1. Information we collect

We collect information in three main ways: information you give us, information collected automatically, and information from connected services.

a. Information you provide to us

• Contact information (such as your name and email address), typically provided via Supaku Account
• Contacts you add to the Family Service, including names, email addresses, phone numbers, addresses, birthdays, and other details
• Activities, interactions, and notes related to your contacts
• Intentions and relationship goals you set
• Gifts you track (given and received)
• Calendar events and reminders
• Feedback, survey responses, and support requests

If we offer paid plans, we may collect limited billing related information. Payment card data is usually processed directly by our payment processor, not stored in full by Supaku.

b. Information we collect automatically

When you use the Family Service we automatically collect certain technical information, such as:

• Device and browser information (for example browser type, operating system, IP address, user agent, language, time zone)
• Usage information, including pages viewed, features used, click paths, timestamps, and error reports
• Log data related to API calls and integration activity

We use cookies and similar technologies as described in the Family Cookie Policy.

c. Information from connected services and enrichment

With your explicit permission, the Family Service may collect additional information to enrich your contacts:

• Contact information from connected services such as Google Contacts or calendar integrations
• Publicly available information from services such as Gravatar profiles and GitHub profiles, looked up by email address
• Public web search results retrieved via Exa.ai, a neural search service, using contact email addresses as search queries
• Information your contacts voluntarily provide through our "Ask the Contact" self-report feature, where we send an email inviting them to review and update their own information
• AI-generated insights and suggestions based on your contact data

All enrichment is user-initiated — we never automatically enrich contacts without your explicit action. Every enriched field displays its data source for transparency, and you can reverse any enrichment at any time.

We collect only the scopes that are necessary to provide the requested features, and we rely on the permissions screens presented during the connection process to describe what is shared.

You can disconnect integrations or reverse enrichments at any time, although some features may then stop working.

2. How we use information

We use the information we collect for the following purposes:

Contact management and organization

• Store and organize your personal and professional contacts
• Track activities, interactions, and notes
• Manage gifts, intentions, and relationship goals

Data enrichment and AI features

• Enrich contact information from connected services
• Provide AI-assisted suggestions and insights
• Generate reminders and recommendations

Calendar and reminders

• Sync with calendar services you authorize
• Send reminders for birthdays, follow-ups, and important dates

Security and abuse prevention

• Protect accounts from unauthorized access
• Detect and prevent misuse
• Monitor for unusual or harmful activity

Analytics and product development

• Understand how people use the Family Service
• Measure performance and improve reliability
• Develop new features and experiments

Legal, compliance, and enforcement

• Comply with applicable laws and regulations
• Enforce our Terms of Service and policies
• Respond to lawful requests and legal processes

Communication

• Send account, security, and service related messages
• Respond to questions and support requests
• Send product updates or educational content, where permitted by law and your preferences

We do not sell your personal information.

We may use de identified or aggregated data for analytics, research, and product development. When we do this, we take steps so that the data cannot reasonably be linked back to specific individuals.

3. Use of AI and third party providers

The Family Service uses artificial intelligence models and third-party search services to help enrich contacts and provide recommendations. This can involve:

• Sending contact data (such as email addresses and names) to Exa.ai for public web search to find publicly available information about your contacts
• Sending contact data and search results to AI providers for structured data extraction and recommendations. We currently support Anthropic (Claude), OpenAI (GPT), and Google (Gemini) — your administrator or account settings determine which provider is used
• Receiving enriched data and showing it to you as suggestions that you review and approve before they are applied

We use reputable providers and impose contractual protections, but when you use AI features you should:

• Review all enriched data for accuracy
• Avoid entering highly sensitive personal information
• Understand that outputs may be inaccurate or incomplete and should not be treated as verified facts

Contact self-report emails

The "Ask the Contact" feature allows you to send an email to one of your contacts inviting them to review and update information you have stored about them. When you use this feature:

• We send a transactional email to your contact's email address via our email service provider (Resend)
• The email contains a secure, time-limited link (expires after 30 days) that allows the contact to view only the specific fields you chose to share
• The contact can optionally update those fields — their responses are stored as suggestions for your review, not applied automatically
• This feature is rate-limited to one request per contact every six months

If you are a contact who received a self-report email and have questions about your data, please contact us using the information in Section 12 below.

