Skip to main content

Data Transfer, Processing, & Retention

Activation

Through Sapling's integrations and SDK, text contained in editable page elements is processed and sent to the Sapling backend server.

The SDK is programmatically attached to specific text fields on the developer's domains. In contrast, the extension is enabled on all websites. In the Site Controls section of the Sapling dashboard, the extension can be configured to run only on specific hostnames. As an example, here is the setting for enabling Sapling only on mail.acme.com:

HostnameEnabled?
*false
mail.acme.comtrue

Within the webpages of each hostname, Sapling activates on textarea (long, plain text field) elements and contenteditable (rich text field) elements. If desired, Sapling can also be enabled on input (short, plain text field) elements.

Data Transfer

Once text is sent from text fields our through Sapling's API, the text is sent to the Sapling backend server. The default backend endpoint is Sapling's servers at https://api.sapling.ai which are located on Amazon Web Services (AWS) in the us-west region.

For companies that cannot transfer their data outside of a particular region (for example some companies in the European Union) or companies in industries such as government or finance, Sapling also offers cloud-premises and on-premises deployments. AWS, Azure, and GCP are supported for cloud-premises deployments. On-premises deployments are supported as long as users can run Docker containers.

Data in transit is TLS 1.2 encrypted (HTTPS). Refer to Sapling's security page for more information.

Data sent from the end user to Sapling includes:

  • Text in textareas and contenteditables where Sapling is activated.
  • "Accept" and "ignore" events where Sapling's suggestions are accepted or ignored.
  • Credentials for authentication.

Data returned from Sapling's backend to the user includes:

  • Edits, completions, and suggested responses in JSON format.
  • Authentication tokens.

Contact us for a list of subprocessors.

Data Processing & Retention

Once sent to Sapling's backend, Sapling first discards information including numbers/numerical expressions (e.g., phone numbers), email addresses, and URLs.

The data is then processed within Sapling's virtual private cloud before suggested edits and completions are sent back to the requester.

Data at rest is AES-256 encrypted. Refer to Sapling's security page for more information.

Sapling also offers a no data retention option where data is never stored on disk. Otherwise, clients can also specify the period of time for which they would like data to be retained.