Privacy policy
Last updated: September 11, 2025
Suparse Privacy Policy
1. Introduction
Welcome to Suparse. Your privacy is critically important to us.
This Privacy Policy explains how Suparse ("Suparse", "we", "our", or "us") collects, uses, and discloses your Personal Data when you use our website, products, and services (collectively, the "Service"). It also describes your rights in relation to your Personal Data.
This policy applies to the Personal Data we process as a Data Controller, which is primarily the data we collect about you when you sign up for and use our Service. For information on how we process the content of the documents you upload on behalf of your business, please see our Data Processing Agreement (DPA).
By using our Service, you agree to the collection and use of information in accordance with this policy.
2. Who We Are (Data Controller)
The Data Controller of your Personal Data is: Suparse Email: support@suparse.com
3. What Personal Data We Collect
We collect and process different types of information to provide and improve our Service to you.
- Account & Contact Data: When you create an account, we collect your email address and password. You may also provide your full name and company name.
- Payment Data: When you subscribe to a paid plan, our payment processor, Paddle, collects your billing information, including your name, address, and payment card details. We do not store your full credit card number.
- Technical & Usage Data: We automatically collect information about how you interact with our Service. This includes your IP address, browser type and version, device information, pages visited, time spent on pages, and other diagnostic data.
- User Authentication Data: If you choose to register or log in using a third-party service (like Google or GitHub), our authentication provider, Supabase, will receive basic profile information from that service, such as your name and email address, to create your account.
- Communications Data: If you contact us for support or provide feedback, we will collect your name, email address, and the contents of your communications with us.
4. How We Use Your Personal Data & Our Legal Basis
We only use your Personal Data when the law allows us to. We have set out below the purposes for which we use your Personal Data and the legal bases we rely on to do so.
| Purpose/Activity | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To provide and manage your account and the Service | Account, Authentication, Technical Data | Performance of a contract with you. |
| To process your subscription payments | Account, Payment Data | Performance of a contract with you. |
| To communicate with you (e.g., service updates, support) | Account, Communications Data | Performance of a contract and our legitimate interests (to keep you informed and manage our relationship). |
| To improve and secure our Service | Technical, Usage Data | Our legitimate interests (to ensure our Service is secure, to study how it is used, and to develop new features). |
| To send you marketing communications | Account, Contact Data | Your consent (which you can withdraw at any time) or our legitimate interests (for existing customers, in compliance with applicable law). |
| To comply with legal obligations | Account, Payment Data | To comply with a legal obligation (e.g., tax and accounting laws). |
5. Who We Share Your Personal Data With (Our Sub-processors)
We do not sell your Personal Data. We share it only with trusted third-party service providers (our "sub-processors") who help us operate our Service. We have contracts in place with these providers to ensure they protect your data.
Our key sub-processors include:
| Sub-Processor | Service Provided (Purpose) | Country |
|---|---|---|
| Google Cloud Platform | Core infrastructure hosting, secure file storage, and AI/OCR document processing. | USA |
| Supabase, Inc. | Database hosting for user accounts and extracted data. User authentication and identity management. | USA |
| Paddle.com Market Ltd. | Payment processing, subscription management, invoicing, and tax handling (Merchant of Record). | UK / Ireland |
We may also disclose your Personal Data if required by law or in response to valid requests by public authorities.
6. Data Retention
We retain your Personal Data only for as long as necessary to fulfill the purposes for which we collected it.
- User-Uploaded Documents: As stated in our Terms of Service, all documents you upload and the data extracted from them are automatically and permanently deleted 30 days after they are uploaded, unless you delete them sooner. This is a core part of our commitment to your privacy.
- Account Data: We retain your account information for as long as your account is active. After you close your account, we may retain some information for a period required by law (e.g., for tax and accounting purposes) or for our legitimate interests, such as fraud prevention.
7. International Data Transfers
Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. Our sub-processors are located in the USA, UK, and Ireland.
We ensure that any transfer of your Personal Data outside of the European Economic Area (EEA) is protected by appropriate safeguards, primarily through the use of Standard Contractual Clauses (SCCs) as approved by the European Commission.
8. Your Data Protection Rights
Under GDPR and other data protection laws, you have specific rights regarding your Personal Data. You have the right to:
- Access: Request a copy of the Personal Data we hold about you.
- Rectification: Request that we correct any inaccurate or incomplete Personal Data.
- Erasure ("Right to be Forgotten"): Request that we delete your Personal Data, under certain conditions.
- Restrict Processing: Request that we limit the processing of your Personal Data, under certain conditions.
- Data Portability: Request that we transfer the data we have collected to another organization, or directly to you, in a structured, machine-readable format.
- Object to Processing: Object to our processing of your Personal Data where we are relying on a legitimate interest.
- Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your Personal Data.
To exercise any of these rights, please contact us at [Your Privacy/Support Email]. We will respond to your request within one month.
9. Data Security
We take the security of your data very seriously. We use appropriate technical and organizational measures to protect your Personal Data from unauthorized access, use, or disclosure. These measures include encryption of data in transit (TLS) and at rest (AES-256), access controls, and secure infrastructure management.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track activity on our Service and hold certain information. For detailed information on the cookies we use and your choices regarding cookies, please see our Cookie Policy.
11. Do Not Track Signals
Some web browsers may transmit "Do Not Track" (DNT) signals to websites with which the browser communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. Like many other websites and online services, Suparse does not currently alter its practices or respond to DNT signals.
12. Children's Privacy
Our Service is not intended for use by anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to remove that information from our servers.
13. Links to Other Websites
Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
14. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. If the changes are material, we will provide you with at least 30 days' notice, for example, via email or a prominent notice on our Service. You are advised to review this Privacy Policy periodically for any changes.
15. Right to Lodge a Complaint
If you have a concern about our privacy practices, we hope you will contact us first to let us know. However, you have the right to lodge a complaint with your local data protection authority. The competent authority in Poland is the President of the Personal Data Protection Office (UODO).
16. Contact Us
If you have any questions about this Privacy Policy, please contact us: support@suparse.com