4. How we share information

We share information only as needed to operate the Family Service and as described below.

a. Other Supaku services

We share limited information with Supaku Account and other Supaku products so they can:

• Authenticate you and maintain a consistent profile
• Understand which Supaku products you use
• Provide cross product features where you choose to enable them

Any such sharing happens within the Supaku family and is governed by compatible policies.

b. Service providers

We use third party service providers to help run the Family Service, including hosting, storage, analytics, logging, customer support, email delivery, payment processing, and AI model hosting. These providers may access personal information only to perform services for us and must protect it under written agreements. Key providers include:

• Vercel — hosting, deployment, and web analytics
• Neon — database hosting
• Resend — transactional email delivery (including self-report contact emails)
• Stripe — payment processing
• Exa.ai — public web search for contact enrichment (receives contact email addresses as search queries)
• Anthropic, OpenAI, Google — AI model providers for enrichment extraction and recommendations

For analytics, we use Vercel Analytics (provided by Vercel Inc.) and Google Analytics (provided by Google LLC). Vercel Analytics collects anonymized page view and performance data without using cookies or tracking individuals across sites. Google Analytics uses cookies and similar technologies to help us understand how the Family Service is used. For more information on how Google collects and processes data, see How Google uses information from sites or apps that use our services.

c. Connected platforms and tools

When you connect a calendar, contact provider, or other integration, we share information with that integration according to its documented behavior and the permissions you approve.

Your use of an integration is also subject to that platform's own terms and policies.

d. Business transfers and legal reasons

We may disclose or transfer information:

• In connection with a merger, acquisition, financing, or sale of all or part of our business
• When we believe disclosure is reasonably necessary to comply with law, regulation, legal process, or government request
• To protect the rights, property, or safety of Supaku, our users, or the public
• To detect, prevent, or address fraud, abuse, or security issues

We do not share your personal information with third parties for their independent advertising or marketing purposes.

5. International users

Supaku LLC is based in New York, United States, and the Family Service is primarily operated on infrastructure located in the United States. Our service providers may process information in other countries.

If you access the Family Service from outside the United States, you understand that your information may be transferred to and processed in the United States and other jurisdictions that may have different data protection laws than your country.

Regardless of where information is processed, we handle personal information as described in this Privacy Policy and take steps designed to keep it protected.

6. Data security

We use technical and organizational measures to protect personal information, including:

• Encryption in transit and at rest where appropriate
• Access controls and least privilege practices for internal systems
• Security logging and monitoring
• Regular reviews and improvements

No system is perfectly secure. You are responsible for keeping your account credentials, access tokens, and devices safe.

7. Data retention

We keep personal information only as long as reasonably necessary to:

• Provide and support the Family Service
• Maintain legitimate business records
• Resolve disputes and enforce our agreements
• Comply with legal obligations

Your data is retained for as long as your account is active. Upon account deletion request, there is a 30-day grace period for recovery. After the grace period, all data is permanently and irreversibly deleted. Backups are purged within 90 days of account deletion. You can export all your data at any time before deletion.

8. Your rights

Depending on your location, you may have the following rights regarding your personal data under GDPR and other privacy laws:

9. Your choices

Within the Family Service and your browser, you can:

• Update profile and preference information
• Connect or disconnect services and integrations
• Reverse any data enrichment
• Manage cookie and tracking preferences as described in the Cookie Policy
• Request deletion of your data, subject to technical limits and legal requirements

You can also contact us using the information below to request access to or deletion of your personal information held by the Family Service, subject to legal limits and verification of your identity.

10. Children's privacy

The Family Service is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13.

If you believe we have collected personal information from a child under 13, contact us so that we can take appropriate steps.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and may provide additional notice where required.

Your continued use of the Family Service after an update becomes effective means that you agree to the revised Privacy Policy.

12. Contact us

If you have questions or concerns about this Privacy Policy or our data practices for the Family Service, contact us at: