1. Overview

This Privacy Policy explains how SupAI ("SupAI", "we", "us") collects, uses, shares and protects information when you use our websites, apps, dashboards, browser experiences and APIs, including Scout, Find Your AI, Find Your Course, Build Your Business and any other services that link to this Policy (together, the "Services").

This Policy is intended to be read together with our Terms of Service. Capitalised terms used but not defined here have the meanings given in the Terms of Service.

2. Who Is Responsible for Your Data

Unless we tell you otherwise in a product specific notice, the controller responsible for your personal data is SupAI, based in Mauritius. For privacy questions or to exercise your rights, you can contact us at privacy@sup-ai.com.

If you are located in the European Economic Area (EEA), the United Kingdom or Switzerland, we will process your data in accordance with applicable data protection laws such as the GDPR, the UK GDPR and the Swiss FADP, as far as they apply to us.

3. Types of Data We Collect

We collect information in three main ways: you provide it directly, we collect it automatically, and we receive it from third parties.

3.1. Information You Provide to Us

  • Account data: When you create or manage an account we collect information such as your name, email address, password (stored as a hash), country or region, plan, language preferences, and any profile details you choose to provide.
  • Content and usage data: When you use Scout or other tools, we process your prompts, uploads, chat transcripts, instructions, links, files, and the AI outputs generated for you. We also store tool settings, model choices, rating/feedback you give on responses, and other configuration data.
  • Support and communication data: If you contact us by email or forms (for example support, feedback, legal or billing enquiries), we process the content of those messages and any additional details you provide.
  • Course, job and business inputs: If you use Find Your Course, Find Your AI, Build Your Business or similar features, we may collect information about your goals, skill levels, location, budget, business ideas, and other context you provide so we can generate recommendations.

3.2. Information We Collect Automatically

  • Log and device data: When you access the Services we automatically collect technical information such as IP address, browser type and version, device identifiers, operating system, time zone, page views, referral URLs, clickstream, and error reports.
  • Usage analytics: We collect information about how you interact with the Services, for example which pages or features you use, the models you call, the volume and timing of requests, response times, and generic usage patterns. This is often processed in aggregate form for analytics.
  • Cookies and similar technologies: We use cookies, local storage and similar technologies to keep you logged in, remember preferences, secure the Services and understand usage. See section 10 for more detail.

3.3. Information from Third Parties

  • Payment and billing partners: When you pay for a plan, our payment processors share limited information with us such as payment method type, successful or failed payment status, and basic billing information. We do not receive or store full card numbers.
  • Analytics and error monitoring providers: These partners may provide us with aggregated or pseudonymised statistics about how users interact with the Services, as well as error traces that help us debug and improve stability.
  • Sign in and identity providers (if enabled): If you choose to sign in via a third party (for example Google), we receive identifiers and profile information that you authorise that provider to share with us.

4. How and Why We Use Data

We use the information we collect for the following purposes. Where EU/UK data protection law applies, the legal bases are also indicated.

4.1. Providing and Maintaining the Services

  • To create and manage accounts, authenticate users and provide core features like Scout, Find Your AI, Find Your Course and Build Your Business.
  • To route your prompts and context to the selected AI models and tools, and to return outputs to you.
  • To provide dashboards, usage statistics, billing overviews and similar account features.
  • Legal bases (where applicable): performance of a contract; our legitimate interests in operating the Services.

4.2. Safety, Abuse Prevention and Security

  • To monitor for and prevent abuse, such as automated scraping, fraud, misuse of APIs or violation of our Terms of Service.
  • To detect and investigate suspicious activity, security incidents and technical issues.
  • To enforce our Terms of Service and comply with legal obligations.
  • Legal bases: legitimate interests in keeping the Services secure; compliance with legal obligations.

4.3. Improvement, Research and Analytics

  • To understand how the Services are used, so we can improve reliability, speed, UX and feature design.
  • To develop new features, prompts and routing strategies, using aggregated or de-identified data where possible.
  • To run experiments or A/B tests to compare different approaches, for example different model configurations.
  • Legal bases: legitimate interests in improving and developing the Services; your consent where required for analytics cookies.

4.4. Communication with You

  • To send you transactional messages, such as account confirmations, security alerts, plan changes, invoices and important service emails.
  • To respond to your questions, support tickets and feedback.
  • To send optional product updates, tips or marketing communications where permitted by law. You can opt out of marketing at any time.
  • Legal bases: performance of a contract; legitimate interests in keeping you informed; your consent for marketing where required.

4.5. Compliance and Legal Obligations

  • To comply with applicable laws, regulations and legal processes, including responding to lawful requests from authorities.
  • To keep appropriate records for tax, accounting, billing and audit purposes.
  • Legal bases: compliance with legal obligations; legitimate interests in protecting our legal rights.

