Privacy Policy

Last updated: May 5, 2026

1. Introduction

Sutram Desenvolvimento de Software Ltda. ("we", "our", or "us") operates the sutram.io platform. This page informs you of our policies regarding the collection, use, and disclosure of personal information when you use our Service.

2. Data We Collect

2.1 Account Information

  • Email: Used for authentication and communication
  • Name: For personalization and identification in projects
  • Avatar: Profile image (optional)
  • Preferences: Language, theme, and notification settings

2.2 Project Data

  • Files: Documents, images, videos, and other files you upload
  • Messages: Conversations in projects
  • Metadata: Information about files (name, size, type, date)

2.3 Usage Data

  • Access and navigation logs
  • Device and browser information
  • IP address and approximate location

3. How We Use Your Data

  • Provide and maintain the service
  • Authenticate and protect your account
  • Send notifications about project activities
  • Improve our services
  • Comply with legal obligations

4. Storage and Security

Your data is stored on secure servers:

  • Files: Amazon Web Services (AWS S3) — East United States region
  • Database: AWS RDS — East United States region

We implement technical and organizational security measures to protect your data, including encryption in transit (TLS) and at rest.

4.1 AI Assistant Integrations (MCP Connectors)

Sutram exposes a Model Context Protocol (MCP) server that lets you grant external AI assistants (e.g., Anthropic Claude) access to a single Sutram project of your choice.

When you authorize an AI integration:

  • You select one project per connection via the OAuth consent screen.
  • The AI provider receives a short-lived access token (1 hour) and a refresh token. Tokens are scoped to the project you selected.
  • Tool requests (search, read, edit, comment, etc.) are processed on the AI provider's infrastructure in real time. The data returned by Sutram tools (file metadata, document content you explicitly request, comments) flows through the AI provider as part of the model's context.
  • Sutram does not store the conversation between you and the AI assistant. We only persist the resulting changes you authorize (e.g., a comment you ask the assistant to create).
  • You can revoke access at any time from your Sutram account settings. Revocation immediately invalidates all access and refresh tokens for that connection.

The AI provider's own privacy policy applies to how it processes your queries and the tool results it receives. For Anthropic Claude, see https://www.anthropic.com/privacy.

5. Cookies

We use the following cookies:

  • sutram_locale: Stores your language preference
  • sutram_cookie_consent: Records your cookie consent
  • _sutram_key: Session cookie for authentication

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Infrastructure providers: AWS, Fly.io (to host the service)
  • Email providers: For sending notifications
  • Payment processors: Stripe and Paddle (when you subscribe to a paid plan; only billing-relevant data is shared with them, never project content)
  • AI assistants you authorize: When you connect an external AI assistant via OAuth (see §4.1), Sutram shares the data needed to fulfill the assistant's tool requests within the scope you granted. You control the project scope and can revoke at any time.
  • Legal authorities: When required by law

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure of your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, contact us at: privacy@sutram.io

8. Data Retention

  • Active account: Data retained while account exists
  • After deletion: Data removed within 30 days
  • Backups: Retained for up to 90 days for recovery

9. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of significant changes via email or a notice on the service.

10. Contact

For questions about this policy or your personal data: