Legal
Privacy Policy
We believe privacy is a right, not a feature. Here's exactly what we collect, why, and how we protect it.
Last updated: April 1, 2026
Summary: Supplo collects only the data necessary to operate the service. We do not sell your data. We do not use your conversations to train AI models. You can request deletion of your data at any time.
1. Who We Are
Supplo, Inc. ("Supplo," "we," "our," or "us") operates the customer support platform available at supplo.io. We are the data controller for information collected through our website and platform. Our contact details are: Supplo, Inc., support@supplo.io.
2. What Information We Collect
We collect information in three ways: information you provide directly, information collected automatically, and information from third parties.
Information you provide directly:
- Account information: When you sign up for Supplo, we collect your name, email address, and a hashed password. Optionally, you may provide your company name and profile photo.
- Billing information: If you subscribe to a paid plan, we collect billing name, billing address, and payment method details. Payment card data is handled by our payment processor (Stripe) and is never stored on our servers.
- Support conversations: Messages sent and received through the Supplo widget, including any attachments or metadata you or your customers choose to include.
- Communications with us: If you contact our support team, we retain records of that correspondence.
Information collected automatically:
- Usage data: Pages visited within the dashboard, features used, session duration, and click events.
- Log data: IP addresses, browser type, operating system, referring URLs, and timestamps when you access our platform.
- Cookies and similar technologies: See our Cookie Policy for full details.
- Widget visitor data: When your end-users interact with the Supplo widget on your website, we collect the conversation content, visitor IP address, browser type, and any custom attributes you configure.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: To create and manage your account, process transactions, deliver the platform features you've subscribed to, and route support conversations.
- Communication: To send you product updates, invoices, security alerts, and respond to your support inquiries. You may opt out of marketing communications at any time.
- Improvement and analytics: To understand how users interact with Supplo so we can improve features, fix bugs, and build a better product. We use aggregated, anonymised data for this purpose.
- Security and fraud prevention: To detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities.
- Legal compliance: To comply with applicable laws, regulations, and legal processes.
We do not use conversation content to train machine learning models. We do not sell your personal data to any third party.
4. How We Share Your Information
We share personal data only in the following limited circumstances:
- Service providers: We engage trusted third-party vendors who process data on our behalf under strict data processing agreements. These include cloud infrastructure providers, payment processors, and transactional email services. See our Data Processing Agreement for our sub-processor list.
- Legal requirements: We may disclose information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.
- Business transfers: If Supplo is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will notify you before your personal data becomes subject to a different privacy policy.
- With your consent: We may share information in other ways with your explicit consent.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with the service. Specifically:
- Account data is retained for the duration of your subscription and for up to 90 days after account closure to allow for reactivation.
- Conversation data is retained according to your plan settings. You may configure automated deletion schedules in your dashboard.
- Billing records are retained for seven years in accordance with financial regulations.
- Log data is retained for up to 90 days for security and debugging purposes.
You may request earlier deletion of your data at any time by contacting us at support@supplo.io.
6. Cookies
Supplo uses cookies and similar tracking technologies to operate the platform and improve your experience. Please review our Cookie Policy for a full breakdown of which cookies we use and how to manage your preferences.
7. Security
We implement industry-standard security measures to protect your personal data, including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security reviews. For more detail, see our Security page.
No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security. We encourage you to use a strong, unique password for your Supplo account and to enable two-factor authentication where available.
8. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and applicable local law:
- Right of access: You can request a copy of the personal data we hold about you.
- Right to rectification: You can ask us to correct inaccurate or incomplete personal data.
- Right to erasure: You can request that we delete your personal data ("right to be forgotten"), subject to certain conditions.
- Right to restriction: You can ask us to restrict the processing of your personal data in certain circumstances.
- Right to data portability: You can request your data in a structured, machine-readable format.
- Right to object: You can object to the processing of your personal data where we rely on legitimate interests as the legal basis.
- Rights related to automated decision-making: Supplo does not make legally significant decisions about you solely through automated means.
To exercise any of these rights, contact us at support@supplo.io with the subject line "Data Rights Request." We will respond within 30 days. For more information, visit our GDPR Compliance page.
You also have the right to lodge a complaint with your local data protection authority.
9. Your Rights Under CCPA
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights, including the right to know what personal information we collect, the right to delete personal information, the right to opt out of the sale of personal information (note: Supplo does not sell personal information), and the right to non-discrimination for exercising your privacy rights. To make a request under the CCPA, contact us at support@supplo.io.
10. International Data Transfers
Supplo is based in the United States. If you access our services from the EEA, UK, or other regions with data protection laws, please be aware that your information may be transferred to and processed in countries that may not provide the same level of data protection as your home country. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for such transfers.
11. Children's Privacy
Supplo is not directed at children under the age of 16, and we do not knowingly collect personal data from children under 16. If we learn that we have inadvertently collected personal data from a child under 16, we will take prompt steps to delete that information. If you believe we have collected such data, please contact us at support@supplo.io.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "last updated" date at the top of this page and, where required by law or where the changes are material, notify you by email or a prominent notice on our platform. We encourage you to review this policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to respond to all privacy-related inquiries within 5 business days.