basics.ai
Terms of useContact

Legal

Privacy Policy

Last updated: April 28, 2026

basics.ai (“we”, “our”, or “the Company”) is operated by Sage7 AI Ltd. This Privacy Policy explains how we collect, use, share, and protect information about you when you use basics.ai and its suite of products (Outreach, eSign, Monk, Relay, and any future applications).

If you are using basics.ai on behalf of an organisation, this policy also applies to information collected from your organisation’s use of our services. By using basics.ai you agree to this policy.

1. Information we collect

1.1 Information you provide directly

  • Account information: name, work email address, company name, and password when you register.
  • Profile information: optional profile photo, job title, and contact preferences.
  • Billing information: payment card details are processed directly by our payment processor (Stripe). We store only the last 4 digits, expiry, and billing address.
  • Communications: messages you send us via contact forms, email, or in-app support.
  • Content you create: lead data, email sequences, signed agreements, uploaded documents, chat messages, and any other content you create within our products.

1.2 Information collected automatically

  • Usage data: pages visited, features used, clicks, search queries, and session duration.
  • Device and browser data: IP address, browser type and version, operating system, device identifiers, and time zone.
  • Authentication tokens: short-lived JWT access tokens and longer-lived refresh tokens stored as secure HttpOnly cookies for session continuity across our apps.
  • Cookies and local storage: see Section 6 (Cookies) for details.

1.3 Information from third parties

  • Microsoft OAuth: if you sign in via Microsoft, we receive your name, email, and profile photo as authorised by you during the OAuth flow.
  • Lead data sources: Outreach uses third-party company and contact databases (including Apollo.io and similar providers) to surface lead information. That data is subject to the provider’s privacy policy and collected under legitimate interest for B2B outreach.

2. How we use your information

We use the information we collect to:

  • Provide, operate, and improve our products and services.
  • Authenticate you and maintain session security across the basics.ai suite.
  • Process transactions and send related billing communications.
  • Send product updates, security alerts, and support messages (transactional — opt-out available).
  • Send marketing emails about new features and products (only with your consent, which you can withdraw at any time).
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Comply with our legal obligations.
  • Conduct analytics to understand aggregate usage patterns and improve the platform.

We do not use your content (lead data, documents, messages) to train AI models or sell data to third parties.

3. Legal bases for processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:

  • Contract performance: processing necessary to provide the services you’ve signed up for.
  • Legitimate interests: security, fraud prevention, product analytics, and B2B lead processing.
  • Consent: marketing communications and non-essential cookies. You may withdraw consent at any time.
  • Legal obligation: compliance with applicable laws and regulations.

4. How we share your information

We do not sell your personal data. We share information only in the following circumstances:

  • Service providers: we engage sub-processors to provide hosting (AWS), payment processing (Stripe), email delivery (Resend), and analytics. All sub-processors are bound by data processing agreements.
  • Your organisation: if you join an organisation workspace, workspace administrators can view member activity logs and manage access.
  • Legal requirements: we may disclose information if required by law, court order, or government authority, and will notify you where legally permitted.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before such a transfer.

5. Data retention

  • Account and usage data is retained for as long as your account is active and for up to 90 days after deletion.
  • Signed agreements and audit logs are retained for 7 years to comply with legal and regulatory requirements.
  • Chat messages and uploaded documents are deleted 30 days after account deletion unless you export them first.
  • Billing records are retained for 7 years per financial regulations.

6. Cookies and tracking

We use the following categories of cookies:

  • Essential cookies: authentication tokens (suite_access_token, suite_refresh_token), session identifiers, and security tokens. These cannot be disabled without breaking core functionality.
  • Preference cookies: dock position (bdock_prefs), UI settings, and cookie consent preferences. These persist your choices across visits.
  • Analytics cookies: used to understand aggregate usage patterns (with your consent). We use privacy-friendly analytics tools that do not fingerprint individuals or sell data.
  • Marketing cookies: used for advertising attribution (with your consent). You can opt out via our cookie preferences panel or the “Do Not Sell My Personal Information” link.

You can manage your cookie preferences at any time by clicking “Cookie preferences” in the footer.

7. Your rights

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
  • Portability: receive your data in a machine-readable format.
  • Restriction: request that we limit how we process your data.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: at any time, without affecting the lawfulness of processing before withdrawal.
  • CCPA (California): California residents may opt out of the sale or sharing of personal data. As we do not sell personal data, this right is automatically satisfied. You may still opt out of marketing and analytics via cookie preferences.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Data security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.2+ in transit, role-based access controls, regular security assessments, and SOC 2-compliant hosting infrastructure. Despite these measures, no system is completely secure. If we detect a breach affecting your data, we will notify you as required by applicable law.

9. International data transfers

Our infrastructure is hosted in the European Union and the United States. If your data is transferred outside your jurisdiction, we use Standard Contractual Clauses (SCCs) approved by the European Commission, and comply with the UK GDPR adequacy framework.

10. Children’s privacy

basics.ai is a B2B platform intended for users aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe a minor has submitted data to us, please contact [email protected] immediately.

11. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email and by posting a notice on the platform at least 14 days before the change takes effect. Continued use after the effective date constitutes acceptance.

12. Contact

For privacy-related questions or to exercise your rights:
Email: [email protected]
Post: Sage7 AI Ltd, Data Protection, [Registered Address]

If you are in the EEA and believe we have not addressed your complaint adequately, you have the right to lodge a complaint with your local data protection authority.