How we handle your data and customer info

You are trusting Sakura with your support inbox and your customer records. This article is a plain-language summary of how we treat that data — for the legal text, see /privacy.

What we store

• Email content (subject, body, attachments) of every message we ingest from your inbox.
• Order data fetched from Shopify on demand (order number, items, shipping address, status).
• Tickets, replies and AI drafts generated by the system.
• Operator account info (name, email, hashed password, role, audit trail).

What we do NOT store

• Your Shopify password or admin session.
• Your customer payment methods (we never see card numbers — refunds go through Shopify).
• Your raw IMAP/SMTP credentials in plaintext: passwords are encrypted at rest with AES-256.

Where the data lives

Production data is stored in Postgres and Redis instances hosted in Brazil and the US (depending on the region you are billed in). Backups are encrypted and retained for 30 days rolling. Attachments live on encrypted block storage in the same region as the database.

Who can access your data

• Only operators in your organization (admin, agent, approver roles) — multi-tenancy is enforced at the database query level, not at the app layer.
• Sakura employees access production only through audited, 2FA-required SSH and never read customer mailbox content unless you explicitly grant access for a support ticket.
• AI providers (Anthropic, Google, Groq) only see the message content needed to answer a single ticket, sent over TLS, and do not retain the data per their published policies.

How we keep accounts safe

• 2FA (TOTP) is mandatory for the superadmin role and recommended for every admin.
• Failed-login lockout after 8 attempts per IP per 15 minutes.
• All operator actions land in an immutable audit log you can export from Admin → Audit.
• IP-level abuse protection bans scanners and brute-force attempts automatically.

Data deletion / GDPR / LGPD

You can delete a single customer email from any ticket (it stays as a "redacted" placeholder for audit). To delete an entire account, request from your dashboard or email security@sakuracrm.cloud — we complete deletion within 30 days, including from backups.