Legal

Privacy Policy

Last updated: May 8, 2026

1. Introduction

Cian AI LTD ("Cian," "we," "us," or "our") operates `cian.cymru`, `app.cian.cymru`, `imcian.ai`, `auth.cian.cymru`, and related products, APIs, email services, and applications (collectively, the "Service").

Cian provides AI-powered inbox and email assistant services that help individuals and companies manage inbound communications, draft replies, manage customer relationships, maintain company knowledge files, and automate communication workflows.

This Privacy Policy explains how we collect, use, store, disclose, and safeguard your information when you use the Service.

By using the Service, you agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account using Google OAuth or Microsoft OAuth, we may collect:

  • Name
  • Email address
  • Profile image/avatar
  • OAuth provider account identifiers
  • Authentication metadata

We do not currently support anonymous accounts.

2.2 Company Information

When setting up a company workspace, we may collect:

  • Company name
  • Company slug
  • Business website
  • Business description
  • Linked approval email addresses
  • Billing and subscription details
  • Custom domain configuration (where applicable)

2.3 Knowledge Files

Cian allows users to create editable markdown-based knowledge files such as `company.md`, `sales.md`, `support.md`, `jobs.md`, `products.md`, and `pricing.md`.

Knowledge files are private by default.

Users may choose to make files:

  • Private
  • Public
  • Unlisted

Public files may become accessible to search engines, AI systems, and third-party indexing systems. Users are responsible for ensuring they do not publish confidential or sensitive information.

2.4 Email and Communication Data

When using Cian inbox functionality, we may collect and store:

  • Inbound emails
  • Outbound emails
  • Draft replies
  • Email metadata
  • Email thread history
  • Attachments (where enabled)
  • Contact details
  • CRM notes
  • Calendar-related communication
  • Approval workflow messages

This data is processed to provide inbox automation and AI drafting functionality.

2.5 CRM and Customer Data

Cian includes lightweight CRM functionality. We may store:

  • Customer names
  • Email addresses
  • Phone numbers
  • Company information
  • Notes
  • Conversation history
  • Meeting information
  • Internal reminders
  • Relationship history

Workspace owners may delete CRM records through the dashboard.

2.6 Payment Information

Payments are processed by Stripe. We do not store full payment card information.

We may store:

  • Stripe customer IDs
  • Subscription IDs
  • Billing status
  • Plan information
  • Invoice metadata

2.7 Usage and Technical Data

We automatically collect technical and usage information including:

  • IP address
  • Browser type
  • Device information
  • Operating system
  • Login activity
  • Pages visited
  • Usage metrics
  • API usage
  • Error logs
  • Performance metrics

3. How We Collect Information

We collect information:

  • Directly from you
  • Through OAuth providers
  • Through inbound email systems
  • Through APIs and integrations
  • Automatically through analytics and logs
  • Through webhook providers and infrastructure services

4. How We Use Information

We use information to:

  • Provide and operate the Service
  • Process inbound and outbound emails
  • Generate AI-assisted drafts
  • Maintain email threads and CRM history
  • Process payments and subscriptions
  • Authenticate users
  • Improve reliability and product performance
  • Prevent fraud and unauthorized access
  • Send transactional emails
  • Send product updates and marketing communications
  • Maintain security and infrastructure stability
  • Comply with legal obligations

5. AI Processing

5.1 AI Providers

Cian currently uses OpenAI models to power AI-assisted inbox functionality.

AI features may include:

  • Drafting replies
  • Summarizing conversations
  • Organizing CRM information
  • Suggesting calendar events
  • Classifying emails
  • Generating suggested actions

5.2 Data Sent to AI Providers

Depending on functionality used, the following data may be processed by AI systems:

  • Email content
  • Draft replies
  • CRM context
  • Company knowledge files
  • Customer notes
  • Conversation history
  • Calendar context
  • Attachments (where enabled)

5.3 AI Training Policy

Cian does not use customer data to train generalized AI models.

This includes:

  • Emails
  • Drafts
  • CRM data
  • Knowledge files
  • Attachments
  • Customer conversations

We select providers that offer commercially reasonable privacy and data handling protections. However, information processed by third-party AI providers remains subject to those providers' infrastructure and policies.

