Waitlist

Supasite Privacy Policy

Last updated: April 2, 2025

1. Purpose and Scope of this Policy

BuildPass Pty Ltd (ACN 652 324 635) – referred to in this policy as "we," "us," or "our" – is committed to protecting the privacy of individuals using Supasite, our AI-powered construction site inspection tool. This Privacy Policy explains what personal information we collect through Supasite, how we use and handle it independently from BuildPass's other services, and the rights individuals have regarding their information. We adhere to the requirements of the Australian Privacy Act 1988 (Cth) (including the Australian Privacy

Principles) and the EU/UK General Data Protection Regulation (GDPR), ensuring global privacy compliance.

By using Supasite, you agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy. We publish this Policy so you can easily understand what data we collect, why we collect it, how it is used, and how you can control it.

2. Who This Policy Applies To

  • Users: This Policy applies to all users of the Supasite platform, whether you create an account or use our services in any capacity. It covers personal information we handle in our own capacity and information we process on behalf of our users through Supasite.
  • Personal Information: In this Policy, "personal information" (or "personal data") means any information about an identifiable individual, as defined under the Australian Privacy Act and GDPR. This Policy does not cover information about companies or organizations, but it does cover information about individuals within those entities.
  • Minors: Supasite is intended for users 18 years and older. We do not knowingly collect personal information from children under 18 without parental consent. If we become aware of such data collection, we will promptly delete the information. By providing us personal information about someone else, you must have their consent to do so.

3. Information We Collect

We only collect information that is reasonably necessary to operate Supasite and provide our services. This may include:

  • Identity Information: Name, job title, and company/organization (if applicable).
  • Contact Information: Email address, telephone number, and mailing address.
  • Account Credentials: Login information (such as username and password) handled through our authentication provider (e.g. Clerk).
  • Profile and Usage Data: Information you provide when setting up your profile or using Supasite, such as your preferences, feedback, or any content you upload (for example, site inspection notes, images, voice notes, or other project data). We also collect usage data like feature use, clicks, and interactions to understand how our service is used.
  • Site Inspection Data: Any data submitted for analysis by Supasite's AI features – this may include images, audio recordings (which may be transcribed), video, text descriptions, or other project documents that you upload for AI processing. This data may sometimes include personal information if, for example, an image has people in it or a voice recording includes personal remarks.
  • Analytics Data: We use analytics tools (such as PostHog) that collect technical information when you use Supasite. This can include your device type, browser type, IP address, operating system, referring URLs, and timestamps of actions. Analytics data helps us troubleshoot issues and improve our services.
  • Cookies and Similar Technologies: Supasite uses cookies and similar tracking technologies to operate the website and gather analytics. For example, we use cookies to keep you logged in and to remember your preferences, and our analytics providers may set cookies or use local storage to collect usage statistics. (See Section 6: Cookies & Analytics below for more details.)
  • Communications: If you contact us (for example, via support email or feedback forms), we will collect the information you provide in those communications (such as your email address and the content of your message). We may also keep records of our correspondence.

We do not intentionally collect any sensitive personal information (such as government ID numbers, health or biometric data) through Supasite. While the service is initially available for free with plans to introduce premium paid features in the future, we only collect payment information when you choose to subscribe to a paid tier. We ask that you avoid submitting any sensitive personal data unless it is necessary for using the service. If you do upload or input any sensitive information, you consent to our processing of it as outlined in this Policy.

4. How We Collect Information

We collect personal information in several ways:

  • Directly from You: Most data is provided directly by you. For example, you enter information when signing up for Supasite, completing your user profile, uploading site inspection materials, or contacting us for support.
  • Through Your Use of Supasite: As you interact with our platform or app, we automatically collect technical data (described under Analytics Data above) via cookies, log files, and analytic scripts. For instance, when you use an AI feature, we may log the event that an analysis was run (along with timing and technical details).
  • AI Processing of User Content: If you use our AI-powered tools (like image analysis or voice transcription), the content you provide (images, audio, text) will be transmitted to our AI model providers (such as OpenAI, Anthropic, Google, xAI) for processing. In such cases, we collect the input you provided and the AI-generated output. (See Section 7: AI and Automated Processing for more details on how AI inputs/outputs are handled.)
  • Third-Party Services: Some information may be collected or transmitted through third-party service providers integrated with Supasite. For example, when you sign up or log in, our identity verification provider (Clerk) collects your login credentials on our behalf. When we send email notifications, our email service may process your contact details. These third parties collect and share information with us as needed to provide the Supasite service.

