SaasDash.ai

Privacy Policy

Last updated: March 2, 2026

SaasDash.ai ("we", "us", "our") operates a SaaS metrics dashboard that helps founders predict their Growth Ceiling and optimize acquisition, retention, and expansion. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

Account Data

When you sign in via Google or GitHub OAuth, we receive and store your email address, display name, and profile picture. We do not receive or store your Google or GitHub passwords.

Company Profile

You may provide business information including company name, industry, growth stage, business model, target audience, team size, funding stage, and preferred currency. This data is used to contextualize your metrics and AI-generated insights.

SaaS Metrics

You enter business metrics such as current customer count, new customers per month, churn rate, average revenue per account (ARPA), sales and marketing spend, and activation rates. These are stored to calculate your Growth Ceiling, CAC, NRR, and other derived metrics. We also store hourglass audit responses, scenario projections, goal tracking data, and weekly pulse check entries.

AI Conversations

When you use our AI features (Ask Science, Activation Advisor), your conversation messages, the AI model used, token counts, and response times are stored. Your metrics and company context may be sent to Anthropic's Claude API to generate personalized insights. On the Scale plan, you may provide your own Anthropic API key (BYOK), which we encrypt using AES-256-GCM before storage. Only the last 4 characters are stored in plaintext for your reference.

Payment Information

Payments are processed by Stripe. We store your Stripe customer ID, subscription ID, and billing cycle dates. We never store credit card numbers, CVV codes, or full bank account details on our servers. All payment data is handled by Stripe in compliance with PCI DSS.

Affiliate Program

If you join our affiliate program, we store your referral code, custom slug, commission rates, and payout history. For referred visitors, we store a hashed IP address and user agent string for fraud prevention and conversion attribution. Affiliate payouts are processed through Stripe Connect.

NPS Surveys & Testimonials

We collect NPS survey scores (0–10) and optional comments. If you submit a testimonial via our Wall of Fame, we store your story, struggle, and breakthrough narratives, along with your name, role, and company name. Approved testimonials may be displayed on our public landing page.

Support & Feedback

Support tickets, feature requests, and votes you submit are stored along with message content and metadata. Notifications and metric alerts are tracked for delivery status.

2. Analytics & Cookies

Essential Cookies

We use session cookies set by NextAuth.js to maintain your authenticated session. A referral tracking cookie is set when you arrive via an affiliate link (?ref=CODE) to attribute conversions.

Analytics

We use PostHog and Google Analytics 4 to understand how users interact with SaasDash.ai. These services collect page views, feature usage events, and anonymized user properties (such as subscription plan). You can opt out of analytics by using browser extensions that block tracking scripts.

3. How We Use Your Data

  • Calculate and display your Growth Ceiling, CAC, NRR, and other SaaS metrics
  • Generate AI-powered insights using your metrics and company context
  • Process payments and manage your subscription
  • Send transactional emails (invites, notifications, alerts)
  • Track affiliate referrals and calculate commissions
  • Display approved testimonials on our landing page
  • Improve the product based on aggregated, anonymized usage patterns
  • Detect and prevent abuse, fraud, and AI prompt injection attempts

4. Third-Party Services

We share data with the following providers, each for a specific purpose:

  • Stripe — Payment processing and affiliate payouts (billing email, subscription data)
  • Anthropic (Claude) — AI-powered analysis (metrics context, conversation messages)
  • Google OAuth — Authentication (email, name, profile picture)
  • GitHub OAuth — Authentication (email, username, profile picture)
  • PostHog — Product analytics (anonymized usage events)
  • Google Analytics 4 — Web analytics (page views, events)
  • Resend — Transactional email delivery (email addresses, invite content)
  • Neon — PostgreSQL database hosting (all application data, encrypted at rest)
  • Vercel — Application hosting and deployment

We do not sell your personal data or business metrics to any third party.

5. Data Security

  • All data in transit is encrypted via HTTPS/TLS
  • Database hosted on Neon PostgreSQL with encryption at rest
  • BYOK API keys encrypted with AES-256-GCM using a dedicated encryption secret
  • Credit card data handled exclusively by Stripe (PCI DSS compliant)
  • Affiliate visitor IPs are hashed before storage
  • AI security system detects and logs prompt injection attempts
  • Audit logs track administrative actions on company data

6. Data Retention

We retain your data for as long as your account is active. Metric history retention depends on your plan (3 months for Starter, 12 months for Growth, unlimited for Scale). AI conversation history is retained until you archive or delete conversations. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

7. Your Rights

You have the right to:

  • Access — Request a copy of all personal data we hold about you
  • Correction — Update or correct inaccurate data via your account settings
  • Deletion — Request deletion of your account and associated data
  • Export — Export your metrics and company data
  • Objection — Object to data processing for analytics or marketing

To exercise any of these rights, contact us at privacy@saasdash.ai.

8. Children's Privacy

SaasDash.ai is a business tool designed for SaaS founders and professionals. We do not knowingly collect data from children under 16. If we learn that we have collected data from a child, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending an email. Continued use of SaasDash.ai after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests, contact us at privacy@saasdash.ai.