Privacy Policy

Last updated: February 28, 2025

1. Introduction

Asish Panda Labs ("we", "us", "our") operates the sutrena.com website and API platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account information

When you create an account, we collect your email address and authentication credentials (via Google OAuth or email/password). We do not store passwords directly — authentication is handled by Supabase Auth.

Form submission data

When end users submit data through forms you create, we store that submission data on your behalf. You are the data controller for this data; we are the data processor.

Usage data

We collect basic usage metrics such as API call counts, form and dashboard creation counts, and submission volumes for metering and billing purposes.

Technical data

We may collect IP addresses, browser type, and request metadata for security, rate limiting, and abuse prevention.

3. How We Use Your Information

  • To provide and maintain the Service
  • To process payments and manage subscriptions
  • To send transactional emails (submission notifications, account alerts)
  • To enforce rate limits and prevent abuse
  • To comply with legal obligations
  • To improve the Service based on aggregated, anonymized usage patterns

4. Third-Party Services

We use the following third-party services:

  • Supabase — database hosting and authentication
  • Paddle — payment processing and subscription management
  • Google OAuth — optional authentication provider

Each third-party service has its own privacy policy governing how they handle your data. We encourage you to review their policies.

5. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies. No cookie consent banner is required because we only use strictly necessary cookies.

6. Data Retention

We retain your account data for as long as your account is active. Form submission data is retained until you delete it or close your account.

Unclaimed trial data is automatically deleted after 24 hours plus a short grace period.

7. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS), hashed API keys, and access controls. However, no method of transmission over the Internet is 100% secure.

8. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access, correct, or delete your personal data
  • Object to or restrict processing of your data
  • Data portability — receive your data in a structured format
  • Withdraw consent at any time

We also provide a GDPR deletion endpoint (DELETE /api/forms/:id/submissions/gdpr) to delete submission data by email address.

9. Data Sharing

We do not sell, rent, or trade your personal information or submission data to third parties. We only share data with the third-party services listed above, and only as necessary to operate the Service.

10. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the Service. The "last updated" date at the top reflects the most recent revision.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at [email protected].

Privacy Policy | Sutrena