Privacy Notice

Last updated: May 28, 2026

1. Who we are

Suvax is operated by Ferdinand Hemptenmacher. We act as the data controller for personal data processed through the Service.

2. Data we collect

• Account data: email address, authentication identifiers, and login state.
• Usage data: searches you run, prompts you submit, shortlists you save.
• Technical data: IP address, device and browser information, log data.
• Support data: messages you send to us.
• Billing data: handled by Paddle as Merchant of Record (we do not store card data).

3. Why we use it

• To create and operate your account (contract performance).
• To deliver search results and save shortlists (contract performance).
• To prevent fraud, abuse and secure the Service (legitimate interests).
• To improve the product and fix bugs (legitimate interests).
• To respond to support requests (legitimate interests / contract).
• To comply with legal obligations (legal obligation).

4. Legal basis

We rely on contract performance, our legitimate interests, your consent where required, and compliance with legal obligations, depending on the processing activity.

5. Who we share data with

• Paddle — our Merchant of Record, who processes payments, subscription management, tax compliance and invoicing.
• Service providers / subprocessors — hosting, database, analytics and support tooling acting on our instructions.
• Professional advisers — legal and accounting advisers where necessary.
• Authorities — where required by law or to protect our rights.

6. Data retention

We keep personal data for as long as your account is active and for as long as needed to provide the Service, comply with legal obligations and resolve disputes. After that, data is deleted or anonymised.

7. International transfers

Data may be processed outside your country of residence. Where transfers leave the UK/EEA we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

8. Your rights

Depending on where you live, you may have the right to access, rectify, erase, restrict processing of, port or object to processing of your personal data, to withdraw consent, and to lodge a complaint with your local supervisory authority. We aim to respond within one month.

9. Security

We use appropriate technical and organisational measures including encryption in transit, access controls and least-privilege practices.

10. Cookies

We use essential cookies and local storage to keep you signed in and to operate the Service. We do not use advertising cookies.

11. Contact

For privacy questions, contact us through the Service. For billing-related personal data handled by Paddle, visit paddle.net.