Privacy Policy

Last updated: April 14, 2026

Supery ("we", "us", "our") operates the website supery.ai and provides done-for-you AI business system services. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller

Giuseppe Egitto (sole proprietor)
Email: hello@supery.ai
Website: supery.ai

2. What Data We Collect

We collect the following categories of personal data:

• Contact information: name, email address, business name — provided when you submit our intake form or contact us.
• Business information: your industry, role, tools you use, business goals — provided voluntarily through our intake form to personalize your AI system.
• Payment information: processed securely by our payment processor (Paddle). We do not store credit card numbers.
• Usage data: pages visited, time on site, referral source — collected via Google Analytics 4 (IP anonymized), PostHog (EU-hosted), Microsoft Clarity, and cookies.
• Advertising data (with your consent): if you consent to marketing cookies, we share a hashed identifier and page-view events with Meta (Facebook Pixel + Conversions API), LinkedIn (Insight Tag + Conversions API), and Google Ads, solely to measure ad performance and show you relevant ads. You can refuse this at any time via our cookie banner.
• Communication data: emails exchanged, booking information — when you use our scheduling tool (Cal.com) or email.

3. Why We Collect It (Legal Basis)

• Contract performance (Art. 6(1)(b) GDPR): to deliver the AI system you purchased, process payments, and provide support.
• Legitimate interest (Art. 6(1)(f) GDPR): to improve our website, analyze usage patterns, and send relevant follow-up communications.
• Consent (Art. 6(1)(a) GDPR): for marketing emails and non-essential cookies. You can withdraw consent at any time.

4. Third-Party Services

We use the following services that may process your data:

• Supabase (supabase.com) — database hosting (EU Frankfurt). Supabase Privacy Policy
• Resend (resend.com) — transactional email delivery. Resend Privacy Policy
• Brevo (brevo.com) — marketing email delivery. EU company, GDPR native. Brevo Privacy Policy
• Cal.com (cal.com) — appointment scheduling. Cal.com Privacy Policy
• PostHog (posthog.com) — website analytics (EU-hosted). PostHog Privacy Policy
• Microsoft Clarity — heatmaps and session replay (loaded only after analytics consent). Microsoft Privacy Policy
• Google — Google Analytics 4, Google Tag Manager, and Google Ads (conversion measurement). Loaded only after marketing consent. Google Privacy Policy
• Meta (Facebook/Instagram) — Facebook Pixel and Conversions API to measure ads. Loaded only after marketing consent. Meta Privacy Policy
• LinkedIn — LinkedIn Insight Tag and Conversions API to measure ads. Loaded only after marketing consent. LinkedIn Privacy Policy
• Cloudflare Turnstile — anti-spam verification. Cloudflare Privacy Policy
• Vercel (vercel.com) — website hosting. Vercel Privacy Policy

5. Data Retention

• Client data: retained for the duration of our business relationship plus 5 years (legal/tax obligation).
• Lead data (non-clients): retained for 12 months from last interaction, then deleted.
• Analytics data: retained for 14 months (Google Analytics default).

6. Your Rights (GDPR)

You have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Erase your data ("right to be forgotten") (Art. 17)
• Restrict processing (Art. 18)
• Data portability — receive your data in a structured format (Art. 20)
• Object to processing based on legitimate interest (Art. 21)
• Withdraw consent at any time for marketing communications

To exercise any of these rights, email hello@supery.ai. We will respond within 30 days.

7. Cookies & Tracking Technologies

We use the following categories of cookies and similar technologies. Your consent choice is stored in your browser via localStorage (key supery_consent). You can change it any time by clearing your browser data — the banner will reappear.

• Essential (always on, no consent needed): required for the site to function and for fraud prevention. Examples: session identifier, anti-spam verification (Cloudflare Turnstile), form submissions.
• Analytics (consent required): PostHog (EU-hosted), Microsoft Clarity, Google Analytics 4. Purpose: understand how visitors use the site and improve the experience. Cookies set: _ga, _ga_*, _clck, _clsk, ph_*.
• Marketing / Advertising (consent required): Meta Pixel, LinkedIn Insight Tag, Google Ads remarketing. Purpose: measure ad performance, attribute conversions, and show relevant ads. Cookies set: _fbp, _fbc, li_fat_id, li_sugr, _gcl_au. Hashed identifiers (email SHA-256) may be sent server-side via Conversions APIs to improve measurement accuracy — we never share plaintext identifiers.

We implement Google Consent Mode v2: before you make a choice, all non-essential tags default to denied. If you reject, only aggregated and anonymized modeled data (without cookies) is sent. If you accept, full measurement is enabled.

8. International Transfers

Some of our service providers (Google, Paddle, Vercel) may process data outside the EU/EEA. These transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions as required by GDPR Chapter V.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS), secure payment processing, and access controls.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Continued use of our services after changes constitutes acceptance.

11. Contact

For privacy-related inquiries:
Giuseppe Egitto
Email: hello@supery.ai