Data we collect
We collect the strict minimum needed for Sablio to work: your email address, your name, the time blocks you enter yourself, the projects and clients you create, your billing settings. If you pay, we also keep transaction metadata (amount, date) — never your full card number, which stays with our payment processor (Stripe).
What we don't collect
We don't take screenshots. We don't count your keystrokes. We don't track sites you visit or apps you open. We don't record your GPS location. We don't use third-party telemetry scripts (no Google Analytics, no Meta Pixel, no Hotjar, no Mixpanel).
The workshop journal stays on your machine
The workshop journal — the small memory that notes active windows and open files to remind you of forgotten grains — is stored only locally, on your machine. It is never transmitted to Sablio's servers. Automatic 14-day purge (configurable). One click in preferences turns it off. No screenshots, no geolocation, no score. Every reminder waits for your manual approval before it becomes a grain.
Why we collect this data
For the product to work, period. Your email identifies you and lets us write when something important happens (rare). Your time blocks are Sablio's reason for being. Billing data lets us issue you a receipt. None of this data is used to build an advertising profile or to train an AI model.
Hosted in Québec
Our servers are in Montréal (primary) and Toronto (backup), with Canadian hosts. Your data doesn't leave Canada, ever. We're compliant with Loi 25 (Québec) and GDPR (Europe). A DPA (data processing agreement) can be signed on request for Team and Atelier plans.
Cookies
We use strictly necessary cookies: one to keep you signed in, one to remember your language preference. No advertising cookies, no cross-site tracking cookies, no third-party partners. No annoying consent banner, because there's nothing to consent to beyond basic function.
Your rights
At any time, you can: view all the data we have on you (via export), correct it (directly in the app), export it (CSV, JSON, PDF, one click), or delete it (full deletion within 30 days, logs included, email confirmation). No fees, no friction.
Retention
As long as your account is active, we keep your data. If you delete your account, everything is erased within 30 days — including backups. Billing data (receipts) may be kept up to 6 years to comply with Canadian tax obligations.
Sub-processors
We use a minimal number of sub-processors, all under contract with confidentiality clauses: Stripe (payment, US), Postmark (transactional email, US), our Canadian host. The complete up-to-date list is available on request at privacy@sablio.app.
Changes to this policy
If we change something important, we write to you. Not a discreet notice at the bottom of a page — a clear email with a summary of changes and their effective date. Past versions stay available, timestamped.
Contact — data protection
For any question about your data or to exercise your rights, write to privacy@sablio.app. Our data protection officer (DPO) will reply within 30 days, as the law requires. You may also, in case of disagreement, file a complaint with Québec's Commission d'accès à l'information.