Privacy Policy

Last updated: April 9, 2026

Supery ("we", "us", "our") operates the website supery.ai and provides done-for-you AI business system services. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller

Giuseppe Egitto (sole proprietor)
Email: hello@supery.ai
Website: supery.ai

2. What Data We Collect

We collect the following categories of personal data:

• Contact information: name, email address, business name — provided when you submit our intake form or contact us.
• Business information: your industry, role, tools you use, business goals — provided voluntarily through our intake form to personalize your AI system.
• Payment information: processed securely by our payment processor (Stripe). We do not store credit card numbers.
• Usage data: pages visited, time on site, referral source — collected via Google Analytics (anonymized IP) and cookies.
• Communication data: emails exchanged, booking information — when you use our scheduling tool (Cal.com) or email.

3. Why We Collect It (Legal Basis)

• Contract performance (Art. 6(1)(b) GDPR): to deliver the AI system you purchased, process payments, and provide support.
• Legitimate interest (Art. 6(1)(f) GDPR): to improve our website, analyze usage patterns, and send relevant follow-up communications.
• Consent (Art. 6(1)(a) GDPR): for marketing emails and non-essential cookies. You can withdraw consent at any time.

4. Third-Party Services

We use the following services that may process your data:

• Tally (tally.so) — form hosting. Data processed in the EU. Tally Privacy Policy
• Brevo (brevo.com) — email delivery and CRM. EU company, GDPR native. Brevo Privacy Policy
• Stripe (stripe.com) — payment processing. PCI DSS Level 1 certified. Stripe Privacy Policy
• Cal.com (cal.com) — appointment scheduling. Cal.com Privacy Policy
• Google Analytics — website analytics (anonymized IP enabled). Google Privacy Policy
• Vercel (vercel.com) — website hosting. Vercel Privacy Policy

5. Data Retention

• Client data: retained for the duration of our business relationship plus 5 years (legal/tax obligation).
• Lead data (non-clients): retained for 12 months from last interaction, then deleted.
• Analytics data: retained for 14 months (Google Analytics default).

6. Your Rights (GDPR)

You have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Erase your data ("right to be forgotten") (Art. 17)
• Restrict processing (Art. 18)
• Data portability — receive your data in a structured format (Art. 20)
• Object to processing based on legitimate interest (Art. 21)
• Withdraw consent at any time for marketing communications

To exercise any of these rights, email hello@supery.ai. We will respond within 30 days.

7. Cookies

We use:

• Essential cookies: required for the website to function (no consent needed).
• Analytics cookies: Google Analytics — to understand how visitors use our site. Requires your consent.
• Marketing cookies: Meta Pixel — for advertising purposes. Requires your consent.

You can manage your cookie preferences at any time via the cookie banner on our site.

8. International Transfers

Some of our service providers (Google, Stripe, Vercel) may process data outside the EU/EEA. These transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions as required by GDPR Chapter V.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS), secure payment processing, and access controls.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Continued use of our services after changes constitutes acceptance.

11. Contact

For privacy-related inquiries:
Giuseppe Egitto
Email: hello@supery.ai