Privacy Policy
This Privacy Policy explains how Okeke LLC, doing business as Sapphires ("we," "us," or "our"), collects, uses, and protects information about users of the Sapphires platform (the "Service").
1. Information We Collect
When you use the Service, we collect:
- Account information — full name, email address, mobile phone number, password (stored as a bcrypt hash), profile photo (optional).
- Business information — the businesses you create or are invited to, their members, addresses, and configuration.
- Operational data you enter — contacts, organizations, contracts, signed documents, inventory items, sales orders, payments, and any other records you put into the Service.
- Communications — emails and SMS messages we send to you (verification codes, password resets, transactional notifications), and any messages you choose to send through the platform.
- Usage data — IP addresses, browser and device fingerprints (used for 30-day trusted-device cookies), login timestamps, and feature interactions. We do not use third-party trackers or advertising pixels.
2. SMS Messaging
We send SMS messages to your mobile number only for the following purposes:
- Two-factor authentication (2FA) codes during sign-in and trusted-device enrollment.
- Password reset codes when you request to reset your password.
- Security alerts for sensitive account actions you initiate (e.g. enabling 2FA, adding a new login method).
We do not send marketing or promotional SMS. Message frequency is typically 1–4 messages per user per year, because we remember trusted devices for 30 days after first verification. Standard message and data rates from your carrier may apply.
Opt out: reply STOP to any message to immediately
stop SMS delivery to your number. You can also remove your phone number from
the platform under Settings → Security. Reply HELP to receive
contact information for support.
3. Connected Accounts — Microsoft, Google, Facebook, LinkedIn, Stripe, QuickBooks
Sapphires lets you connect third-party accounts on a per-business basis. When you connect an account we request only the OAuth permissions strictly required for the feature you enabled.
Microsoft (Outlook / Graph) — Email + calendar:
Mail.ReadWrite— display your inbox in the app and let you reply.Mail.Send— send messages on your behalf when you use Compose.User.Read— identify which mailbox is connected.offline_access— refresh access tokens without re-prompting hourly.
Facebook (Meta) — Marketing posts to Pages:
public_profile,email— identify the connecting user.pages_show_list,pages_read_engagement— list the Pages you manage so you can choose where to post.pages_manage_posts— publish posts you compose in Sapphires to the Page(s) you choose.
What we do store:
- Encrypted access tokens and refresh tokens (AES-256-GCM, per-user, never shared across businesses).
- The connected account's identifier (email address, Page ID, etc.) so we can display "Connected as you@example.com".
What we do not store:
- The contents of your inbox or sent messages. Mail stays in your mailbox; we fetch on demand when you open the Inbox tab.
- Attachments — displayed only in the browser session; nothing cached server-side.
- Facebook posts you do not publish through Sapphires. We do not read your Page's existing content beyond the engagement permission's scope.
You can disconnect any integration at any time from the Connections page, which deletes our stored tokens. You can also revoke access from the provider's side (Microsoft, Facebook, etc.).
4. How We Use Information
- To operate, secure, and improve the Service.
- To authenticate you and protect your account from unauthorized access.
- To send transactional emails and SMS messages described above.
- To honor contractual obligations, billing, and tax reporting.
- To respond to your support requests.
5. How We Share Information
We do not sell, rent, or trade your information. We share data only with service providers necessary to operate the platform:
- Microsoft Azure — cloud hosting, database, communication services (email and SMS delivery). Data is stored in the United States.
- Stripe — payment processing if you enable billing features. Stripe's privacy policy governs any data it receives.
- Government / law enforcement — only when required by valid legal process.
6. Data Retention
We retain account and operational data for as long as your account is active. On request we will delete your data within 30 days, except where retention is required by law (e.g. tax records). Backups are purged on a rolling 90-day window.
7. Security
Passwords are stored as bcrypt hashes. Stored credentials and sensitive tokens are encrypted at rest with AES-256-GCM. All traffic between your browser and the Service is encrypted with TLS 1.2 or higher. We use Azure Managed Identity for service-to-service authentication and never store cloud credentials in code.
8. Your Rights
You can request to:
- Access a copy of your personal data.
- Correct inaccurate data through the Service or by emailing us.
- Delete your account and personal data (subject to legal retention).
- Export your business data in machine-readable form.
9. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect information from anyone under 16.
10. Changes
We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page reflects the most recent revision. Material changes will be announced inside the app.
11. Contact
Privacy questions, deletion requests, or any other inquiries:
- Company: Okeke LLC
- Email: privacy@okeke.us
- Phone: (940) 337-6016
- Postal: Okeke LLC, c/o Privacy Officer (mailing address available on request)