Suadela SUADELA PERSUASION ENGINE
Claim Early AccessEarly Access

Legal

Privacy Policy

Effective date: 2026-04-22 · Last updated: 2026-04-22

This Privacy Policy explains how Falco Labs L.L.C. ("Falco Labs," "we," "us," "our") collects, uses, discloses, and protects personal data in connection with Suadela Engine (the "Service").

We comply with the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR), and other applicable privacy laws.

1. Who we are

Data controller for customer account data:
Falco Labs L.L.C.
30 N Gould St, Ste N, Sheridan, WY 82801, USA
Contact: [email protected]

For the behavior of visitors to our customers' pages, Falco Labs acts as a data processor on behalf of our customer (the page owner), who is the data controller for their visitor data.

2. Personal data we collect

From customers (account data)

  • Name, email address, company name.
  • Billing information, processed by Stripe; we retain only the last four digits of the card, the card brand, and the billing country.
  • Account usage, dashboard activity, support messages you send us.
  • Technical data when you use the dashboard: IP address, browser, device type.

From visitors to customer pages (as processor)

When Suadela is installed on a customer's page, we process the following on the customer's behalf:

  • Page URL, referrer, variant shown.
  • Scroll depth, time on page, click events on calls-to-action.
  • Form submissions, purchases, and other conversion events the customer has configured.
  • Device type, browser, approximate geographic region (country or region level).
  • Visitor IP address, used for de-duplication and fraud prevention, hashed after 30 days.

We do not collect names, emails, or payment details of end visitors unless the customer's form explicitly passes them to us. Where such personal data is passed to us, we process it strictly on the customer's instructions.

3. How we use data

Customer account data is used to:

  • Provide, maintain, and improve the Service.
  • Communicate with you about the Service (transactional) and about product updates (marketing; you may opt out).
  • Bill you and comply with tax obligations.
  • Detect fraud and enforce our Terms.

Visitor data (as processor) is used to:

  • Diagnose page performance.
  • Generate copy variants.
  • Measure conversion and consolidate winners.
  • Improve the Service's methodology and knowledge base, using aggregated, de-identified signals only.

4. Legal bases (for users in the EU/UK, under GDPR)

  • Performance of contract: processing necessary to provide the Service you subscribed to.
  • Legitimate interest: improving the Service, preventing fraud, aggregate analytics.
  • Consent: for non-essential cookies and for marketing communications. You may withdraw consent at any time.
  • Legal obligation: retaining billing and accounting records as required by applicable tax law.

5. Sharing with third parties

We share personal data only with the following categories of recipients:

  • Stripe, Inc. (United States): payment processing.
  • Anthropic, PBC (United States): AI processing, via API; data is sent for variant generation. Per Anthropic's API terms, data sent via the API is not used to train their models.
  • Hetzner Online GmbH (Germany): hosting and infrastructure for the EU data plane.
  • Email service providers: transactional and product emails.

We maintain Data Processing Agreements with each subprocessor. An up-to-date list of subprocessors is available at suadela.net/subprocessors.

We do not sell personal data, as the term is defined under the CCPA.

6. International data transfers

Account data is stored in the European Union (Hetzner, Germany). AI processing for variant generation involves transfer of certain page and variant content to Anthropic's United States infrastructure, under Standard Contractual Clauses (SCCs) approved by the European Commission. We apply appropriate safeguards for all international transfers of personal data.

7. Retention

  • Customer account data: retained for the duration of your subscription and for up to 3 years after termination, for tax and legal purposes. Deleted after that period.
  • Visitor behavior data: retained for 24 months in identifiable form; aggregated or deleted thereafter.
  • IP addresses: hashed after 30 days.
  • Backups: rotated out within 90 days.

You may request earlier deletion; we will honor the request except where we are legally required to retain the data.

8. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data (right to erasure / right to be forgotten).
  • Restrict or object to processing.
  • Data portability: receive your data in a structured, commonly used format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your national data protection authority (EU/UK users).
  • Opt out of any "sale" of personal data (California users); we do not sell personal data.

To exercise these rights, email [email protected]. We respond within 30 days. We may request verification of your identity before acting on a request.

9. Cookies and similar technologies

On our own site (suadela.net):

  • Essential cookies for session authentication and security. These cannot be disabled.
  • Analytics cookies for aggregate site statistics (optional, consent-based).

On customer pages: The Suadela script may set cookies under the customer's domain for variant tracking and de-duplication. These are governed by the customer's own privacy policy. Our customers are responsible for disclosing the script and obtaining any consent their jurisdiction requires.

10. Security

We implement technical and organizational measures appropriate to the risk, including:

  • TLS encryption for data in transit.
  • Encryption at rest for databases and backups.
  • Role-based access controls and logging of administrative actions.
  • Regular security reviews and dependency updates.

No system is perfectly secure. We will notify affected users and, where required, regulators of material data breaches within the timeframes required by applicable law (72 hours under GDPR).

11. Children

The Service is not directed to children. We do not knowingly collect personal data from children under 13 (United States) or under 16 (European Union). Customers must not install the Service on pages directed to children under these thresholds.

12. Changes to this Policy

We may update this Privacy Policy. Material changes will be announced at least 30 days before they take effect, via email to customers and via a notice on suadela.net. The "Last updated" date above reflects the most recent revision.

13. Contact

For any privacy question, to exercise a right, or to lodge a complaint:

[email protected]
Falco Labs L.L.C.
30 N Gould St, Ste N, Sheridan, WY 82801, USA

← Back to home