Privacy Policy

Privacy Policy — Sayla

Effective 18 June 2026 · Last updated 18 June 2026

Sayla is made by Kefafi (“we”, “us”). This policy explains what Sayla does and does not do with your information. It covers the Sayla mobile and desktop app and the Sayla browser extension.

The short version: Sayla has no servers, and we cannot see your data. Your files, links, and notes move between your own devices through your own Google Drive. We are not in the middle.

How Sayla works

Sayla sends files, links, and notes between your own devices. It does this by storing them in your own Google Drive and letting your other devices read them back. There is no Kefafi account, no Kefafi server, and no Kefafi database. We never operate a relay that your data passes through.

To do this, Sayla asks Google for permission to use the drive.file scope. This is the narrowest Drive permission Google offers. It lets Sayla see and manage only the files Sayla itself creates in your Drive. Sayla cannot see, read, or touch any other file in your Google Drive — not your documents, not your photos, nothing it did not create.

What we collect

We collect nothing on our servers, because we have no servers.

We do not have a copy of your data. We cannot read your Drive. We do not log your activity, we do not profile you, and we do not build a record of who you are or what you send.

The information Sayla handles falls into three buckets, none of which reach us:

1. Your content — stored in your Google Drive, not with us

The files, links, and notes you send, plus small pieces of metadata Sayla needs to organize them (such as which device sent an item and when), are written into a folder that Sayla creates inside your Google Drive. They live in your Google account, under your control, governed by Google’s Privacy Policy. We never receive a copy.

2. On-device settings — stored locally on your device

Sayla keeps some information on the device itself so the app works:

• the name you give a device (e.g. “Laptop”, “Phone”),
• your preferences (theme, auto-delete timing, and similar settings),
• a queue of items waiting to send, and
• the Google sign-in token that authorizes Sayla to use your Drive.

This stays on your device. It is removed when you sign out or uninstall Sayla. We never receive it.

3. Diagnostics — only if you choose to contact support (see below)

Signing in with Google

Sayla uses Google Sign-In so it can access your own Drive on your behalf. The sign-in happens directly between your device and Google. Kefafi never sees your Google password, and never receives your Google credentials. The resulting authorization token is stored on your device and used only to read and write the files Sayla created in your Drive.

You can revoke Sayla’s access to your Google account at any time at myaccount.google.com/permissions.

What we do not do

• No advertising. Sayla contains no ads and no ad networks.
• No analytics or tracking. Sayla contains no analytics SDKs, no telemetry, and no third-party trackers. Nothing in Sayla “phones home” to us in the background.
• No selling or sharing of data. We have no data to sell or share, and we would not if we did.
• No reading your content. The drive.file scope makes it technically impossible for us to see files in your Drive that Sayla did not create.

Contacting support

The only time data may leave your device for us.

If you use the in-app Contact support option, Sayla prepares an email for you and attaches a small diagnostics summary to help us help you. Three things matter here:

• It is metadata only. The summary contains counts, sizes, timestamps, software versions, your device model, your language, and short error codes. It never contains your note text, your file names, your file contents, your Drive file identifiers, your email or account address, your sign-in token, or your location.
• You see it before it is sent. The diagnostics are shown to you in full, and you can edit or delete any part of them before sending.
• You send it, through your own email app. Sayla opens a pre-filled message in your email client addressed to support@kefafi.dev. Nothing is transmitted to us silently or automatically — you press send.

If and when you email us, we receive the contents of that email (your message and whatever diagnostics you chose to keep) and use it only to answer your request.

Where your data lives, and how to delete it

Your content lives in your own Google Drive. You control it:

• Delete individual items from within Sayla, or set an auto-delete timer in Settings so items remove themselves after a chosen period.
• Delete everything by removing the folder Sayla created, directly in Google Drive.
• Cut off access entirely by revoking Sayla at myaccount.google.com/permissions.
• Remove local data by signing out of Sayla or uninstalling it.

Because we hold nothing, there is no “delete my account” request to send us — deletion is entirely in your hands.

Third parties

Sayla relies on exactly one third party: Google, for Drive storage and for sign-in. Your use of Google services is governed by Google’s Privacy Policy. Sayla integrates no other third-party services — no analytics provider, no advertising network, no support or chat SDK, no crash reporter.

Children

Sayla is a general-purpose utility and is not directed at children. We do not knowingly collect information from children, and in any case we collect no personal information on our own systems.

Changes to this policy

If we change this policy, we will update the date at the top and post the new version at the same address. Because Sayla’s design — no backend, drive.file only — is the core of the product, we do not expect changes that would weaken the protections described here.

Contact

Questions about this policy or about Sayla’s privacy:

Kefafi — support@kefafi.dev