This Privacy Policy describes how Sumext (“we,” “us”) handles personal data when you use our websites and services (“Services”). By using the Services, you acknowledge the practices described here.
1. Categories of data
We may process:
- Account data (name, email, organisation, billing contact details, authentication identifiers).
- Usage and technical data (logs, device/browser type, approximate location derived from IP, cookies, similar technologies).
- Content you or your organisation submits (documents, integrations metadata, contractor portal submissions, SMS or notification preferences where applicable).
- Payment status from our payment partners (we generally do not store full card numbers on our servers).
2. How we use data
We use data to operate and secure the Services, authenticate users, process subscriptions, provide support, improve reliability and performance, communicate about the Services, comply with law, and enforce our terms. Aggregated or de-identified data may be used for analytics and product improvement.
3. Legal bases (where applicable)
Depending on jurisdiction, we rely on performing our contract with you, legitimate interests that are not overridden by your rights, consent where required (for example optional marketing cookies or certain messages), or legal obligations.
4. Sharing & processors
We use service providers (for example hosting, database, analytics, authentication, messaging, and payment processors) who process data on our instructions under appropriate agreements. We may disclose information if required by law, to protect rights and safety, or as part of a business transfer subject to safeguards.
5. Retention
We retain data for as long as needed to deliver the Services, meet legal requirements, resolve disputes, and enforce agreements. Retention periods can vary by data category and backups may persist for a limited technical window.
6. Security
We implement technical and organisational measures designed to protect data. No method of transmission or storage is completely secure; you should use strong credentials and timely access reviews for your organisation.
7. International transfers
If data is processed across borders, we use appropriate safeguards (such as standard contractual clauses) where required.
8. Your rights
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing, and to lodge a complaint with a supervisory authority. To exercise rights, contact us using the details we provide in-product or on our site. We may verify requests to protect your account.
9. Children
The Services are not directed at children, and we do not knowingly collect their personal data.
10. Changes
We may update this policy and will adjust the “Last updated” date. Significant changes may be communicated as required by law.
11. Contact
For privacy inquiries, use the contact method shown in your account or on the Sumext website. If you are a contractor invited by a firm, your firm's notices may also describe how client data is handled jointly.