Privacy Policy

1. Who We Are

This Privacy Policy applies to all products and services operated by Hill Trade LLC ("we," "our," or "us"), including:

• The website sarahconsults.com and all subdomains
• The Sarah.AI mobile application (Android and iOS)
• AI consultation services, chat features, and booking systems
• All related communications (email, SMS, Telegram)

Hill Trade LLC is a business entity registered in the United States and is the data controller for personal information we process.

2. Data We Collect

We collect data in three ways: information you provide directly, information collected automatically, and information from third parties.

2.1 Information You Provide

2.2 Information Collected Automatically

2.3 Information We Do NOT Collect

• We do not collect precise GPS location
• We do not collect payment card numbers (payments handled by Stripe)
• We do not collect biometric data
• We do not collect audio or video recordings without explicit consent
• We do not collect data from users under age 18

3. How We Use Your Data

We use your personal data only for the following purposes:

• Provide services — operate the AI chat, process consultation bookings, deliver strategic advice
• Communicate with you — respond to inquiries, send booking confirmations, provide service updates
• Improve our services — analyze usage patterns to improve AI responses and user experience
• Security & fraud prevention — protect our systems and users from abuse
• Legal compliance — comply with applicable laws, regulations, and legal proceedings
• Marketing — send promotional communications only if you have opted in (you may opt out at any time)

4. Legal Basis for Processing GDPR

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data under the following legal bases as required by GDPR Article 6:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide you with the services you requested (e.g., AI consultation chat, booking confirmation)
• Legitimate interests (Art. 6(1)(f)): Service improvement, security monitoring, fraud prevention — where our interests do not override your fundamental rights
• Consent (Art. 6(1)(a)): Marketing emails and optional analytics — you may withdraw consent at any time without penalty
• Legal obligation (Art. 6(1)(c)): Where we are required to process data to comply with law

5. Data Sharing & Sub-processors

We share data only with trusted service providers ("sub-processors") who are contractually bound to protect it. We do not share data with advertisers.

We may also disclose personal data to law enforcement or government authorities when required by law, court order, or to protect the safety of our users or the public.

6. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy, or as required by law.

After the retention period, data is securely deleted or anonymized. You may request earlier deletion at any time (see Section 7 and 8).

7. Your Rights (EU / UK / EEA) GDPR

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

To exercise any of these rights, contact us at privacy@sarahconsults.com. We will respond within 30 days (extendable to 90 days for complex requests). We do not charge a fee for reasonable requests.

If you are in the EU, you may also file a complaint with your local supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.

8. California Residents CCPA / CPRA

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your California Rights

• Right to Know: Request disclosure of personal information we have collected about you in the past 12 months, including categories, sources, purposes, and third parties it was shared with.
• Right to Delete: Request deletion of personal information we collected from you (subject to certain exceptions).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information with third parties for cross-context behavioral advertising. No opt-out is currently necessary.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond providing our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected (CCPA)

How to Submit a CCPA Request

Submit a verifiable consumer request by emailing privacy@sarahconsults.com with subject line "CCPA Privacy Request". We will verify your identity and respond within 45 days. You may designate an authorized agent to submit requests on your behalf.

For California residents, our contact for privacy matters is also available at:
Hill Trade LLC · privacy@sarahconsults.com · Subject: "CCPA Request"

9. Children's Privacy COPPA

Our services are intended for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18.

If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us at privacy@sarahconsults.com and we will promptly delete that information.

This policy complies with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501–6506).

10. Cookies & Tracking Technologies

Our website uses minimal cookies and tracking technologies.

We do not use third-party advertising cookies or tracking pixels (no Facebook Pixel, Google Ads remarketing, etc.).

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that disabling essential cookies may affect website functionality.

Do Not Track (DNT): We honor browser DNT signals where technically feasible. When we detect a DNT signal, we disable all optional analytics for that session.

11. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2+ (HTTPS)
• Encryption at rest: Sensitive data stored on our servers is encrypted at the database level
• Access controls: Only authorized personnel have access to personal data, on a need-to-know basis
• Security monitoring: Our servers are monitored 24/7 for unauthorized access attempts
• Regular updates: Security patches are applied promptly to all systems

In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you and applicable regulatory authorities within 72 hours of becoming aware (as required by GDPR Article 33), and within the timeframes required by applicable US state laws.

12. International Data Transfers GDPR

Hill Trade LLC is based in the United States. If you access our services from the EU, EEA, UK, or other jurisdictions with data protection laws, please be aware that your information may be transferred to and processed in the United States.

For transfers of personal data from the EEA or UK to the United States, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission (where applicable with our service providers)
• Adequacy decisions by the European Commission where available
• Your explicit consent where required

Our primary sub-processors (Anthropic, Google, Stripe, IONOS) maintain their own GDPR-compliant data transfer mechanisms. We have Data Processing Agreements in place with all sub-processors that handle EEA data.

13. Mobile App Permissions

The Sarah.AI mobile application (Android and iOS) requests the following device permissions. All permissions are optional unless noted, and you can revoke them in your device settings at any time.

The app does not use camera or microphone permissions in the current version (1.0.0). These are declared for future use only and will not be activated without explicit in-app notice and consent.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Post a notice on our website or in the mobile app
• For significant changes, send an email notification to users who have provided their email address

Your continued use of our services after the effective date of the revised policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

15. Contact Us & Privacy Complaints

For any privacy questions, requests, or complaints, please contact us:

EU/UK Representative

Hill Trade LLC does not currently maintain a formal EU/UK representative office. For EU or UK data subject requests, please contact us directly at privacy@sarahconsults.com. If your concern is not resolved, you have the right to lodge a complaint with your national data protection authority.

California Privacy Requests

California residents may submit requests under CCPA/CPRA to privacy@sarahconsults.com with subject: "CCPA Privacy Request". We will verify your identity before processing. You may also designate an authorized agent.