Legal · Estonia (EU GDPR)
Effective date: 2026-03-04
Suprast | Supra Software Technologies ('we', 'us', or 'our') respects your privacy and is committed to protecting your personal data. This comprehensive Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our software-as-a-service platform, or interact with us. As an entity registered in the Republic of Estonia, our data processing practices comply strictly with the European Union's General Data Protection Regulation (GDPR) and applicable Estonian data protection laws.
The Data Controller responsible for your personal data is Suprast | Supra Software Technologies, a private limited company registered in Tallinn, Estonia. For any privacy-related inquiries, data subject requests, or concerns, you can reach our Data Protection Officer at info@suprast.com.
We collect various types of information to provide and improve our services. This includes: (a) Identity Data: First name, last name, username, or similar identifiers. (b) Contact Data: Email address, billing address, and phone number. (c) Financial Data: Payment card details and billing history (processed securely via third-party gateways; we do not store full credit card numbers). (d) Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, operating system, and device information. (e) Usage Data: Information about how you use our website, products, and services. (f) Marketing and Communications Data: Your preferences in receiving marketing from us and your communication history.
We use different methods to collect data from and about you, including: (a) Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by email. (b) Automated Technologies: As you interact with our website, we automatically collect Technical Data about your equipment and browsing actions using cookies, server logs, and similar technologies. (c) Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties, such as analytics providers (e.g., Google Analytics) and payment facilitators (e.g., Stripe).
We will only use your personal data when the law allows us to. Most commonly, we use your data under the following circumstances: (a) Contractual Necessity: Where we need to perform the contract we are about to enter into or have entered into with you. (b) Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. (c) Legal Obligation: Where we need to comply with a legal or regulatory obligation under Estonian or EU law. (d) Consent: Where you have provided specific, informed, and unambiguous consent.
We may share your personal data with carefully selected third parties for the purposes set out in Section 4. These include IT and system administration providers (e.g., Cloudflare for web security, Resend for email routing), payment processing providers, and professional advisers (lawyers, bankers, auditors) based in the EU. We require all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.
Whenever we transfer your personal data out of the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or we use specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data the same protection it has in Europe.
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. By law, we must keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for seven years for tax and accounting purposes under Estonian Commercial Code.
We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
Under the GDPR, you have the right to: Request access to your personal data, request correction of the personal data that we hold about you, request erasure of your personal data ('Right to be Forgotten'), object to processing of your personal data, request restriction of processing your personal data, and request the transfer of your personal data to you or to a third party. To exercise any of these rights, contact us at info@suprast.com. We try to respond to all legitimate requests within one month.
You have the right to make a complaint at any time to the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), the Estonian supervisory authority for data protection issues (www.aki.ee). We would, however, appreciate the chance to deal with your concerns before you approach the AKI, so please contact us in the first instance.