Privacy Policy

We collect the minimum data needed to run checks and deliver reports. We delete check results after 7 days. We don't sell your data. We don't share it with advertisers. We only search publicly available databases: government registries, court records, business filings, and phone directories. If information about someone isn't in those public sources, we won't find it. But having verified information from public records is better than going in with none.

In this document, “Safi,” “we,” and “us” mean the company that operates getsafi.ai. Full company details are at the end of this page. For privacy questions, email privacy@getsafi.ai.

To use Safi, we need your phone number to verify your identity via a one-time code. When you run a check, we need the name and phone number of the person you're checking, along with your use case (date, landlord, contractor, etc.) so we can tailor the results. You can optionally provide additional details like a company name or city to improve accuracy.

If you make a purchase, your payment is handled by our payment processor. We never see or store your card details.

We also collect standard technical data (device type, pages visited, error logs) to keep Safi running smoothly. This data is anonymised and kept for up to 90 days.

When you run a check, we search publicly available sources for information about the person you're checking: phone directory listings, business registrations, court records, sanctions databases, publicly available social media profiles, and news mentions. All of this information is already publicly available. We don't access private accounts, intercept communications, or obtain information through any illegal means.

Report details are automatically deleted after 7 days. Basic check history (what you checked and when) is kept while your account is active. Your account information (phone number) is kept while your account is active and deleted within 30 days if you close your account.

Yes, for a few specific things. When you give us your phone number, you agree to receive text messages (SMS), WhatsApp messages, and voice calls from us for:

• One-time verification codes when you sign in.
• Safety alerts and check-ins during a Go session (our “Watch Over Me” feature), sent to you and to the safety contacts you have added.
• Voice calls from Aya, our safety voice, when a Go session safety trigger fires (you held SOS without sliding to cancel, you tapped uneasy, you went off your planned route, your check-in ran late) or when you ask Aya to call you back to debrief a session.
• Voice calls from Aya to your squad if a safety call to you ends with us not reaching you. We call squad members one at a time, in your set order, until someone commits to checking on you.
• Alerts about new findings on people you have added to your watchlist.
• Operational notifications about your account, for example payment receipts or expiry reminders.

Message and call frequency varies based on how you use Safi. Standard message and data rates from your carrier may apply. We do not send marketing or promotional messages.

To stop receiving SMS from us, reply STOP to any message. You will receive a confirmation, and we will stop sending messages to that number. To get help, reply HELP or email hello@getsafi.ai. Stopping SMS will also stop the safety alerts above, so we recommend keeping SMS on while you are an active Safi user. You can also disable Aya voice calls in your account settings; safety triggers fall back to SMS-only alerts when Aya is off.

Our current providers are Twilio (SMS, WhatsApp connectivity, and voice telephony), the WhatsApp Business API via Twilio (WhatsApp messaging), and ElevenLabs (Aya's voice synthesis and live transcription). In the United States, SMS is sent from a US long-code number.

Aya is the voice we use to check on you. When something on your phone signals you might need help (you held SOS without sliding to cancel, you tapped uneasy, you went off your planned route, your check-in ran late), Aya calls you to make sure you're okay before we alert your squad. You can also tap “Talk to Aya about it” after a session to debrief out loud.

When Aya calls, here's what we keep:

• The transcript of the conversation, encrypted, for 30 days. After that, it's gone automatically.
• A short record of the call (when she called, how long it lasted, what she concluded). We keep this for as long as your account is active so you can see your safety history.
• For “Talk to Aya about it” reflection calls only, Aya generates 3 first-person notes from the call (“your notes from tonight”). They're yours alone, never shared with your squad. You can edit or delete them any time.

What we don't keep: the audio. Aya runs on ElevenLabs, who handle her voice and the live transcription. We don't ask them to record the audio, and we don't store it on our side either.

What you can do:

• Read every transcript via Account → Privacy receipts.
• Delete a transcript early. We clear the transcript and any notes immediately.
• Share a transcript with someone you choose, via a one-time link that expires in 24 hours. You can redact lines before you share, and revoke the link any time.
• Disable Aya in your account settings. Voice triggers fall back to SMS-only safety alerts.

If you live somewhere that requires both people to consent to call recording (California, Florida, and a few other US states), Aya starts the call by saying the call will be transcribed.

After the call ends, the post-call transcript runs through Anthropic (Claude) so we can tell whether you sounded fine or whether your squad needs to step in. Anthropic processes the transcript text only, not the audio, under their zero-retention API policy.

We use your data to provide the Safi service, process payments, improve how Safi works, communicate with you about your checks, and prevent fraud and abuse.

We do NOT use your data for advertising, profiling, or selling to third parties.

We work with a small number of trusted service providers to process payments, deliver messages, generate reports, track errors, and understand how people use Safi. Each provider only receives the minimum data needed to do their job, and all are contractually required to protect your data.

We do not sell, rent, trade, or otherwise monetise your personal data. We do not share your data with data brokers or advertisers.

Safi is NOT a Consumer Reporting Agency as defined by the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.). We do not provide “consumer reports” as defined by the FCRA. Safi reports are for personal informational purposes only and may not be used for employment, credit, housing, insurance, or any other purpose regulated by the FCRA.

If you're a California resident, you have the right to know what personal information we've collected, request corrections, request deletion, and opt out of any sale of personal data (we don't sell it, so there's nothing to opt out of). We do not collect sensitive personal information as defined by the CPRA. We won't treat you differently for exercising your privacy rights. To exercise these rights, email privacy@getsafi.ai. We'll respond within 45 days.

Other US states, including Virginia, Colorado, Connecticut, Utah, and Texas, have enacted similar privacy laws. If you're a resident of one of these states, you can exercise your rights by emailing privacy@getsafi.ai.

Safi does not sell or share your personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not engage in targeted advertising based on your activity across other websites or services.

If you have questions about this practice or wish to exercise your rights, contact us at privacy@getsafi.ai.

We use essential cookies to keep Safi working (authentication and session management) and optional analytics cookies to understand usage patterns. You can opt out of analytics cookies when you first visit. We don't use advertising cookies, tracking pixels, or third-party cookies for ad targeting.

Your data is encrypted in transit and at rest, protected by row-level database security, and accessible only to essential systems. Check results are automatically deleted after 7 days. Voice call transcripts are encrypted at rest and automatically deleted after 30 days. No system is perfectly secure. If we discover a data breach that affects your information, we'll notify you without unreasonable delay, and in any event within 30 days of discovery.

Your data is primarily processed in the United States by our service providers (Supabase for database hosting, Anthropic for report generation, Stripe for payments, Twilio for messaging and voice connectivity, ElevenLabs for Aya's voice). Our corporate entity is based in the UAE. Some business administration may involve data access from the UAE. We ensure that all data transfers are protected by appropriate safeguards.

Safi is not for anyone under 18. We don't knowingly collect data from minors. If we learn that a user is under 18, we'll delete their account and data.

If we make material changes, we'll notify you via email or in-app notice at least 30 days before they take effect. Your continued use of Safi after the effective date means you accept the updated policy.

If any provision of this policy is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

Safi is operated by Safi Technologies L.L.C-FZ, a limited liability company registered in Meydan Free Zone, Dubai, United Arab Emirates (license 2647207.01). Our registered office is at Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates.

Privacy questions: privacy@getsafi.ai
General questions: hello@getsafi.ai