5. AI Processing, Training and Logs

  • When you send prompts or files to SupAI, we route them to models hosted by us or by third party providers (for example Groq or Google Gemini) in order to generate outputs.
  • These providers act as independent controllers or processors of your data under their own terms and privacy policies. We only share the minimum information reasonably required to process your request.
  • We keep logs of requests and responses for a limited period to operate the Services, handle support, enforce safety and comply with legal obligations. Where possible, we remove or reduce direct identifiers from logs to lower privacy risk.
  • We may use aggregated or de-identified data derived from your usage (for example counts of API calls, error rates, latency, common feature usage) to analyse and improve the Services. This kind of data is not used to identify you personally.
  • We do not claim ownership of your prompts or outputs. You remain responsible for reviewing outputs and deciding what to do with them, including whether to store, share or delete them in your own systems.

6. Sharing Your Information

We do not sell your personal data. We share information only with the categories of recipients described below, to the extent reasonably necessary for the purposes described in this Policy.

  • AI and infrastructure providers: Third party model providers, hosting providers, databases, email delivery services and other infrastructure partners that help us deliver the Services.
  • Payment processors: Companies that process payments on our behalf. They receive billing information as needed to complete transactions.
  • Analytics and monitoring partners: Services that provide aggregated usage analytics, error monitoring and performance data.
  • Professional advisers: Lawyers, accountants and other advisers who are bound by confidentiality obligations when we need advice.
  • Legal and safety disclosures: Law enforcement, regulators or other third parties when we believe in good faith that disclosure is necessary to comply with law, protect our rights, investigate fraud or protect the safety of users or others.
  • Business transfers: In connection with a merger, acquisition, financing or sale of all or part of our business, your information may be transferred as part of that transaction, subject to appropriate safeguards and continued protection.

7. Data Retention

We keep personal data only for as long as reasonably necessary to fulfil the purposes described in this Policy, including to provide the Services, comply with legal obligations, resolve disputes and enforce our agreements.

  • Account data is kept for as long as your account is active and for a reasonable period afterwards if needed for legitimate business or legal purposes.
  • Logs and analytics data are retained for limited periods that are appropriate for security and performance analysis, then deleted or anonymised.
  • If you request deletion of your account, we will delete or anonymise associated personal data, except where we are required or permitted by law to retain certain information.

8. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration. These measures may include access controls, encryption in transit (for example HTTPS), segmentation of systems, logging and periodic reviews.

No online service can ever be completely secure. If you believe your account has been compromised or you become aware of a potential security issue, you should notify us immediately at security@sup-ai.com or via support.

9. Your Rights and Choices

Depending on your location and applicable law, you may have some or all of the rights listed below regarding your personal data. We will honour these rights in accordance with applicable laws.

  • Access: You can request confirmation of whether we process your personal data and receive a copy of that data.
  • Correction: You can ask us to correct inaccurate or incomplete personal data.
  • Deletion: You can request deletion of your personal data, subject to certain exceptions where we must keep data by law or for legitimate interests.
  • Restriction: You can ask us to restrict certain processing in specific circumstances.
  • Portability: You may have the right to receive certain personal data in a structured, commonly used and machine readable format, and to have it transmitted to another controller where technically feasible.
  • Objection: You can object to certain processing based on our legitimate interests, including profiling, and to direct marketing at any time.
  • Withdrawal of consent: Where we rely on consent, you may withdraw it at any time. This does not affect processing that took place before withdrawal.

To exercise your rights, contact us at privacy@sup-ai.com. We may need additional information to verify your identity and request before acting.

If you are in the EEA, UK or Switzerland and believe we have not handled your personal data in accordance with applicable law, you also have the right to lodge a complaint with your local data protection authority.

10. Cookies and Similar Technologies

We use cookies and similar technologies for several reasons:

  • Strictly necessary cookies: Required for the Services to function, such as signing in, maintaining sessions and security protections.
  • Preference cookies: Used to remember your settings, such as language, region or UI preferences.
  • Analytics cookies: Used to understand how the Services are used and to help us improve them.

In many cases you can control cookies through your browser settings, including blocking or deleting them. If you disable certain cookies, some features of the Services may not work as intended.

11. International Data Transfers

SupAI is based in Mauritius and works with providers in various countries. As a result, your personal data may be processed in countries other than the one where you live. These countries may have different data protection laws.

Where required by law, we use appropriate safeguards to protect personal data transferred internationally, such as standard contractual clauses approved by the European Commission or other mechanisms recognised by applicable laws.

12. Children

The Services are not intended for children under 16 and we do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take reasonable steps to delete it. If you believe a child has provided us with personal data, please contact us at privacy@sup-ai.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will change the "Last updated" date at the top of this page and may provide additional notice, such as by email or via the Services.

Your continued use of the Services after the updated Policy becomes effective will mean you have read and understood the changes. If you do not agree with the updated Policy, you should stop using the Services.

14. Contact

If you have questions about this Privacy Policy, our data practices or your rights, you can contact us at:

Email: privacy@sup-ai.com

© 2026 SupAI