say less office

Privacy Policy

Last updated June 13, 2026

This Privacy Policy explains how Say Less Office ("Say Less Office", "we", "us") collects, uses, shares, and protects information when you use our website and content workspace (the "Service"). It applies both to the social media managers who use Say Less Office to plan and manage content and to the clients they invite into a workspace. By using the Service, you agree to the practices described here.

Our role

Say Less Office is a workspace where social media managers plan content and collaborate with their clients. Because of that, we handle two kinds of information differently:

  • For your own account and how you use the Service, Say Less Office is the data controller.
  • For information you add about your clients (such as their contact details), or that your clients add about themselves, you - the account holder - are the controller, and Say Less Office acts as a processor that stores and processes that information on your behalf and under your instructions. If you manage other people's information in the Service, you are responsible for having a lawful basis to do so.

Information we collect

  • Account and profile information - your name, email address, and password (stored only in hashed form), plus optional profile details such as an avatar and short bio, and your settings such as timezone and notification preferences.
  • Workspace and client information - the name and branding of your workspace, the client projects you create, and the contact and business details you enter about your clients (for example a client's name, email, phone number, business name, website, and social handles). When you invite a client or collaborator, we store their email address and an invitation token.
  • Content you create - posts, drafts, captions, hashtags, content ideas, comments, internal notes, reusable snippets, labels, calendar entries, tasks, and brand assets you add to the Service.
  • Media you upload - the images, video, and documents you upload, which are stored as files in private cloud storage.
  • Billing information - if you subscribe to a paid plan, your payment is handled by our payment provider, Lemon Squeezy, acting as the merchant of record. We receive and store billing references such as a customer ID, subscription ID, plan, seat count, and subscription status. We do not receive or store your full card number. We also store any invoices you create for your own clients within the Service.
  • Communications and email activity - when we send service emails to you or to clients you invite (such as sign-in links, password resets, invitations, and notifications), we keep delivery records, including whether a message was delivered, bounced, or opened, so we can operate and troubleshoot these messages.
  • Technical and usage data - we automatically receive certain information from your device and browser, including your IP address, approximate location derived from it, device and browser type, and server logs. We use a lightweight performance tool (Vercel Speed Insights) to measure page performance. We do not use third-party advertising or behavioral-analytics trackers.

How we use your information

  • To provide, operate, and maintain the Service.
  • To authenticate you and keep your account and workspace secure.
  • To enable collaboration between you and the clients and collaborators you invite.
  • To process payments and manage subscriptions, through Lemon Squeezy.
  • To send service-related messages, and - only where permitted or with your consent - occasional product updates.
  • To monitor performance, debug, and improve the Service.
  • To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
  • To comply with our legal obligations.

Legal bases for processing

If you are in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases:

  • Performance of a contract - to provide the Service you have signed up for.
  • Legitimate interests - to secure, maintain, troubleshoot, and improve the Service and communicate with you about it, balanced against your rights.
  • Consent - for any optional marketing messages and for non-essential cookies, where required. You can withdraw consent at any time.
  • Legal obligation - where we must process information to comply with the law.

Where you use Say Less Office to process your clients' personal information, you are responsible for establishing the legal basis for that processing.

How we share information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only in these cases:

  • Service providers (subprocessors). We rely on a small number of trusted providers to run the Service. They process information only to provide services to us and are bound to protect it:
    • Vercel - application hosting, content delivery, and server infrastructure;
    • Neon - our managed database, where account, workspace, and content data is stored;
    • Cloudflare R2 - private file storage for the media and documents you upload;
    • Resend - delivery of transactional emails;
    • Lemon Squeezy - payment processing and subscription billing, as merchant of record.
  • Legal and safety - when required by law, or to protect the rights, property, or safety of Say Less Office, our users, or the public.
  • Business transfers - if Say Less Office is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction; we will notify you of any change in control of your personal information.

We keep this list current and will update this policy if our subprocessors change materially.

Artificial intelligence

We do not send the content you create to third-party AI services, and we do not use your content to train AI or machine-learning models.

International data transfers

Say Less Office stores data on managed infrastructure located in the European Union. Some of our providers operate in the United States or other countries, so your information may be transferred to and processed in countries outside your own, including the United States. Where we transfer personal data out of the EEA or the UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or an adequacy decision.

Cookies

We use cookies and similar technologies that are necessary to operate the Service - for example, to keep you signed in and remember your preferences - and a privacy-friendly tool to measure page performance. We do not use advertising cookies or third-party behavioral-analytics trackers. You can control cookies through your browser settings, though some features may not work without the essential ones. Where required by law, we will ask for your consent before setting non-essential cookies.

Data retention

We keep your information for as long as your account or workspace is active, or as long as needed to provide the Service and meet our legal, accounting, and security obligations. When you delete content or media, we remove it from our active systems; copies may persist briefly in backups before being overwritten. You can ask us to delete your account and associated personal information at any time using the contact details below, and we will do so unless we are required to retain it by law.

Your rights

Depending on where you live, you may have some or all of the following rights over your personal information: to access it, correct it, delete it, export it (portability), object to or restrict certain processing, and withdraw consent. To exercise any of these rights, contact us at the address below, and we will respond as required by applicable law. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

If your personal information is held in a workspace managed by a social media manager who is our customer, please contact them first, as they control that information; we will assist them in responding to your request.

California privacy rights

If you are a California resident, you have the right to know what personal information we collect, to delete it, to correct it, and to opt out of its "sale" or "sharing." We do not sell or share your personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights. The categories of personal information we collect are described in "Information we collect" above - identifiers such as your name and email; commercial information such as subscription records; internet and network activity such as IP address and email-delivery records; and the content and files you choose to provide. To exercise your rights, contact us using the details below; you may use an authorized agent where permitted.

Security

We use technical and organizational measures to protect your information, including encrypted connections (HTTPS) for data in transit, access controls, and hashed storage of account passwords (we never store them in plain text). No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

Children

The Service is intended for businesses and professionals and is not directed to children. You must be at least 16 years old to use the Service, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, notify you.

Contact

Questions about this policy, or want to exercise your rights? Email us at hello@saylessoffice.com.

← Back to home