5.4 Autonomous Sending

Some plans may support autonomous AI actions, including fully automated email sending.

Customers are responsible for:

  • Configuring approval settings
  • Reviewing automation behaviour
  • Monitoring outbound communications
  • Ensuring lawful and appropriate usage

Cian provides controls intended to help customers manage automation risk but cannot guarantee that AI-generated content will always be accurate, complete, or appropriate.

6. Third-Party Services

We use third-party providers to operate the Service. These may include:

Service Purpose
Google OAuthAuthentication
Microsoft OAuthAuthentication
SupabaseDatabase and authentication infrastructure
StripeBilling and subscription management
PostmarkInbound email processing
ResendOutbound email delivery
OpenAIAI processing
NetlifyHosting and infrastructure

Each provider processes data according to its own privacy policy.

7. Public Knowledge Files

Users may choose to make certain files public.

Public files may:

  • Be indexed by search engines
  • Be accessible to AI systems and crawlers
  • Be publicly accessible through URLs
  • Be cached or archived by third parties

Cian is not responsible for republication or indexing of public content by third parties.

8. Data Sharing and Disclosure

We do not sell personal information.

We may share information:

  • With infrastructure and service providers
  • With workspace members authorized by the account owner
  • When required by law
  • To protect safety, rights, or security
  • During mergers, acquisitions, or business transfers
  • When users intentionally publish public content

9. Cookies and Tracking

We may use:

  • Authentication cookies
  • Session cookies
  • Security cookies
  • Local storage
  • Analytics tools

These technologies help:

  • Maintain login sessions
  • Improve performance
  • Measure product usage
  • Prevent abuse and unauthorized access

Users may disable certain cookies through browser settings.

10. Data Security

We implement commercially reasonable security measures intended to protect data.

These measures may include:

  • HTTPS/TLS encryption
  • Access controls
  • Role-based permissions
  • Secure authentication systems
  • Infrastructure monitoring
  • Database protections
  • Encrypted credentials and secrets

No system can guarantee absolute security.

Users are responsible for maintaining the security of their own devices, accounts, passwords, and connected email systems.

11. Data Retention

We retain data for as long as necessary to provide the Service and comply with legal obligations.

Deleted accounts and workspaces may enter a 30-day soft deletion period before permanent removal.

After permanent deletion, the following may be permanently deleted from active systems:

  • Emails
  • CRM records
  • Knowledge files
  • Drafts
  • Customer records
  • Internal notes

Certain records may be retained longer where legally required.

12. International Data Transfers

Cian operates globally.

Information may be processed in multiple countries, including countries outside your own jurisdiction.

By using the Service, you acknowledge that information may be transferred to countries with different data protection laws.

Where required, we rely on lawful transfer mechanisms such as contractual protections and provider safeguards.

13. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access personal information
  • Correct inaccurate information
  • Delete information
  • Export your information
  • Restrict processing
  • Object to certain processing
  • Withdraw consent

To exercise rights requests, contact euros@sai.co.uk.

We may request verification before processing requests.

14. Marketing Communications

We may send:

  • Product updates
  • Service announcements
  • Feature releases
  • Usage summaries
  • Marketing communications

Users may unsubscribe from marketing communications at any time.

Transactional and security-related communications may still be sent where necessary.

15. Children's Privacy

The Service is not intended for individuals under the age of 16.

We do not knowingly collect personal information from children under 16.

If we become aware that we have collected such information, we will take reasonable steps to delete it.

16. Customer Responsibilities

Users are responsible for:

  • Ensuring they have rights to process uploaded or connected data
  • Maintaining lawful use of email automation
  • Reviewing automation settings
  • Avoiding unlawful spam or misuse
  • Protecting sensitive information
  • Managing public visibility of knowledge files

Users should avoid uploading highly sensitive information unless necessary.

17. Changes to This Policy

We may update this Privacy Policy from time to time.

When material changes occur, we may:

  • Update the "Last updated" date
  • Notify users through the dashboard
  • Send email notifications

Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

18. Contact

For privacy-related questions or requests, contact:

Cian AI LTD
Email: euros@sai.co.uk