This privacy notice explains how Suped Pty Ltd ("Suped," "we," "us," or "our") collects, uses, stores, and shares personal information when you visit https://www.suped.com, use Suped, contact us, or otherwise interact with our services.
Suped is an email security and deliverability platform. Because the service works with domains, email authentication records, DMARC reports, and email testing data, we may process technical data that can contain personal information.
We may collect personal information that you voluntarily provide to us, including your name, email address, password, business contact details, support messages, sales inquiries, form submissions, account preferences, and any information you choose to include when contacting us.
If you sign in with Google or single sign on, we may receive authentication information needed to create or access your account. If your organization configures single sign on, we may process identity provider metadata, domains, and related configuration.
We collect and process data needed to provide Suped, including organization names, users, roles, invitations, domains, DNS records, hosted DMARC, SPF, and MTA-STS settings, notification settings, public API tokens, client and prospecting report settings, and uploaded files such as organization or report logos.
DMARC monitoring data can include aggregate report files, reporting organization names, source IP addresses, reverse DNS data, CNAME data, country data, authentication results, sending source classifications, issue data, and related email authentication diagnostics. Incoming DMARC report emails may also include sender, return path, HELO domain, source IP, and authentication metadata.
Email testing data may include the email you send to Suped for testing, including headers and body content, visible from address, return path, HELO domain, sending IP, TLS information, SPF, DKIM, DMARC, DNS, blocklist, rDNS, source, and country diagnostics.
We may process subscription, plan, usage, invoice, and customer identifiers needed for billing. Payment card details are processed by our payment processor and are not stored by Suped.
We may automatically collect IP address, device and browser details, operating system, approximate location, referring pages, pages viewed, feature usage, timestamps, logs, error information, and similar technical data. We also use cookies and similar technologies for authentication, security, analytics, product improvement, and remembering preferences.
We do not intentionally ask you to provide sensitive information. Because free text, email samples, support messages, and uploaded content are controlled by you, you should avoid sending sensitive information unless it is necessary for the service or support request.
We use personal information to provide, secure, maintain, and improve Suped, including to create accounts, authenticate users, process DMARC reports, run email and domain checks, generate reports, manage hosted records, send service notifications, provide support, bill customers, prevent abuse, debug errors, analyze product usage, and comply with legal obligations.
We may use contact details to send transactional messages, product updates, onboarding messages, security notices, and marketing communications where permitted by law. You can opt out of marketing communications, but we may still send service and account messages.
Where a legal basis is required, we rely on one or more of the following bases: performing our contract with you or your organization, our legitimate interests in operating and improving Suped, compliance with legal obligations, protecting rights and security, and your consent where required.
When we rely on consent, you may withdraw consent at any time, subject to any processing that is still required for legal, security, or service reasons.
For account, billing, website, marketing, analytics, and support information, Suped generally acts as the controller or business that decides how the information is used.
For data that a customer submits to Suped for monitoring, hosted services, email testing, reporting, or similar product workflows, Suped generally acts as a processor or service provider on behalf of that customer. The customer is responsible for ensuring it has the right to submit that data to Suped.
We use cookies and similar technologies to keep you signed in, secure the service, remember settings, measure traffic, understand feature usage, and improve Suped. We may use analytics and product analytics tools that collect page views, clicks, device information, user and organization identifiers, and similar usage events.
We may use session recording in the app to understand product issues and improve user experience. Password fields are masked. You can control some cookies through your browser settings, but disabling required cookies may prevent the service from working.
Suped may use AI tools to support product features, generate product text, summarize or transform content you provide, assist with diagnostics, improve internal workflows, or support customer service. When AI tools are used, prompts and outputs may be processed by AI providers or model infrastructure providers as needed to deliver the feature. We do not use customer data to train AI models.
We share personal information only where needed to operate Suped, comply with law, protect rights and security, or complete a business transaction such as a merger, acquisition, financing, or sale of assets.
We use service providers and subprocessors for hosting, database storage, infrastructure, authentication, payments, analytics, logging, communications, support, email delivery, AI processing, and related business operations. Our current subprocessor list is available on request by emailing contact@suped.com.
We do not knowingly sell personal information. If applicable law treats certain analytics, advertising, or measurement activities as a sale or sharing of personal information, you may contact us to exercise any available opt out rights.
Suped is based in Australia, but we may process and store information in other countries where we, our service providers, or our subprocessors operate. Those countries may have privacy laws different from the laws in your location.
Where required, we use contractual, technical, and organizational safeguards for international transfers.
We keep personal information for as long as needed to provide the service, comply with legal and accounting obligations, resolve disputes, enforce agreements, maintain security, and meet the purposes described in this notice.
Retention depends on the type of data and your plan or settings. For example, account and organization data is generally kept while the account is active, billing records may be kept as required by law, product data may be kept according to plan limits or customer instructions, and logs or backups may remain for a limited period before deletion or overwrite.
We use technical and organizational measures designed to protect personal information, including access controls, authentication, logging, encryption in transit, and operational security practices. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
Suped is not directed to children under 18. We do not knowingly collect personal information from children under 18.
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal information. You may also have the right to withdraw consent or lodge a complaint with a privacy regulator.
If you are an end user of one of our customers, we may need to refer your request to that customer when Suped processes your data on their behalf.
If the Australian Privacy Act 1988 (Cth) applies, this notice is intended to describe how we manage personal information under the Australian Privacy Principles. You may contact us with privacy questions or complaints. If you are not satisfied with our response, you may be able to complain to the Office of the Australian Information Commissioner.
If EU or UK privacy laws apply, you may have rights under the GDPR or UK GDPR, including rights to access, correction, deletion, restriction, objection, portability, and complaint to your supervisory authority.
If California privacy laws apply, you may have rights to know, access, correct, delete, limit certain uses of sensitive personal information, opt out of sale or sharing, and not be discriminated against for exercising privacy rights.
Some browsers offer Do Not Track signals. There is no common standard for how online services should respond to these signals, so we do not currently respond to them.
We may update this notice from time to time. The updated version will be effective when posted, unless a later date is stated.
To ask questions, request our subprocessor list, exercise privacy rights, or make a privacy complaint, email us at contact@suped.com.
Suped Pty Ltd
88 Christie St, St Leonards NSW 2065, Australia
www.suped.com
contact@suped.com
