Privacy Policy
Last updated: 21 May 2026
This Privacy Policy explains how Supaneon Ltd, trading as SUPA! ( "Supaneon", "we", "us", or "our"), the company that operates the SUPA! platform at flysupa.com ( "SUPA!", the "Service"), collects, uses, stores, shares, and protects your information. It includes a dedicated section describing how we access and handle data from third-party services you choose to connect, such as Google and Microsoft.
1. Who we are
SUPA! is an assisted Event management and operations platform for the Events industry, aimed at business customers. Supaneon Ltd is the data controller responsible for the personal data described in this policy. Our contact details are in Section 13.
2. Information we collect
- Account information you provide when you register, such as your name, email address, organisation, and account type.
- Content you create or upload within SUPA!, such as Event details, documents, and messages.
- Connected service data, only where you explicitly connect a third-party service (such as Google or Microsoft) and grant permission. This is described in detail in Section 4.
- Usage and technical data, such as log data and device information, used to operate and secure the Service. Some of this is collected using cookies and similar technologies; see Section 9.
- Data from others. If you invite a colleague or teammate to your workspace, or add another person's contact details (for example, an Event contact), we receive and process that information so the Service can function. If someone has added your personal details and you wish them removed, contact us at hello@flysupa.com.
3. How we use your information
We use the information we collect to provide and operate the Service, including to display your connected emails and calendar within your SUPA! account, generate AI-assisted draft email replies for you to review, enable you to attach and save files, secure the platform, and provide support. We do not sell your personal data.
4. Connected third-party services
The Service lets you connect third-party accounts to enable features such as displaying your email and calendar and generating AI-assisted draft replies. The services you can currently connect are Google and Microsoft; we may add others over time, and where we do, this policy will apply to them in the same way. You grant access explicitly through the relevant provider's consent screen, you can revoke it at any time (see Section 6), and we request only the access needed to deliver specific features.
The data we access from connected services, and how we use it, is set out below:
| Data we access | How we use it |
|---|---|
| Email messages (read-only) | We retrieve your email messages, including their content, so we can display them within your SUPA! account and generate AI-assisted draft replies. SUPA! does not send email on your behalf; any reply is sent manually by you from your own account. |
| Calendar (read-only) | We read your calendar events to display them within SUPA! so you can coordinate Events. We do not create, edit, or delete calendar events. |
| Files (file-level access, Google Drive) | We access only the specific files you open or create through SUPA! using the provider's file picker, so you can attach those files within SUPA! and save SUPA!-created documents back to your account. We cannot see or access any other files in your account. |
| Basic profile (email, name, profile ID) | We use this to create and identify your account and to sign you in. |
How connected-service data is stored
Data retrieved from connected services (including email content) is stored on secured servers located in Manchester, United Kingdom. Access is restricted and protected by technical and organisational security measures.
How connected-service data is shared
To generate AI-assisted draft replies, the content of the relevant email is sent to a third-party AI service provider, which processes it solely to produce a draft for you. We do not use your data, and this provider does not use your data, to train, develop, or improve AI or machine-learning models. We do not share connected-service data with any other third parties, except where required by law.
Limited Use of Google user data
SUPA!'s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we do not use Google user data for serving advertisements, and we do not use it to train, develop, or improve generalised or non-personalised AI and/or machine-learning models. We do not transfer Google user data to others except as necessary to provide or improve user-facing features prominent in the Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets. Human access to Google user data is not permitted except with your explicit consent, for security purposes, to comply with applicable law, or as part of internal operations where the data has been aggregated and anonymised.
5. Data retention and deletion
We retain connected-service data only for as long as needed to provide the Service to you.
- Disconnecting a service stops SUPA! from retrieving any further data from it. Data already retrieved remains available in your SUPA! account so that you do not lose your workspace, unless and until it is deleted as described below.
- Deleting your SUPA! account deletes all associated connected-service data (including email content) from our systems.
- Requesting deletion: you may request deletion of the data SUPA! has retrieved from your connected services at any time by contacting us at hello@flysupa.com. When you do, we delete that data from our systems.
- When the data retention period expires for a given type of data, or when you request deletion, we will delete or destroy it, except where we are required to retain limited information to comply with legal obligations. Residual copies may persist in encrypted backups for a limited period before being overwritten.
6. Your rights and choices
- Revoke access at any time by disconnecting a service within SUPA!, or via your Google Account permissions page or your Microsoft account permissions page. Revoking access stops further data retrieval.
- Delete your data by deleting your SUPA! account, or by contacting us to request deletion (see Section 5).
- Access, correct, or export your personal data by contacting us.
- Object to or restrict certain processing, where applicable under UK GDPR.
- Complain to the UK Information Commissioner's Office (ICO) if you believe your data has been mishandled.
7. Legal basis for processing
Where the UK GDPR applies, we rely on the following lawful bases: consent, which you give when you connect a third-party service, and which is the basis on which we process all connected-service data (including Google and Microsoft data); performance of our contract with you to provide the Service; and our legitimate interests in operating and securing the platform. You can withdraw consent at any time by disconnecting the relevant service.
8. Security
We use appropriate technical and organisational measures to protect your information, including access controls, encryption in transit, and restricted internal access. No method of transmission or storage is completely secure, but we work to protect your data and review our practices regularly.
9. Cookies
We use cookies and similar technologies to operate the Service, remember your preferences, keep you signed in, and understand how the Service is used. You can control cookies through your browser settings. Where required, we will ask for your consent to non-essential cookies.
10. International transfers
Your data is stored in the United Kingdom. Where data is processed by service providers, it may be processed in other locations; in those cases we rely on appropriate safeguards as required by applicable law.
11. Children
SUPA! is a business tool not directed at children, and we do not knowingly collect personal data from anyone under 16.
12. Changes to this policy
We may update this policy from time to time. We will post the updated version here and revise the "Last updated" date above. If we begin to access a type of user data not previously disclosed here, we will update this policy and obtain your consent before accessing that data. Material changes will be communicated where appropriate.
13. Contact us
Supaneon Ltd
16 Salisbury Road, London, W13 9TX, United Kingdom
Email: hello@flysupa.com
Website: flysupa.com