Privacy Policy — Suggestic, Inc.

I. Who We Are

Suggestic, Inc. is the data controller for personal data collected through the Suggestic website, Platform, and public-facing forms. We are registered in the United States. For data protection enquiries, contact us at [email protected].

II. Information We Collect and Why

A. B2B Contact Data (Book Demo and Try API forms)

When you submit a Book Demo or Try API request, we collect the information you provide — including your name, work email, company name, and optionally your job title and phone number. This information is used to fulfil your request (schedule a demo or activate an API trial) and, after your request is fulfilled, to follow up with you as a prospective B2B client.

Under EU/UK data protection law, we process this information on the following grounds: Article 6(1)(b) GDPR (processing necessary to fulfil your request) at the time of submission; Article 6(1)(f) GDPR (our legitimate interest in following up with prospective B2B clients) after your request is fulfilled; and Article 6(1)(a) GDPR (your consent) if you separately opt in to receive product updates and marketing communications. The marketing checkbox is optional and unchecked by default — you may withdraw that consent at any time by emailing [email protected].

When you submit either form, we record your consent timestamp, the policy wording version shown at the time, and your marketing preference. These records are stored in our CRM for as long as required to demonstrate compliance.

B. B2B Prospect Data (externally sourced)

If you are a business professional who has received an outreach email from us without previously submitting a form, your professional contact details (name, work email, job title, company name, industry) were obtained from a third-party B2B data provider. We process this data on the basis of Article 6(1)(f) GDPR (legitimate interest) to introduce our platform to relevant businesses.

Automated scoring. We use an automated scoring system to assess whether a B2B professional meets our target profile before including them in an outreach campaign. This assessment is based on professional attributes only (job title, company size, industry, geography) — it does not involve sensitive personal data, financial assessment, or health information. You have the right to object to this processing at any time under Article 21 GDPR, and to request human review of any scoring decision by emailing [email protected]. All outreach emails also include a one-click unsubscribe link.

We retain externally sourced B2B contact data for up to 3 years from last contact, or until you unsubscribe — whichever is sooner.

C. Platform Users

When you create an account or use the Suggestic Platform, we collect personally identifiable information such as your name, username, phone number, and email address, along with non-identifying information such as your zip code, gender, and age. We also automatically collect usage data — including your device model, IP address, browser type, operating system, pages visited, time spent, and access times — to operate, maintain, and improve the Platform. For EU/UK users, this processing is based on Article 6(1)(b) GDPR (performance of the contract with you or your employer).

D. Health and Nutrition Data

Where the Suggestic Platform processes personal health or nutrition data on behalf of a B2B client, Suggestic acts as a data processor under Article 28 GDPR. The B2B client is the controller and is responsible for obtaining the appropriate lawful basis from their end users.

E. Website Visitor Data

Our servers automatically collect standard access data (IP address, browser type, pages visited) from all website visitors. We also use Google Analytics 4 for operational analytics. This processing is based on Article 6(1)(f) GDPR (our legitimate interest in maintaining platform security and improving the service). Google Analytics is only activated after you grant cookie consent.

III. Cookies and Tracking

The Platform uses cookies to keep you logged in, determine session activity, and support operational analytics. A cookie consent banner is shown to EU/UK visitors, and non-essential cookies are only loaded after you grant consent. You may change or withdraw your cookie preferences at any time via the banner.

We do not use email open-tracking pixels or click-tracking in outbound emails.

IV. How We Share Your Data

Suggestic does not sell personal data. We share it only where necessary to operate our business — with service providers who support our infrastructure, CRM, payment processing, email delivery, B2B data sourcing, AI and language model processing, analytics, scheduling, HR, and related functions. All such providers act under written Data Processing Agreements as required by Article 28 GDPR. We may also share information when required by law or court order, with professional advisors (lawyers, auditors) under confidentiality obligations, or with successor entities in the event of a merger, acquisition, or asset sale.

Personal data transferred from the EU/EEA or UK to the United States is transferred under Standard Contractual Clauses (EU Commission Decision 2021/914/EU) or the EU–US Data Privacy Framework, as applicable. A full sub-processor register is available on request at [email protected].

V. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. B2B prospect contact records are kept for 3 years from last meaningful engagement, or until you unsubscribe — whichever is sooner. Website visitor analytics are retained for 14 months (Google Analytics 4 default). Platform usage logs are retained for 12 months. Consent proof records are kept for the duration of the contact record plus 3 years. Employee and contractor data is kept for the duration of the engagement plus 6 years, as required by law.

VI. Your Rights (EU/EEA/UK Data Subjects)

Under GDPR and UK data protection law, you have the right to access a copy of the personal data we hold about you; to have inaccurate data corrected; to request deletion of your data where no overriding legal ground exists; to restrict or object to how we process your data; to receive your data in a portable, machine-readable format; and to withdraw any consent you have given at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your national data protection authority (for example, the Irish DPC, the ICO in the UK, or the supervisory authority in your EU member state).

VII. Changing or Deleting Your Information

Platform users may review, update, or delete the personal information in their account profile at any time. If you delete all such information, your account may be deactivated. We may retain an archived copy of your records where required by law or for legitimate business purposes.

VIII. Security

We are committed to safeguarding your information and apply technical and organisational measures in accordance with Article 32 GDPR. These include encryption of data at rest and in transit, secure session management, multi-factor authentication on all admin accounts, and role-based access controls. No security system is impenetrable. In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals where required by law.

IX. Children's Privacy

The Platform requires users to be at least 18 years of age. We do not knowingly collect data from anyone under 13. If you believe a minor has provided personal data, contact us at [email protected] and we will take steps to delete it promptly.

X. Changes to This Policy

We will publish material changes through the Platform and update the "Last reviewed" date at the top of this page. Where required by law, we will notify you directly.

XI. Contact

For privacy questions, data subject requests, or consent withdrawal:

📧 [email protected]

Version History