Skip to main content
SaSame V1 Stable

Data Handling & AI Connector Policy

Last updated: May 16, 2026

This page explains how SaSame handles workspace data, AI connector activity, analytics, and medical-data boundaries for client portal usage.

1. Scope of the service

SaSame is a consulting operations and client-workspace platform. It supports lead management, tasks, deliverables, reports, feedback, templates, analytics, and AI-app connector workflows.

2. Data we process

Depending on how the workspace is used, SaSame may process:

  • Account data such as name, email, role, company, and workspace membership.
  • Workspace content such as leads, notes, tasks, deliverables, templates, feedback, and reports.
  • Connector metadata such as tool calls, timestamps, workspace id, and audit logs.
  • Product analytics such as page views, AI deep-link clicks, lead activity, feedback workflow events, and non-cookie outreach link click records.

3. AI connector and MCP data handling

SaSame exposes a workspace-scoped MCP connector. Connector tokens are bound to a single authenticated workspace. The connector is designed to write only the supported record types shown in the portal, such as deliverables, tasks, feedback, sales leads, sales activities, reports, and workflow events.

  • The connector does not provide shell access, billing changes, delete operations, or cross-customer workspace access.
  • Write tools are audited with workspace context and tool-call metadata.
  • Users should not submit secrets, passwords, patient records, or highly sensitive regulated data through AI chats.
  • ChatGPT, Claude, and other AI hosts may have their own data handling policies. Users should review those policies separately.

4. Medical, dental, and PHI limitation

SaSame V1 is not a clinical record system and is not intended to store PHI.

For dental and healthcare-related consulting use cases, SaSame V1 should be used for business operations, public-facing workflow review, sales/marketing operations, general task management, and non-PHI client deliverables only. Users must not upload, paste, store, or transmit patient records, diagnosis information, treatment plans tied to identifiable patients, insurance records, or any protected health information through the portal or AI connector.

5. Analytics and product telemetry

SaSame uses internal analytics and optional Google Analytics 4 measurement to understand product usage and improve the portal. Analytics events are intended to describe product behavior, not the contents of confidential client work. GA4 measurement follows the cookie consent choice shown in the portal.

For outreach workflows, SaSame may create non-cookie tracking links that record a click timestamp, lead/workspace association, destination asset, campaign label, referrer, user agent, and a hashed IP address. Tracking links are designed to avoid exposing names or email addresses in the URL and are used to help users prioritize interested leads.

6. Retention and deletion

Workspace records are retained while the workspace is active unless deleted or exported according to the applicable service agreement. Account or workspace deletion requests can be submitted to support. Some security, billing, and audit records may be retained for legal, tax, fraud prevention, and operational continuity reasons.

7. Security controls

  • Workspace-scoped authentication and authorization.
  • Audited AI connector write operations.
  • Separation between public pages, authenticated portal pages, and internal administration workflows.
  • Limited MCP tool surface: no delete tool, no shell execution tool, no cross-workspace read/write tools.
  • Transport encryption through hosted HTTPS endpoints.

8. Contact

For privacy, data handling, or deletion requests, contact support@sasame.online.