Privacy Policy.
1. Who we are
Sageware Solutions Inc. ("Sageware", "we", "us") operates the website sageware.io and provides embedded engineering (Sageware Squads) and end-to-end product build (Sageware Labs) services.
For the purposes of the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, the "DPA"), the EU and UK General Data Protection Regulation ("GDPR"), and other applicable privacy laws, Sageware Solutions Inc. is the personal information controller / data controller of personal data collected through this website.
Sageware Solutions Inc.
Unit 1015, 10th Floor, Parkway Corporate Center,
Corporate Ave., Filinvest City, Alabang,
Muntinlupa, 1780, Philippines
hello@sageware.io · +63 961 707 9255
2. What this policy covers
This policy explains what personal data we collect through sageware.io, why we collect it, who we share it with, how long we keep it, and the rights you have over it. It applies to website visitors and people who contact us or book a discovery call. Data we process on behalf of clients under a services agreement is governed by that agreement and the applicable data processing addendum, not this policy.
3. Personal data we collect
Data you give us
- Contact / discovery-call form: first name, last name, company name, country or region, email address, and your consent record. The form is processed by HubSpot (see Section 6).
- Direct correspondence: anything you send us by email (hello@sageware.io) or share during a discovery call.
Data collected automatically
- Analytics data (only with your consent — see Section 5): pages viewed, approximate location derived from IP address, device and browser type, referral source, and interaction data such as clicks and scrolling, collected via Google Analytics 4 and Microsoft Clarity.
- Server logs: our hosting provider (Vercel) records standard request logs — IP address, user agent, requested URL, and timestamp — for security and operations.
We do not knowingly collect sensitive personal information (as defined in the DPA) or special categories of data (as defined in the GDPR) through this website, and we ask that you not submit any through the contact form.
4. Why we process it, and on what legal basis
| Purpose | Data | Legal basis |
|---|---|---|
| Responding to your inquiry and scheduling a discovery call | Contact-form data, correspondence | Consent (DPA §12(a); GDPR Art. 6(1)(a)); steps prior to entering a contract (GDPR Art. 6(1)(b)) |
| Sales follow-up and relationship management (CRM) | Contact-form data, correspondence | Consent; our legitimate interest in developing our business (GDPR Art. 6(1)(f)) |
| Understanding how the site is used and improving it | Analytics data | Consent (GDPR Art. 6(1)(a); ePrivacy rules on cookies) |
| Site security, abuse prevention, and diagnostics | Server logs | Legitimate interest in keeping the site secure and available (GDPR Art. 6(1)(f)) |
| Complying with legal obligations | Any of the above, as required | Legal obligation (DPA §12(c); GDPR Art. 6(1)(c)) |
We do not sell personal data, and we do not use it for automated decision-making that produces legal or similarly significant effects.
5. Cookies and similar technologies
Strictly necessary items (such as your saved cookie preference) are always active. Analytics cookies are set only after you accept them in the cookie banner. You can change your choice at any time via Cookie preferences (also linked in the footer).
| Cookie / technology | Provider | Purpose | Duration |
|---|---|---|---|
sw-cookie-consent (localStorage) | Sageware | Remembers your cookie choice | Until cleared |
_ga, _ga_* | Google Analytics 4 | Distinguishes visitors, measures site usage | Up to 13 months |
_clck, _clsk | Microsoft Clarity | Session replay and heatmaps | Up to 13 months |
hubspotutk, __hstc | HubSpot | Attributes your form submission to your visit | Up to 6 months |
6. Who we share personal data with
We share personal data only with service providers (personal information processors / data processors) who process it on our instructions under a data processing agreement:
| Provider | Role | Location |
|---|---|---|
| HubSpot, Inc. | Contact form and CRM | United States |
| Google LLC | Analytics (GA4), email (Google Workspace) | United States / global |
| Microsoft Corporation | Clarity analytics | United States / global |
| Vercel Inc. | Website hosting and logs | United States / global edge network |
We may also disclose personal data where required by law, to protect our legal rights, or as part of a corporate transaction (with notice to you where required).
7. International transfers
We are based in the Philippines and our providers operate in the United States and elsewhere, so your personal data may be transferred outside your country. Where we transfer data of individuals in the EEA, UK, or Switzerland, we rely on safeguards recognised under the GDPR — our providers' certification under the EU–US Data Privacy Framework and/or Standard Contractual Clauses. Transfers from the Philippines comply with the DPA and its implementing rules on outsourcing and accountability for transfers.
8. How long we keep it
- Inquiry and CRM records: for the life of our relationship and up to 24 months after our last meaningful contact, unless a longer period is required by law or an engagement follows.
- Analytics data: up to 14 months (GA4 retention setting).
- Server logs: retained briefly per our hosting provider's standard log retention.
When data is no longer needed, we delete or anonymise it.
9. Your rights
Depending on where you live, you have some or all of the following rights, which we honour regardless of jurisdiction wherever practicable:
- Access — obtain a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — ask us to delete your data.
- Objection and restriction — object to or restrict processing based on legitimate interest, including any direct marketing.
- Portability — receive data you gave us in a machine-readable format.
- Withdraw consent — at any time, without affecting prior processing (e.g., via the cookie banner, or by emailing us).
- Damages — under the DPA, be indemnified for damages sustained from inaccurate, incomplete, false, unlawfully obtained, or unauthorised use of personal data.
To exercise any of these rights, email hello@sageware.io with the subject line "Data privacy request". We will respond within 30 days (or sooner where the law requires) and may ask you to verify your identity first.
You also have the right to lodge a complaint with a supervisory authority:
- Philippines: the National Privacy Commission (privacy.gov.ph).
- EEA / UK: your local data protection authority, or the UK Information Commissioner's Office.
- Australia: the Office of the Australian Information Commissioner (oaic.gov.au).
United States state privacy laws
If you reside in a US state with a comprehensive privacy law, you may have additional rights, which you can exercise by contacting us as described above:
- California: the California Privacy Rights Act (CPRA) expands on the CCPA to include the right to correct inaccurate personal information and strict restrictions on the use and sharing of sensitive personal information. We do not sell or share personal information as defined by that law, and we do not collect sensitive personal information through this site.
- Virginia: the Consumer Data Protection Act (CDPA) requires opt-in consent before processing sensitive data. We do not process sensitive data as defined by the CDPA; if that ever changes, we will ask for your consent first.
- Colorado: the Colorado Privacy Act (CPA) grants residents the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects, and the right to data portability. We do not engage in such profiling, and you may request a portable copy of your data at any time.
10. Security
We apply organisational, physical, and technical security measures appropriate to the risk: the site is served over HTTPS, access to CRM and analytics accounts is limited to authorised personnel, and we rely on the certified security programs of the processors listed above. No transmission over the internet is completely secure, so we cannot guarantee absolute security.
11. Children
This site is directed at businesses and is not intended for children under 18. We do not knowingly collect personal data from children; if you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this policy as our practices or the law change. The effective date at the top reflects the latest revision; material changes will be flagged on this page. Continued use of the site after changes take effect constitutes acceptance where the law allows, and we will seek fresh consent where it does not.
13. Contact
Questions, requests, or concerns about this policy or your personal data: hello@sageware.io, subject line "Data privacy request", or write to our registered address in Section 1, attention "Data Protection Officer".