Privacy Policy

1. Overview

This Privacy Policy explains how the Sift service (“we”, “us”) collects, uses, stores, and shares information when you use our websites, sign in, manage teams, or call our APIs. It should be read together with our Terms of Service.

2. Information we collect

Account and identity

When you sign in with a supported provider (for example Discord), we may receive an account identifier, email address, display name, and profile image URL from that provider. We use this to create and maintain your account, enforce access rules (such as allowlists), and communicate about the Service when appropriate.

Teams and invitations

If you create or join a team, we store team metadata, membership, and invite-related records needed to administer access and API keys.

API requests

When you call the detection API with a valid team key, we may log operational metadata such as route version (v1 or v2), HTTP method, status code, response time, detected language (on success), coarse error codes, optional coarse geographic information derived from the request (for example country), and a short preview of input text (truncated to limit how much content is retained).

Technical data

Like most web services, we receive technical data from your browser or client automatically, such as IP address, user agent, and headers needed to process HTTP requests. Hosting and database providers may also process such data on our behalf.

3. How we use information

We use the information above to:

• Provide, secure, and improve the Service.
• Authenticate users, issue and validate API keys, and enforce team permissions.
• Diagnose failures, monitor performance, and detect abuse.
• Comply with law and protect rights, safety, and integrity of users and the Service.

4. Legal bases (EEA, UK, Switzerland)

Where the GDPR or similar laws apply, we rely on performance of a contract (providing the Service), legitimate interests (security, abuse prevention, product improvement balanced against your rights), and, where required, consent for optional activities. We process information as necessary to comply with legal obligations.

5. Sharing and processors

We use service providers to host the application, run the database, and operate authentication. They access data only to perform services for us under contractual safeguards.

Certain API versions may invoke third-party language-inference services that send request text over the network. Those providers process content according to their own policies when such code paths run.

We do not sell your personal information. We may disclose information if required by law, to protect rights, or as part of a merger or acquisition with appropriate notice where required.

6. Retention

We retain account and team data while your relationship with the Service continues and for a reasonable period afterward for backups, legal compliance, and dispute resolution. API logs may be retained for a limited operational window; exact periods can vary with configuration and cost constraints. You may request deletion where applicable law requires it, subject to legitimate retention needs.

7. Security

We use industry-standard measures appropriate to the nature of the Service, including transport encryption for browser traffic when configured correctly and access controls on backend systems. No method of transmission or storage is completely secure though.

8. International transfers

If you access the Service from outside the country where systems are hosted, your information may be processed in other countries with different data-protection laws. Where required, we use appropriate safeguards such as standard contractual clauses.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, or export personal data, and to object to or restrict certain processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us using the information below. We may need to verify your request.

10. Children

The Service is not directed to children under the age where parental consent is required for processing their data. We do not knowingly collect personal information from such children.

11. Changes

We may update this Privacy Policy from time to time. We will post the revised version and update the “Last updated” date. Continued use after changes constitutes acceptance where permitted by law.

12. Contact

Privacy questions or requests: contact us.