This policy applies to:

• account.supaku.com
• Any Supaku application or site that uses Supaku Account for authentication, including supaku.com, art.supaku.com, social.supaku.com, and future Supaku products (together, the "Services").

If another Supaku product has its own privacy policy, that product specific policy will govern that product in the event of any conflict.

1. Who is responsible for your data

For users who sign in to Supaku services, Supaku, Inc. is the controller of your personal data for the purposes described in this policy.

Supaku uses trusted third party providers such as WorkOS to deliver secure single sign on and user management services. These providers generally act as processors that handle personal data on our behalf.

Our contact details are provided in section 15 below.

2. Information we collect

We collect the minimum information required to create and maintain your Supaku Account and to secure access to our Services. The types of personal data we may collect include:

a. Account and profile information

When you create or use a Supaku Account we may collect:

• Name
• Email address
• Password or other authentication credentials (stored in secured form)
• Profile photo or avatar if you choose to provide one
• Organization or company information if you use enterprise features
• Preferred language and time zone

If you sign in through a third party identity provider (for example an employer SSO provider), we may receive your name, email address, and other attributes that the identity provider sends to us.

b. Authentication and security information

To protect your account and our Services we may collect:

• Login timestamps and session identifiers
• Device and browser information, such as IP address, user agent, and approximate location derived from IP
• Security related events, such as failed login attempts, password reset activity, and multi factor authentication events

c. Usage information

When you use Supaku Account to sign in to other Supaku products, we may collect limited information about your use of authentication features, such as:

• Which Supaku applications you access
• Time and date of access
• Technical log data related to requests to our authentication APIs

The underlying application (for example art.supaku.com or social.supaku.com) may collect additional data about your activity inside that product. That additional data collection is described in the privacy policy for that specific product.

d. Communication information

If you contact us or interact with account related notifications, we may collect:

• The content of your messages
• Your contact details
• Information about whether you opened, read, or acted on our emails

3. How we use your information

We use the information described above for the following purposes:

1. Provide and operate Supaku Account

• Create and manage user accounts
• Authenticate users and maintain sessions across Supaku products
• Facilitate single sign on and account linking across Services

2. Secure our Services

• Detect and prevent fraud and abuse
• Protect accounts against unauthorized access
• Monitor and respond to security incidents

3. Operate and improve our products

• Monitor system performance and reliability
• Debug and troubleshoot technical issues
• Develop new features and improve the user experience

4. Legal and compliance purposes

• Comply with applicable laws and regulations
• Enforce our terms of service and other agreements
• Respond to lawful requests and legal processes

5. Communications

• Send account, security, and service related notices
• Respond to your inquiries and support requests

We do not sell your personal data.

4. Legal bases for processing (where applicable)

Where required by law, we rely on one or more of the following legal bases to process your personal data:

• Performance of a contract, for example to provide you access to Supaku services that you have requested
• Our legitimate interests, for example to secure our systems and improve our Services, when those interests are not overridden by your rights
• Compliance with legal obligations
• Your consent, in cases where we explicitly request it

5. How we share information

We share your personal data only as needed and with appropriate protections in place.

a. Other Supaku products

Supaku Account provides authentication and identity services to other Supaku products. When you sign in with your Supaku Account, we may share certain account information with those products, such as:

• A unique user identifier
• Your name and email address
• Basic profile attributes required for that product to function

Each product may store additional information about you and will handle that information under its own privacy policy.

b. Service providers and processors

We use carefully selected third party providers to deliver and support Supaku Account, for example:

• Identity and single sign on infrastructure (including WorkOS)
• Cloud hosting and storage
• Security logging and monitoring
• Analytics focused on service reliability and performance
• Customer support tools

These providers are authorized to use personal data only as necessary to provide services to us and are bound by confidentiality and data protection obligations.

c. Enterprise customers and organizations

If your Supaku Account is created or managed by an organization (for example your employer), that organization may have certain administrative rights over your account, such as the ability to manage access, enforce security settings, or receive logs related to SSO activity. This is similar to how enterprise identity platforms such as Okta and Auth0 operate when serving as SSO providers for customer applications.

d. Legal and safety reasons

We may access, preserve, and disclose information if we believe it is reasonably necessary to:

• Comply with applicable law or legal process
• Respond to valid requests from government authorities
• Protect the rights, property, or safety of Supaku, our users, or the public
• Detect, prevent, or address fraud, abuse, or security issues

e. Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. In such cases we will continue to protect your personal data and will notify you of any material changes to this policy.