We will always endeavor to let you know when personal information is being collected and the purpose (for instance, by providing just-in-time notices or through this Privacy Policy). You may choose not to provide certain information; however, this may limit your ability to use some Supasite features. For example, if you choose not to enable certain cookies or not to provide an email address, some functionalities (like account creation or staying logged in) may not work.

5. How We Use Personal Information

We use the collected information for purposes necessary to provide and improve Supasite. The primary purposes include:

  • Providing Services: We use your information to create and manage your Supasite account, authenticate you upon login, and deliver the features of the site inspection tool. For example, we'll use your uploaded inspection data to run AI analyses and display results back to you.
  • Improving and Developing Supasite: Usage data and analytics help us understand how our product is performing. We analyze this data to fix bugs, optimize user experience, and inform new features. For instance, we might review which AI features are used most often to decide where to focus development.
  • Communications: We may use your contact information to send service-related communications. This includes confirmations, technical alerts (such as changes to our terms or privacy policy), and customer support responses. If you subscribe to any newsletter or optional updates (if offered), we will use your email to deliver those; you can opt-out of non-essential emails at any time. (Important service announcements that materially affect your use of Supasite are not optional, but we will keep these limited.)
  • Analytics and Product Research: We use third-party analytics (e.g., PostHog) to gather aggregated information on user behavior. This helps us identify usage trends, troubleshoot performance issues, and improve the content and layout of our platform. Analytics data is typically de-identified or aggregated, meaning it does not directly reveal your identity to us.
  • AI Feature Functionality: For AI-driven features, we use your input data to generate outputs (for example, using your photo to detect potential safety issues via an AI model). The content you provide is processed by the AI model providers strictly to return results to you. We may also temporarily store the input and output to allow you to review past results, to improve our algorithms, or to comply with legal obligations.
  • Platform Integration: We may use your information to facilitate integration between Supasite and the main BuildPass platform pursuant to our legitimate business interests in providing a cohesive suite of services. This includes using your data to enhance user experience across our products and to offer relevant BuildPass services based on your Supasite activity.
  • AI Model Training and Improvement: We may use anonymised data from your AI interactions to train and improve our AI models and reasoning capabilities to provide better outcomes to all users. This includes advancing our ability to recognize construction site issues and enhancing the accuracy of our AI responses.
  • Security and Fraud Prevention: We may process personal information (like account details and IP addresses) to monitor for suspicious or malicious activity, verify user identities where necessary, and otherwise protect against unauthorised access, fraud, or abuse of our services. This includes using tools like Sentry (planned for future implementation) for error monitoring and debugging to maintain a secure and stable service.
  • Legal Compliance: Where required, we will use and disclose personal information to comply with legal obligations, resolve disputes, enforce our Terms of Service, or respond to lawful requests by public authorities (e.g., a court order or subpoena).

We will only use your personal information for the purposes outlined above or for purposes that are compatible with those original purposes. If we need to use your information for an unrelated purpose, we will notify you and obtain your consent or ensure we have a lawful basis as required by applicable law.

6. Cookies & Analytics

Supasite uses cookies and similar technologies to ensure the platform functions correctly and to analyze usage:

  • What Are Cookies: Cookies are small text files stored on your device that allow us to remember certain information between pages or visits. Supasite uses both session cookies (which expire when you close your browser) and persistent cookies (which remain for a set period or until deleted).
  • Essential Cookies: Some cookies are necessary for the website to operate. For example, when you log in, we use a cookie to maintain your session so you don't have to re-enter your credentials on every page. These cookies are generally set by our authentication provider (e.g., Clerk) or our hosting platform (e.g., Vercel) to facilitate secure logins and basic site functionality.
  • Analytics Cookies: We use PostHog (an analytics platform) to collect information about how users interact with Supasite. PostHog may set cookies or use your browser's local storage to gather data such as what pages/features you use, your clicks, and usage duration. This data helps us improve the user interface and prioritize new features. All analytics data we collect is used in aggregate form, and we do not use it to personally identify you.
  • Your Choices: Upon your first visit, and from time to time, we may present a cookie notice or preferences tool where required by law (for example, in the EU/UK). You can manage or disable cookies in your browser settings. However, please note that disabling certain essential cookies may affect the functionality of Supasite (for instance, you might not be able to stay logged in or some AI features might not work optimally).
  • Do Not Track: Supasite does not currently respond to "Do Not Track" signals. However, you can opt out of analytics data collection by disabling cookies or using browser-based blocking tools. We do not serve advertising or engage in cross-site tracking.

By using Supasite with cookies enabled in your browser, you consent to our use of cookies as described here. For more details or any questions about our use of cookies and tracking technologies, you can contact us using the information in Section 12 of this Policy.

7. AI and Automated Processing

Supasite is an AI-powered platform, which means we leverage third-party artificial intelligence services to provide certain features (such as automated checklist generation, image recognition, document summarization, or voice transcription). It is important for you to understand how your data is handled in these processes:

7.1 AI Providers and Processing

Supasite integrates with various third-party AI model providers to power our intelligent features. These may include AI platforms from OpenAI, Anthropic, Google, xAI, and other leading AI service providers.

These providers act as processors of data on our behalf when you use our AI-powered features. They receive the input data you provide (like text prompts, images, or documents) and return an output (like an analysis, a response, or a processed result). Supasite may utilize one or multiple AI models to process your data, selecting the most suitable technology for each specific task based on performance, capabilities, and availability.

We continually evaluate AI providers and models to ensure optimal performance and security. As AI technology evolves, we may add, remove, or replace providers. We will update this Privacy Policy when significant changes to our AI provider approach occur. Rest assured, we will only integrate providers that meet our standards for privacy and reliability.

7.2 Data Handling in AI Features

  • Input Data Transmission: When you use an AI feature, the necessary data (e.g., the text of your question, the content of a checklist you want summarized, or an image file) is sent securely to the corresponding AI provider's API. We send only the information required for the task. For example, if you ask "Summarize the attached safety report," we send the text of that report (not unrelated data like your password or profile info) to the AI API.
  • Temporary Processing: The AI providers process the data in memory and send back a response. They may store the data for a short duration for purposes of processing, caching, or monitoring for abuse. According to their policies:
    • OpenAI and Anthropic APIs typically do not use your inputs to train their general models. They may keep data for up to 30 days (OpenAI) or similar periods (Anthropic) for abuse detection and debugging, after which it's deleted.
    • Google likely handles Gemini requests under Google Cloud's privacy commitments, meaning data is not used to improve Google's products unless explicitly agreed and is kept confidential.
    • xAI's Grok is committed to user privacy; as per xAI's statements, end-user conversations are not used to train the model without consent. However, xAI may retain interactions as needed to ensure proper functioning and compliance (and X Corp policies might allow opting out of training, which we would opt out of on your behalf unless explicitly beneficial and allowed by you).
  • No Secondary Use by Supasite: We (BuildPass) hold the right to use the data to train and further advance our models and reasoning to provide better outcomes to all users. This is done in an anonymised manner. We might review AI interactions in an aggregated or anonymized way to evaluate performance (e.g., to see if the AI is frequently misunderstanding a type of question, so we can adjust our prompts or guidance).
  • Human Oversight: We reserve the right to observe all AI interactions both by human and automated processes for quality and improvement purposes. On occasion, authorized team members might review specific interactions if needed to investigate a problem or misuse (for example, if you report a problematic AI response, we might look at the conversation to debug it, always under strict privacy controls).

7.3 No Fully Automated Decisions with Legal Effects

Supasite's AI features are tools to assist users in site inspections (e.g., highlighting potential safety issues or summarizing information). They do not independently make binding decisions about individuals. All AI outputs should be reviewed by a human user, and no output by Supasite's AI is applied without human oversight or intervention. In other words, we do not subject anyone to purely automated decisions that have legal or significant effects on them, as defined under GDPR Article 22.

7.4 Accuracy and Limitations

While we strive to use high-quality AI models, AI predictions or generated outputs can sometimes be incorrect or misleading. We do not guarantee the accuracy or completeness of any AI-generated content. Users should not rely on Supasite's AI features as professional advice or the sole basis for safety or compliance decisions. Always use your own judgment and expertise to validate AI results on site. (See the Terms of Service for more on this in the Disclaimers section.)

