to inquiries
  • Improvement: Analyze usage patterns, enhance features
  • Security: Detect and prevent security threats
  • Legal: Comply with legal obligations and enforce terms

4. Data Sharing

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

4.1 Service Providers

We share data with trusted service providers who assist us:

  • AWS: Cloud infrastructure and email delivery (sub-processor; us-east-1)
  • Stripe: Payment processing
  • PostHog: Product analytics

We may disclose information when required by law:

  • To comply with legal processes or government requests
  • To protect our rights, property, or safety
  • To prevent fraud or illegal activities
  • To enforce our Terms of Service

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

5. Data Security

We implement comprehensive security measures:

  • Encryption: TLS/SSL for data in transit, AES-256 for data at rest
  • Access Control: Role-based permissions, multi-factor authentication
  • Region: Customer data resides in our US East (Northern Virginia) region; sub-processors are disclosed under §4.1
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Auditing: Regular security audits and penetration testing
  • Incident Response: Established breach notification procedures

6. Data Retention

We retain data based on the following criteria:

  • Account Data: Duration of account plus 30 days after closure
  • Message Logs: 90 days for operational data, 7 years for financial records
  • Analytics Data: Aggregated and anonymized after 90 days
  • Payment Records: 7 years as required by applicable tax law

You may request deletion of your data, subject to legal and operational requirements.

7. Your Rights

You have the following rights regarding your personal information:

7.1 Access & Correction

  • Request a copy of your personal data
  • Correct inaccurate or incomplete information
  • Access your message history and usage data

7.2 Deletion

  • Request deletion of your account and associated data
  • Subject to legal retention requirements
  • Some data may be anonymized instead of deleted

7.3 Portability

  • Export your data in a machine-readable format
  • Transfer data to another service provider
  • Withdraw consent for specific data processing
  • Opt-out of marketing communications
  • Disable certain features that require data processing

8. Cookies & Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for platform functionality
  • Analytics Cookies: Understand usage patterns (PostHog)
  • Preference Cookies: Remember your settings
  • Security Cookies: Detect fraudulent activity

You can control cookies through your browser settings. Disabling certain cookies may limit functionality.

9. International Transfers

Your data is primarily stored in our US East (Northern Virginia) region. If we transfer data internationally, we ensure:

  • Standard Contractual Clauses (SCCs) where required
  • Compliance with applicable data-transfer regulations (including EU GDPR)
  • Recipient organizations provide an equivalent level of protection

10. Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information immediately.

11. Changes to Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Services. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us:

Email: privacy@samva.app

Data Protection Officer: dpo@samva.app

Response time: We aim to respond to all privacy requests within 30 days.

This Privacy Policy was last updated in June 2026. For a record of changes, please contact our Data Protection Officer.