Privacy Policy

We collect the minimum data needed to run checks and deliver reports. We delete check results after 7 days. We don't sell your data. We don't share it with advertisers. We only search publicly available databases: government registries, court records, business filings, and phone directories. If information about someone isn't in those public sources, we won't find it. But having verified information from public records is better than going in with none.

In this document, “Safi,” “we,” and “us” mean the company that operates getsafi.ai. Full company details are at the end of this page. For privacy questions, email privacy@getsafi.ai.

To use Safi, we need your phone number to verify your identity via a one-time code. If you use Sign in with Apple, we also collect the email address Apple provides, including a private relay address if you choose one. When you run a check, we need the name and phone number of the person you're checking, along with your use case (date, landlord, contractor, etc.) so we can tailor the results. You can optionally provide additional details like a company name or city to improve accuracy.

If you make a purchase, your payment is handled by our payment processor. We never see or store your card details.

We also collect standard technical data (device type, install ID, APNs push token, pages visited, product interaction, performance data, crash and diagnostic logs) to keep Safi running smoothly and understand product usage by cohort. On iOS, we store your notification permission state and when it changed so safety reminders work reliably and so we can measure opt-in friction. During Go sessions you start, Safi may collect precise location so arrivals, route drift, and safety alerts can work. If you choose to add Lookouts from your address book, Safi reads contact names and numbers for that picker. Aggregate analytics are anonymised where possible. Some feature-use counters, such as checks by use case, Go sessions, SOS triggers, watchlist activity, invite activity, and voice-call kinds, remain tied to your account so we can support account history, abuse prevention, and product reliability. Those account-level counters are personal data and are included in account exports.

If you save people in Safi, we store the profile details you choose to add, including names, phone numbers, social handles, photos, and encrypted notes. If you dictate a note, the temporary audio is sent to ElevenLabs for transcription; we save the resulting note only if you keep it, and we do not store the audio file ourselves.

We derive your country from the IP address of your request. We use this to apply the right legal rules to your check (for example, FCRA in the US, age confirmation in India) and for fraud and abuse detection. We do not store your IP address itself.

When you run a check, we search publicly available sources for information about the person you're checking: phone directory listings, business registrations, court records, sanctions databases, publicly available social media profiles, and news mentions. All of this information is already publicly available. We don't access private accounts, intercept communications, or obtain information through any illegal means.

Report details are automatically deleted after 7 days. Basic check history (what you checked and when) is kept while your account is active. Your account information (phone number) is kept while your account is active and deleted within 30 days if you close your account. Two carve-outs: reports you save (Premium tier) stay until you remove the save, and we retain a small abuse-detection signal (your account ID, hashed subject phone, and check timestamps) so we can flag repeat checks of the same target. That signal is also deleted when you close your account.

Yes, for a few specific things. When you give us your phone number, you agree to receive text messages (SMS), WhatsApp messages, and voice calls from us for:

• One-time verification codes when you sign in.
• Safety alerts and check-ins during a Go session (our “Watch Over Me” feature), sent to you and to the safety contacts you have added.
• Voice calls from Aya, our safety voice, when a Go session safety trigger fires (you held SOS without sliding to cancel, you tapped uneasy, you went off your planned route, your check-in ran late) or when you ask Aya to call you back to debrief a session.
• Voice calls from Aya to your squad if a safety call to you ends with us not reaching you. We call squad members one at a time, in your set order, until someone commits to checking on you.
• Alerts about new findings on people you have added to your watchlist.
• Operational notifications about your account, for example payment receipts or expiry reminders.

Message and call frequency varies based on how you use Safi. Standard message and data rates from your carrier may apply. We do not send marketing or promotional messages.

To stop receiving SMS from us, reply STOP to any message. You will receive a confirmation, and we will stop sending messages to that number. To get help, reply HELP or email hello@getsafi.ai. Stopping SMS will also stop the safety alerts above, so we recommend keeping SMS on while you are an active Safi user. You can also disable Aya voice calls in your account settings; safety triggers fall back to SMS-only alerts when Aya is off.

Our current providers are Twilio (SMS, WhatsApp connectivity, and voice telephony), the WhatsApp Business API via Twilio (WhatsApp messaging), and ElevenLabs (Aya's voice synthesis and live transcription). In the United States, SMS is sent from a US long-code number.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. We share your mobile phone number only with the carriers and infrastructure providers named above strictly as needed to deliver the messages you have opted in to receive. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Aya is the voice we use to check on you. When something on your phone signals you might need help (you held SOS without sliding to cancel, you tapped uneasy, you went off your planned route, your check-in ran late), Aya calls you to make sure you're okay before we alert your squad. You can also tap “Talk to Aya about it” after a session to debrief out loud.

When Aya calls, here's what we keep:

• The transcript of the conversation, encrypted, for 30 days. After that, it's gone automatically.
• A short record of the call (when she called, how long it lasted, what she concluded). We keep this for as long as your account is active so you can see your safety history.
• For “Talk to Aya about it” reflection calls only, Aya generates 3 first-person notes from the call (“your notes from tonight”). They're yours alone, never shared with your squad. You can edit or delete them any time.

What we don't keep: the audio. Aya runs on ElevenLabs, who handle her voice and the live transcription. We don't ask them to record the audio, and we don't store it on our side either.