7.5 User Control

Providing data to the AI features is entirely optional. If you do not want certain information processed by third-party AI, you should not input or upload it into those features. By using the AI tools within Supasite, you consent to your data being transferred to and processed by the AI provider(s) as described. If you have concerns about specific types of data (e.g., photos of individuals) being analyzed by AI, please contact us to discuss available options.

8. Disclosure of Personal Information to Third Parties

We treat your personal information with care and confidentiality. We do not sell your personal data to unrelated third parties for their own marketing or any other purposes. However, we do share information with certain trusted third parties in order to run Supasite effectively, as outlined below:

  • Service Providers: We use third-party companies to support our operations and services. These providers only receive the information necessary for them to perform their function, and they are contractually obligated to protect it and use it only for our purposes. Our key service providers include:
    • Clerk: Provides user authentication and account management services. Clerk handles your login credentials and may store basic profile information (like your email and password) on our behalf.
    • Neon: Hosts our application database (a cloud-based PostgreSQL database). This is where we store Supasite user data (account info, inspection records, AI outputs, etc.). Personal data in our database is therefore stored on Neon's infrastructure.
    • Vercel: Hosts and serves the Supasite web application. When you use Supasite, your requests are routed through Vercel's servers. Vercel may log technical data like IP addresses and request metadata for operational purposes (e.g., load balancing and caching).
    • PostHog: Provides analytics services as described in Section 6. PostHog processes usage data (which may include pseudonymous identifiers like cookie IDs or your IP address) to give us insights into how Supasite is used.
    • Deepgram: Powers any voice transcription features in Supasite. If you use voice input (for example, adding a voice note to an inspection), the audio is sent to Deepgram's API to be transcribed into text. Deepgram will receive the audio content and return a transcript. Audio data may be temporarily stored by Deepgram for processing and quality assurance.
    • AI Providers (OpenAI, Anthropic, Google, xAI): As detailed in Section 7, these third parties process the content you submit to AI features and generate outputs. They act as processors of that data for us, under strict terms.
    • Expo/EAS: If Supasite offers a mobile application, we may use Expo's services (Expo Application Services) for building and updating the mobile app. Expo may process certain device identifiers or app usage data (like error logs) to facilitate over-the-air updates or push notifications.
    • Sentry (Planned): We intend to integrate Sentry for error tracking and performance monitoring. Once active, if the app encounters an error, Sentry will collect information about the error and the context (which might include user ID, device info, and portion of data in use when the error happened) to help us diagnose and fix issues quickly.
  • Within BuildPass and Affiliates: Supasite is operated as an independent product by BuildPass Pty Ltd. Information collected through Supasite will be shared with the main BuildPass platform pursuant to our legitimate business interests in providing integrated services and product offerings. We will not share your personal information with BuildPass affiliates unless specifically mentioned in this policy. As the same company operates both Supasite and BuildPass, there is shared IT infrastructure and personnel. Our staff and systems that work on Supasite may also administer BuildPass's other services. If, in the future, we introduce a unified login or integration between Supasite and the main BuildPass platform, we will notify you of any material changes to our data handling practices accordingly.
  • Legal and Safety Reasons: We may disclose personal information if we reasonably believe that doing so is necessary to comply with any applicable law, regulation, legal process, or governmental request. We may also disclose information to enforce our Terms of Service, investigate potential violations, detect or prevent fraud, security, or technical issues, or protect the rights, property, and safety of BuildPass, our users, or the public. This could include exchanging information with law enforcement or other companies and organizations for fraud protection and credit risk reduction (as applicable).
  • Business Transactions: If BuildPass (the company operating Supasite) is involved in a merger, acquisition, sale of assets, or reorganization, your information may be transferred as part of that transaction. We will ensure the confidentiality of any personal information involved in such transactions and provide notice before personal data is transferred or becomes subject to a different privacy policy.

In all cases where we disclose your personal information to third parties, we take steps to ensure those parties handle the information in accordance with this Policy and applicable privacy laws. Where feasible, personal data is shared in an aggregated or de-identified form. When we need to share identifiable data (such as an email address with an email service, or an image with an AI provider), we do so under confidentiality obligations and only as necessary for the specific service.

