Privacy Policy — SAASALE

Effective Date: April 14, 2026

1. Introduction

SAASALE ("we", "us", "our") operates the saasale.com platform ("Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform.

By using the Platform, you consent to the data practices described in this policy. If you do not agree, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide

Account information: name, email address, and profile photo provided through Google OAuth or email authentication.
Project listings: SaaS business details including domain, description, category, asking price, target audience, tech stack, and financial metrics.
Payment provider API keys: read-only restricted API keys from Stripe, LemonSqueezy, Paddle, RevenueCat, and other supported providers, used solely for revenue verification. We access only aggregated financial metrics (total revenue, MRR, active subscriptions, customer count). We never access personal customer data from your payment provider.
Communications:messages sent through the Platform's deal chat system, co-founder messages, and offer details.
Payment information: processed entirely by Stripe and Escrow.com. We do not store credit card numbers, bank account details, or other payment credentials on our servers.

2.2 Information Collected Automatically

Usage data: pages visited, projects viewed, search queries, features used.
Device information: browser type, operating system, screen resolution via standard HTTP headers.
Cookies: session cookies for authentication, preference cookies for view count deduplication (24-hour expiry), and analytics cookies.
Analytics: we use PostHog for product analytics to understand how users interact with the Platform. PostHog collects anonymized usage events such as page views and feature usage.

2.3 Information from Third Parties

Payment providers: aggregated financial metrics (revenue, subscriptions, customer count) from Seller-connected payment provider APIs.
Public data sources: business information from public marketplaces, SEO data from DataForSEO, and enrichment data from Perplexity AI for Projects already publicly listed elsewhere.

3. How We Use Your Information

We use collected information for the following purposes:

Operating and maintaining the Platform
Processing account registration and authentication
Displaying Project listings and generating AI Deal Scores
Generating Deep Analysis Reports using AI (Anthropic Claude)
Facilitating Deals between Buyers and Sellers
Processing payments through Stripe and Escrow.com
Sending transactional emails (deal notifications, report completion, buyer alerts)
Sending newsletter digests (with opt-out available)
Verifying Seller revenue through connected payment provider APIs
Improving Platform features and user experience through analytics
Detecting and preventing fraud, abuse, and Terms violations
Complying with legal obligations

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 With Other Users

Seller Project information (description, metrics, category) is displayed to Buyers on the Platform
Deal communications are shared between the Buyer and Seller involved in a specific Deal
Seller email is shared with a Buyer only when a Buyer uses the Reach Out feature, with rate limiting (3 messages per hour)
Buyer watch counts are shown as an aggregate number on Project pages, without identifying individual watchers

4.2 With Service Providers

We share information with third-party services necessary to operate the Platform:

Stripe (stripe.com):payment processing for listings, reports, and API subscriptions. Subject to Stripe's Privacy Policy.
Escrow.com (escrow.com):escrow services for Deal transactions. Buyer and Seller information is shared with Escrow.com to facilitate secure transactions. Subject to Escrow.com's Privacy Policy.
Google (accounts.google.com): OAuth authentication. We receive your name, email, and profile photo.
Resend (resend.com): email delivery for transactional and notification emails.
Anthropic/OpenRouter: AI analysis and report generation. Project data (financial metrics, descriptions) is sent to AI models for scoring and report generation. No personal user data is included in AI requests.
Perplexity: data enrichment for Project descriptions and market analysis.
PostHog: anonymized product analytics.
Vercel: hosting and content delivery.

4.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on a dedicated server. We implement reasonable security measures including:

Encrypted connections (HTTPS/TLS) for all Platform traffic
Hashed API keys (SHA-256) — raw API keys are never stored
HttpOnly, SameSite cookies for session management
Rate limiting on API endpoints and sensitive actions
Payment provider API keys are used for one-time verification and aggregated metric retrieval only

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

Account data is retained for the duration of your account plus 30 days after deletion
Project listings remain on the Platform until removed by the Seller or SAASALE
Deal communications are retained for the duration of the Deal plus 12 months
Deep Analysis Reports are retained indefinitely for caching and reuse purposes
Analytics data is retained in anonymized form
Payment records are retained as required by applicable tax and financial regulations

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access: request a copy of the personal data we hold about you.
Correction: request correction of inaccurate personal data.
Deletion: request deletion of your personal data, subject to legal retention requirements.
Data Portability: request your data in a machine-readable format.
Objection: object to processing of your personal data for certain purposes.
Withdrawal of Consent: withdraw consent for optional data processing (such as newsletter subscriptions) at any time.

To exercise any of these rights, contact us through the Contact page at saasale.com/contact. We will respond within 30 days.

8. Cookies

The Platform uses the following types of cookies:

Essential cookies: session authentication cookies required for the Platform to function. These cannot be disabled.
Functional cookies: view count deduplication cookies that prevent repeated counting of page views. These expire after 24 hours.
Analytics cookies: PostHog analytics cookies for understanding Platform usage patterns.

You can manage cookie preferences through your browser settings. Disabling essential cookies will prevent you from using authenticated features of the Platform.

9. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States, where our hosting and service providers operate. By using the Platform, you consent to the transfer of your data to these countries. We ensure appropriate safeguards are in place for international data transfers.

10. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email and update the "Effective Date" at the top of this document. Continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Contact Information

For privacy-related questions, data requests, or concerns, contact us through the Contact page at saasale.com/contact.