What you can do:

• Read every transcript via Account → Privacy receipts.
• Delete a transcript early. We clear the transcript and any notes immediately.
• Share a transcript with someone you choose, via a one-time link that expires in 24 hours. You can redact lines before you share, and revoke the link any time.
• Disable Aya in your account settings. Voice triggers fall back to SMS-only safety alerts.

If you live somewhere that requires both people to consent to call recording (California, Florida, and a few other US states), Aya starts the call by saying the call will be transcribed.

After the call ends, the post-call transcript may run through Anthropic (Claude) so we can tell whether you sounded fine or whether your squad needs to step in. Anthropic processes transcript text only, not the audio. Production enablement requires our DPA evidence file to confirm the active retention and transfer terms for Safi's organisation.

We use your data to provide the Safi service, process payments, improve how Safi works, communicate with you about your checks, and prevent fraud and abuse.

We do NOT use your data for advertising, profiling, or selling to third parties.

We work with a small number of trusted service providers and public-record data sources to process payments, deliver messages, generate reports, track errors, and understand how people use Safi. Those include Stripe and Apple for payments, Twilio for messaging and voice, ElevenLabs for Aya voice, Anthropic for report generation and transcript evaluation, Sentry for crash reporting, and PostHog for product analytics. Each provider only receives the minimum data needed for its role, and processors are required to protect your data under their contract or published terms.

• Supabase provides database hosting, authentication, storage, and account sessions.
• Stripe processes web payments. Apple processes in-app purchases on iOS.
• Twilio delivers SMS, WhatsApp, and voice connectivity. ElevenLabs powers Aya voice and transcription.
• Anthropic processes report generation, OSINT reasoning, claim verification, and voice transcript evaluation.
• PostHog provides product analytics. Sentry provides crash and error reporting.
• People Data Labs and IPQS support US identity resolution, phone validation, and fraud checks.
• Serper supports public web search used by the OSINT pipeline.
• CourtListener, Offenders.io, the Federal Bureau of Prisons, and FBI public records support US court, offender, custody, and public safety source checks.
• Google Maps Platform and Mapbox support places, routing, maps, and Go-session location surfaces.

We do not sell, rent, trade, or otherwise monetise your personal data. We do not share your data with data brokers or advertisers.

Safi is NOT a Consumer Reporting Agency as defined by the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.). We do not provide “consumer reports” as defined by the FCRA. Safi reports are for personal informational purposes only and may not be used for employment, credit, housing, insurance, or any other purpose regulated by the FCRA.

If you're a California resident, you have the right to know what personal information we've collected, request corrections, request deletion, and opt out of any sale of personal data (we don't sell it, so there's nothing to opt out of). During active safety sessions you start, Safi may collect precise location, which some privacy laws treat as sensitive personal information. We use it only to provide the safety features you requested, not to infer characteristics, sell, share, or advertise, and you can limit it by ending the session or changing iOS location permission. We won't treat you differently for exercising your privacy rights. To exercise these rights, email privacy@getsafi.ai. We'll respond within 45 days.

Other US states, including Virginia, Colorado, Connecticut, Utah, and Texas, have enacted similar privacy laws. If you're a resident of one of these states, you can exercise your rights by emailing privacy@getsafi.ai.

Safi does not sell or share your personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not engage in targeted advertising based on your activity across other websites or services.

If you have questions about this practice or wish to exercise your rights, contact us at privacy@getsafi.ai.

You can also opt out of optional analytics cookies now:

We use essential cookies to keep Safi working (authentication and session management) and optional analytics cookies to understand usage patterns. You can opt out of analytics cookies from this page at any time. We don't use advertising cookies, tracking pixels, or third-party cookies for ad targeting.

Your data is encrypted in transit and at rest, protected by row-level database security, and accessible only to essential systems. Check results are automatically deleted after 7 days. Voice call transcripts are encrypted at rest and automatically deleted after 30 days. No system is perfectly secure. If we discover a data breach that affects your information, we'll notify you without unreasonable delay, and in any event within 30 days of discovery.

Your data is primarily processed in the United States by our database, payment, messaging, analytics, AI, and public-record source providers. Some providers, including Stripe, Twilio, Anthropic, Supabase, Sentry, PostHog, PDL, IPQS, Serper, ElevenLabs, Google, and Mapbox, may process data in the United States or other countries where they operate. Our corporate entity is based in the UAE, and business administration may involve data access from the UAE. We rely on provider DPAs, standard contractual safeguards, public-record source terms, and data-minimisation controls for these transfers.

Safi is not for anyone under 18. We don't knowingly collect data from minors. If we learn that a user is under 18, we'll delete their account and data.

We may update this policy from time to time at our sole discretion. Non-material changes (clarifications, formatting, updated contact information, new sub-processor disclosures where the data category is unchanged) take effect immediately upon being posted on this page.

For material changes affecting how we collect, use, share, or retain your personal information, we will notify you through reasonable means (such as email or in-app notice) before they take effect, as required by applicable law (including the CCPA, GDPR for any EU/UK users, and the data-protection regimes of your jurisdiction). Your continued use of Safi after changes are posted constitutes acceptance of the updated policy. If you don't agree to a material change, your remedy is to stop using Safi and request deletion of your data.

If any provision of this policy is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

Safi is operated by Safi Technologies L.L.C-FZ, a limited liability company (free zone) registered in Meydan Free Zone, Dubai, United Arab Emirates (license 2647207.01). Our registered office is at Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates.

Privacy questions: privacy@getsafi.ai
General questions: hello@getsafi.ai