9. International Data Transfers

Supasite is a global service. The personal information we collect may be accessed or processed in countries other than the country you reside in. In particular, many of our third-party providers listed above are based in (or may store data in) the United States and other jurisdictions outside of Australia or the European Economic Area (EEA).

  • Our Location: Our company, BuildPass Pty Ltd, is based in Australia. Your data will likely be stored on servers located in Australia, the US, and possibly other locations where our service providers operate data centers (for example, Vercel and cloud providers operate globally).
  • Risks: Different countries have different data protection laws. When your data is transferred from your home country to another country, it may become subject to those foreign laws. For instance, personal data of EU users transferred to the US may not have the same legal protections as under the GDPR unless specific measures are taken.
  • Our Safeguards: We take reasonable steps to ensure that international data transfers comply with applicable laws. For transfers from Australia, we abide by Australian Privacy Principle 8, which generally requires us to either only send data to jurisdictions with similar privacy protections or ensure the recipient protects the data to the standard of Australian law (for example, via contract). For transfers from the EEA/UK or other regions with data transfer restrictions, we utilize appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on an adequacy decision where applicable. Our contracts with key service providers (like our AI and hosting providers) include data protection addenda with SCCs or equivalent mechanisms to protect EU/UK personal data.
  • Your Consent in Some Cases: In certain situations, we may ask for your consent to transfer data overseas (for example, if a particular optional integration would send your data to a new country). If you agree to such a transfer, we will inform you of any relevant risks and handle the data in accordance with that consent and this Policy.
  • Access by Foreign Authorities: Be aware that personal information stored or transmitted outside your country may be accessible to foreign courts, law enforcement, and national security authorities in accordance with local laws. For example, data stored in the US might be lawfully accessed by US authorities under certain conditions. We will notify you of any legally binding request for disclosure of your information by a foreign authority unless we are prohibited by law from doing so.

Despite the global transfer of data, your information remains protected by the measures described in this Policy. We maintain high standards of data protection regardless of where data is processed and continue to be responsible for it. If you have questions about our international data transfer practices, please contact us (see Section 12).

10. Data Security and Storage

We understand the importance of safeguarding your personal information. We implement a variety of administrative, technical, and physical security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption: Data exchanged with Supasite is encrypted in transit using SSL/TLS (your web browser's "HTTPS" connection). Sensitive data in our databases (such as passwords stored via Clerk) are encrypted at rest.
  • Access Controls: Personal information is accessible only to those personnel and service providers who need it to perform their duties or services. Both BuildPass staff and third-party contractors with potential access to personal data are subject to strict confidentiality obligations. We use authentication and authorization controls to limit access within our systems (for example, developers have access to systems on a need-to-know basis).
  • Security Testing and Maintenance: We regularly update our software and systems to address security vulnerabilities. Our integration with Sentry (once active) will help us quickly identify and respond to technical errors that could impact security. We may also run periodic security audits or engage external specialists to test our platform's defenses.
  • Anonymization: Where possible, we de-identify or pseudonymize personal data within our analytics and testing environments. For example, we might use unique user IDs instead of actual names when analyzing usage patterns, adding an extra layer of privacy.
  • Physical Security: Our data (including any backups) is stored on secure servers operated by reputable cloud providers, which employ physical security controls at data center locations.

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You can help keep your data safe by using a strong, unique password for Supasite, protecting your account credentials, and logging out after use on shared devices.

If we become aware of a data breach that compromises your personal information, we will notify affected individuals and relevant authorities as required by law. This includes following any applicable data breach notification requirements under the Australian Privacy Act and GDPR (which may involve contacting you and the Office of the Australian Information Commissioner or EU supervisory authorities, as needed).

