Privacy Policy

1. Data Controller

SaSame SRL ("the Company") is committed to protecting your personal information. This policy explains how we collect, use, and protect personal information.

• Legal Name: SaSame SRL
• Address: Romania, EU
• Contact: consulting@srl-sasame.com

2. Information We Collect

We may collect the following information:

• Your name, email address, company name (via contact form)
• IP address, browser information (automatically collected during website access)
• Consultation content and related business information (to the extent necessary for consulting services)

3. Purpose of Use

Collected information is used for the following purposes:

• Responding to inquiries
• Providing consulting services
• Improving service quality
• Fulfilling legal obligations

4. Legal Basis (GDPR Article 6)

The legal basis for our personal information processing is as follows:

• Consent: When submitting the contact form
• Contract Performance: Service provision based on consulting contracts
• Legitimate Interest: Service quality improvement, website operation
• Legal Obligation: Tax and accounting requirements

5. Data Retention Period

Inquiry information is retained for up to 2 years after response completion. Information related to consulting contracts is retained for 5 years after contract termination (based on legal obligations). After these periods, personal information is securely deleted.

6. Your Rights

Based on GDPR/Personal Information Protection Law, you have the following rights:

• Right of Access: Request disclosure of held personal information
• Right of Rectification: Request correction of inaccurate information
• Right of Erasure: Request deletion of personal information
• Right of Restriction: Request processing restrictions
• Data Portability: Request data transfer
• Right to Object: Object to processing

To exercise these rights, please contact consulting@srl-sasame.com.

7. Cookies

Our website may use minimal cookies to improve functionality. We do not use cookies for analytics purposes.

8. International Data Transfer

The Company has offices in EU, Japan, and US. Your information may be transferred between these offices with appropriate protective measures. For transfers outside the EU, we use Standard Contractual Clauses (SCC) or other appropriate legal frameworks.

9. Security

The Company implements appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, and destruction.

10. MCP Connector & Public Tools

SaSame operates a public Model Context Protocol (MCP) server (the "SaSame MCP Observatory") that AI assistants and agents may connect to. Data handling for that connector:

• The connector receives only the arguments you pass to a tool (for example, a server URL to audit or a research query). It does not request your conversation history.
• Readiness tools (audit_mcp, verify_mcp_ready) fetch the third-party URL you supply; that URL is logged for abuse-prevention only and is never sold or shared.
• No personal data is required to use the no-key tools. The engage_sasame tool stores only the contact details you explicitly submit, solely to reply to you.
• Connector request data is processed on SaSame infrastructure in the EU. Delisting or deletion: consulting@srl-sasame.com.

A readiness certificate is a measured fact — not a security audit, endorsement, or a claim that a server is "safe." Grades are SaSame's own heuristic, not an MCP-project standard.

11. Contact

For questions about this policy or data protection inquiries, please contact:

SaSame SRL Email: consulting@srl-sasame.com Web: https://srl-sasame.com/contact