Find Suppliers Now

Find Suppliers Now

Privacy Policy

Last updated on 13 February 2026

Service Name: SupplierGPT
Controller/Company: BASTAN GROUP
Contact Email: hello@suppliergpt.net

  1. Introduction
    This Privacy Policy explains how SupplierGPT (“SupplierGPT”, “we”, “us”, “our”) collects, uses, discloses, stores, and protects personal data when you use our website, applications, APIs, and related services (collectively, the “Services”). By using the Services, you acknowledge this Privacy Policy.

  2. Scope
    This Privacy Policy applies to personal data processed in connection with:

  • Account registration, sign-in, and profile management.

  • Supplier discovery, AI-supported sourcing workflows, and related tools.

  • Payments, subscriptions, and billing workflows.

  • Security, fraud prevention, and compliance functions.

  • Support and communications.

This Policy does not cover third-party websites, tools, or services that you access through links or integrations not controlled by us.

  1. Data We Collect
    We may collect the following categories of data:

3.1 Identity and Account Data

  • Full name, email address, phone number (if provided), account status.

  • Authentication details such as password hash, sign-in method (including Google sign-in), and verification status (email_verified, phone_verified).

3.2 Security and Technical Data

  • IP address, user agent, approximate location derived from IP, device/browser metadata.

  • Login records, failed attempts, session data, anti-abuse and anti-bot verification data (including Cloudflare Turnstile results and metadata).

  • Two-step verification records and security event logs.

3.3 Supplier Workflow and Content Data

  • Product requests, sourcing preferences, prompts, notes, uploaded files/images, and AI interaction content.

  • Generated outputs and workflow states.

3.4 Payment and Subscription Data

  • Plan information, subscription status, renewal events, transaction references, and billing metadata.

  • Payment card details are processed by payment processors and are not fully stored by us unless required by law or accounting rules.

3.5 Communication Data

  • Support emails/messages, notifications, verification messages (email/SMS), and related metadata.

3.6 Analytics and Usage Data

  • Pages viewed, feature usage, timestamps, error logs, and performance diagnostics.

  1. Data Sources
    We collect data:

    • Directly from you (forms, uploads, settings, support).

    • Automatically from your use of the Services.

    • From integrated providers (for example Google identity services, payment processors, email/SMS providers, cloud/security providers).

    • From legal/public sources when required for compliance or fraud prevention.

  2. Purposes of Processing
    We process personal data to:

    • Create and manage your account.

    • Authenticate users and protect account security.

    • Provide SupplierGPT core features and AI-assisted sourcing functions.

    • Process subscriptions, billing, plan activation, and service continuity.

    • Provide customer support and service communications.

    • Detect, prevent, and investigate abuse, fraud, spam, and security incidents.

    • Monitor and improve service quality, reliability, and performance.

    • Comply with legal obligations, requests, and enforcement actions.

    • Establish, exercise, or defend legal claims.

  3. Legal Bases (EEA/UK, where applicable)
    Where GDPR or similar laws apply, we rely on:

    • Contract necessity: to provide requested Services.

    • Legitimate interests: security, fraud prevention, product improvement, operational integrity.

    • Consent: where required (for example optional marketing, non-essential cookies, or certain integrations).

    • Legal obligation: compliance with tax, accounting, legal, and regulatory requirements.

  4. Cookies and Similar Technologies
    We use cookies and related technologies for:

  • Essential authentication and security.

  • Session continuity and user preferences.

  • Service analytics and diagnostics.

You can adjust cookie settings in your browser, but disabling essential cookies may affect functionality.

  1. Sharing and Disclosure
    We may share personal data with:

  • Infrastructure/cloud hosting and security partners.

  • Payment processors and subscription/billing providers.

  • Communications providers (email/SMS).

  • Identity providers (such as Google) when you use social sign-in.

  • Analytics, error monitoring, and technical service providers.

  • Professional advisors (legal, audit, compliance).

  • Authorities where required by law or to protect rights and safety.

  • A successor entity in case of merger, acquisition, restructuring, or sale.

We do not sell your personal data for money. If “sharing” for cross-context behavioral advertising is legally defined in your jurisdiction, we will provide rights and controls required by law.

  1. International Transfers
    Your data may be processed outside your country. Where required, we use appropriate safeguards, such as contractual protections and recognized transfer mechanisms.

  1. Data Retention
    We keep personal data only as long as necessary for purposes described in this Policy, including:

  • Account data: while your account is active, plus legally required retention period.

  • Security logs: retained for security, fraud detection, and auditing needs.

  • Billing/tax records: retained for statutory accounting/tax periods.

  • Verification and anti-abuse records: retained according to security and legal requirements.

  • Support records: retained as needed for issue resolution and legal defense.

When no longer required, data is deleted, anonymized, or securely archived as legally appropriate.

  1. Data Security
    We use administrative, technical, and organizational safeguards to protect personal data, including access controls, encryption in transit where applicable, secure credential handling (hashed passwords), logging, and monitoring. No system is completely risk-free; we encourage strong passwords and account security practices.

  2. AI and Automated Processing
    SupplierGPT may use automated systems to assist sourcing and recommendations. AI outputs may contain errors or outdated information and should be independently reviewed before business decisions. Automated processing is primarily assistive and not intended as sole basis for high-risk legal or financial outcomes.

  3. Your Rights
    Depending on your location, you may have rights to:

  • Access your personal data.

  • Correct inaccurate data.

  • Delete data (subject to legal exceptions).

  • Restrict or object to certain processing.

  • Data portability.

  • Withdraw consent (where consent is the legal basis).

  • Lodge a complaint with a supervisory authority.

To exercise rights, contact hello@suppliergpt.net. We may request identity verification before processing requests.

  1. California Privacy Rights (if applicable)
    California residents may have rights to know, access, correct, and delete personal information, and to limit certain uses. You may also have rights related to “sale” or “sharing” definitions under California law. We will not discriminate against users for exercising privacy rights.

  2. Children
    SupplierGPT is not intended for children under 18 (or the applicable age of digital consent in your jurisdiction). If we learn that we collected data from an ineligible minor, we will take steps to delete it.

  3. Third-Party Services
    Our Services may include third-party integrations and links. Their privacy practices are governed by their own policies. We recommend reviewing those policies separately.

  4. Policy Changes
    We may update this Privacy Policy from time to time. Material changes will be communicated through appropriate channels (for example website notice or email). Continued use after effective date means acceptance of the updated policy.

  5. Contact
    For privacy inquiries, requests, or complaints:

    Company: BASTAN GROUP
    Email: hello@suppliergpt.net