11. Your Rights and Choices

You have certain rights regarding your personal information held by us, and we want to empower you to exercise those rights:

  • Access: You have the right to request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used format. For EU/UK residents, we will typically fulfill access requests within one month (or up to three months for complex requests, notifying you of the need for an extension). Australian users can also request access; we will respond within a reasonable time. In some cases, we may need to withhold certain information (for example, if providing it would infringe on another person's privacy or as otherwise permitted by law), but we will explain any such withholding.
  • Correction: We strive to keep your information accurate and up to date. If you believe any personal data we have is incorrect or incomplete, you have the right to request we correct it. Many basic details can be updated directly through your account settings. If you cannot change something yourself, contact us with the correction request, and we will rectify any confirmed inaccuracies promptly (generally within 28 days as per Australian law, or one month under GDPR standards).
  • Deletion (Right to Erasure): You may request that we delete your personal information. For example, if you no longer wish to use Supasite, you can request account deletion. We will honor deletion requests provided we do not have a legal obligation or overriding legitimate interest to retain the information. Note that deleting your data may result in loss of access to Supasite or certain features. Also, some data may remain in backups or logs for a short period but will be removed or anonymized in the normal course of those systems.
  • Withdrawal of Consent: If we are processing your personal information based on your consent (for instance, for optional marketing or a particular feature), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. If you withdraw consent, we will stop the specific processing unless we have another lawful basis to continue (e.g., a legal requirement).
  • Objection to Processing: You have the right to object to certain processing activities. For example, if we process your information based on legitimate interests, you can object if you believe it impacts your rights. You also have an absolute right to object to use of your data for direct marketing (we currently do not use your data for unsolicited marketing, but if we ever do, you can opt out). If you raise an objection, we will review and cease the processing in question unless we demonstrate compelling legitimate grounds for the processing or it is needed for legal reasons.
  • Restriction of Processing: You can request that we temporarily limit the processing of your personal information in certain situations – for instance, while you are contesting the accuracy of your data or if you have objected to processing and we are considering that request. During the restriction period, we will store your data securely and not process it until the issue is resolved (aside from maintaining it).
  • Data Portability: For EU/UK users (and others where applicable), you have the right to data portability. This means you can request to receive certain personal information you have provided to us in a commonly used, machine-readable format, and you can also ask us to transmit it to another data controller where technically feasible. This right applies to information processed by us by automated means, based on your consent or in performance of a contract (e.g., your account data).
  • Automated Decision-Making: As noted, Supasite does not make solely automated decisions with legal or similarly significant effects. However, if you believe you have been subject to an unfair decision based only on automated processing, you have the right to request human intervention and to express your point of view or contest the decision.

How to Exercise Your Rights: You can exercise most of the above rights by contacting us (see Section 12: Contact Us). For certain requests (access, deletion, etc.), we may need to verify your identity to ensure we don't disclose or delete data to the wrong person. We will respond to all legitimate requests within a reasonable timeframe. If your request is especially complex or if you have made a large number of requests, we will keep you updated on the progress and timing.

Please note that these rights are subject to some conditions and exceptions under applicable laws. For example, we might not be able to delete data that we are required to keep for legal compliance (such as audit or record-keeping purposes), or we might decline a request if it jeopardizes others' privacy or our legal obligations. If we refuse any request, we will explain our reasoning and outline any further options you have.

12. Questions, Complaints, and Contacting Us

We value your privacy and aim to address any questions or concerns you have about your personal information. If you:

  • have any questions about this Privacy Policy or about how your data is handled;
  • wish to exercise any of your rights described in Section 11; or
  • have a concern or complaint about privacy,

please contact us using the details below.

Privacy Contact Office:

Email: hello@supasite.ai

Postal Mail: The Privacy Officer

BuildPass Pty Ltd (Supasite)

Unit 2, 33 Stewart St

Richmond, VIC 3121, Australia

We will respond to privacy-related inquiries as soon as reasonably possible, generally within 10 business days. If you make a complaint, we will investigate the issue and provide you with our response and any steps we will take to address your concerns.

If you are not satisfied with our response to a privacy complaint, you have the right to escalate the matter to the appropriate supervisory authority. For Australian users, you may contact the Office of the Australian Information Commissioner (OAIC). For individuals in the EU/EEA, you can reach out to your local Data Protection Authority. UK users can contact the Information Commissioner's Office (ICO). We will provide contact details for these authorities upon request.

13. Changes to this Privacy Policy

Supasite and our data practices may evolve over time. We reserve the right to update or modify this Privacy Policy at any time. If we make material changes, we will notify users by email (if you have provided one) or by placing a prominent notice on our website (for example, via a banner or notification in the app). The "Last Updated" date at the top of this Policy will always indicate when the latest changes were made.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of Supasite after any changes to this Policy constitutes your acceptance of the revised terms, to the extent permitted by law.