Legal

Privacy Policy

Last updated: November 2025

Note: We are currently in the process of founding the company. The details below will be updated once the company is officially registered.

1. Introduction

We take the protection of your personal data very seriously. This privacy policy informs you about how we collect, process, and use your personal data when you use our website and services.

This privacy policy is compliant with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Controller and Data Protection Officer

The controller responsible for data processing on this website is:

SUPA

*****************

****** Leipzig, Germany

Email: hello@supa.works

3. Data We Collect

3.1 Automatically Collected Data

When you visit our website, certain data is automatically collected by our servers:

  • IP address (anonymized)
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited

This data is collected based on our legitimate interest (Art. 6(1)(f) GDPR) in ensuring the security and functionality of our website.

3.2 Data You Provide

When you register for our services, we collect:

  • Email address
  • Name (optional)
  • Company name (optional)
  • Billing information (for paid plans)

This data is processed based on the performance of a contract (Art. 6(1)(b) GDPR) or your consent (Art. 6(1)(a) GDPR).

4. Purpose of Data Processing

We process your personal data for the following purposes:

  • Providing and maintaining our services
  • Processing transactions and sending related information
  • Responding to your inquiries and support requests
  • Sending service-related notifications
  • Improving our website and services
  • Complying with legal obligations

5. Data Storage and Security

Location: All data is stored exclusively on servers located in Germany. We do not transfer your data to countries outside the European Economic Area (EEA).

Security: We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, and regular security audits.

Retention: We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Account data is deleted upon request or after account termination, subject to legal retention requirements.

6. AI API Data Processing

When you use our AI API services, we want to be transparent about how your data is handled:

  • No Training: We do not use your API inputs or outputs to train AI models.
  • No Logging of Content: We do not log the content of your API requests or responses beyond what is necessary for billing and debugging.
  • German Infrastructure: All AI processing occurs on German servers, ensuring GDPR compliance and data sovereignty.
  • Temporary Processing: API data is processed in memory and not persistently stored after the request is completed.

7. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR): You can request information about your personal data we process.
  • Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate personal data.
  • Right to Erasure (Art. 17 GDPR): You can request deletion of your personal data.
  • Right to Restriction (Art. 18 GDPR): You can request restriction of processing.
  • Right to Data Portability (Art. 20 GDPR): You can request your data in a structured, machine-readable format.
  • Right to Object (Art. 21 GDPR): You can object to processing based on legitimate interests.
  • Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw your consent at any time.

To exercise these rights, please contact us at hello@supa.works.

8. Cookies

Our website uses only essential cookies that are necessary for the functioning of the website. These cookies do not require your consent as they are strictly necessary.

We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Third-Party Services

We may use the following third-party services that process personal data:

  • Payment Processing: For billing purposes, we use payment processors that are GDPR-compliant and process data within the EU.
  • Email Services: We use EU-based email service providers for transactional emails.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

The competent supervisory authority for us is:

Sächsischer Datenschutzbeauftragter

Devrientstraße 5

01067 Dresden, Germany

11. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last updated" date. We encourage you to review this privacy policy periodically.

12. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at:

Email: hello@supa.works

SUPA

***********

***** Leipzig, Germany