We do not share your personal data with third parties for their independent marketing purposes.

6. International users

Supaku LLC is organized in the State of New York in the United States, and Supaku Account is primarily operated on infrastructure located in the United States.

If you access Supaku Account from outside the United States, you understand that your information may be processed in the United States and in other countries where our service providers are located. These countries may have data protection laws that are different from the laws in your country.

Regardless of where information is processed, we handle personal information as described in this Privacy Policy and take steps designed to ensure it is protected in a manner consistent with applicable law.

If you are located outside the United States and have questions about how we handle cross border processing, you can contact us using the details in the "Contact us" section below.

7. Data security

We use technical and organizational measures to protect your personal data, including:

• Encryption in transit and at rest where appropriate
• Access controls and least privilege principles for internal systems
• Network and application security monitoring
• Regular security reviews and improvements

Although we work hard to protect your information, no system is completely secure. You can help by choosing a strong password, keeping it confidential, and enabling additional security features if they are available.

8. Data retention

We retain personal data for as long as necessary to:

• Provide Supaku Account and related Services
• Comply with legal and regulatory obligations
• Resolve disputes and enforce our agreements
• Maintain appropriate business and security records

When data is no longer needed, we will delete or anonymize it in accordance with our data retention policies and applicable law.

9. Your rights and choices

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data:

• Right to access your personal data
• Right to correct inaccurate or incomplete data
• Right to delete your personal data
• Right to restrict or object to certain processing
• Right to data portability
• Right to withdraw consent where processing is based on consent
• Rights related to automated decision making, if applicable

You can exercise many of these rights directly through your account settings, for example by updating profile information or closing your account. For other requests, contact us using the details in section 15.

If you are located in the European Economic Area, the United Kingdom, or another region with data protection laws, you also have the right to lodge a complaint with your local data protection authority.

10. Cookies and similar technologies

Supaku Account may use cookies and similar technologies to:

• Maintain your sign in session across pages and products
• Provide basic analytics related to service reliability and security
• Remember your preferences, such as language and region

You can control cookies through your browser settings. If you disable certain cookies, some features of Supaku Account may not function correctly.

Separate Supaku products may use additional cookies or tracking technologies for their own purposes. Those uses will be described in the privacy policies for those products.

11. Third party sites and services

Supaku Account may provide links to third party websites and services. This privacy policy does not apply to those sites or services, and we are not responsible for their privacy or security practices. We encourage you to review the privacy policies of any third party services you use.

12. Children's privacy

Supaku Account is not intended for children under 13 years of age, or any higher minimum age required by applicable law in your jurisdiction, and we do not knowingly collect personal data from children in that age group.

If you believe we have collected personal data from a child in violation of this policy, please contact us so that we can take appropriate steps.

13. Additional rights for certain regions

Privacy laws in some jurisdictions provide residents with specific rights regarding their personal information. Examples include laws in certain US states and in countries in Europe, Latin America, and Asia.

Depending on where you live, and subject to the limits of applicable law, you may have the right to:

• Request access to the personal information we hold about you
• Request that we correct or update inaccurate information
• Request that we delete certain information
• Request that we restrict or limit how we use certain information
• Object to certain uses of your information
• Receive a copy of your information in a portable format where technically feasible

We will not discriminate against you for exercising rights that you may have under applicable law.

You or your authorized agent can exercise these rights by contacting us using the details in the "Contact us" section. We may need to verify your identity and location before responding. Some rights may be limited, for example where we are required or permitted by law to keep information.

If additional, region specific notices are required in the future (for example for residents of California or the European Economic Area), we may provide them in a separate notice or supplement that works together with this Privacy Policy.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and may provide additional notice as required by law.

Your continued use of Supaku Account after any changes take effect signifies your acceptance of the revised Privacy Policy.

15. Contact us

If you have questions or concerns about this Privacy Policy or our data practices, you can contact us at: