Contact us

Legal

Privacy Policy

We respect your privacy. This policy explains what we collect, why we collect it, and the choices you have.

Last updated: May 5, 2026

1. Scope of this policy

This Privacy Policy describes how Suave Tech Solutions ("Suave Tech," "we," "us," or "our") handles personal information in connection with our website at suavetech.solutions, our marketing and sales activities, our recruiting, and the consulting services we provide to clients (collectively, the "Services").

We provide web and application development, AI and automation engineering, Shopify development, blockchain development, and technical consulting. In the course of those engagements, we sometimes process personal information on behalf of our clients. When we do, we act as a processor(or service provider) and our handling of that information is governed by our written agreement with the client and any accompanying data processing addendum — not by this policy. This policy describes information we handle as a controller, which generally means information collected through our website, marketing, sales, business operations, and recruiting.

2. Who we are

The controller responsible for personal information described in this policy is Suave Tech Solutions. You can reach us about privacy questions at hello@suavetech.solutions.

If you are in the European Economic Area, the United Kingdom, or Switzerland and want to submit a privacy request, please use the contact above and clearly identify the request as a data subject request.

3. Information we collect

We collect information from a number of sources depending on how you interact with us. The categories below describe the information we typically handle as a controller.

3.1 Information you give us directly

  • Contact and inquiry information. When you fill out our contact form, send us an email, book a call, or otherwise reach out, we collect your name, email address, company, role, phone number (if provided), and the contents of your message.
  • Project information. Briefs, requirements, budgets, timelines, and other details you share with us when scoping a potential engagement.
  • Account and engagement information. Names, work email addresses, titles, company information, and billing details for clients we work with, including information needed for invoicing.
  • Recruiting information. Resumes, cover letters, work history, portfolio links, and any other information you submit if you apply to work with us.
  • Newsletter information. If you subscribe to our newsletter, your email address.

3.2 Information collected automatically

  • Device and usage data. IP address, approximate location derived from IP, browser type and version, device type, operating system, referring URL, pages viewed, links clicked, and timestamps.
  • Cookies and similar technologies. See the Cookies and analytics section below.

3.3 Information from third parties

  • Referrals and introductions. If a partner or existing client refers you to us, we may receive your contact details from them.
  • Public sources. Publicly available business information from sources like LinkedIn, GitHub, company websites, or business directories used for prospecting and due diligence.
  • Service providers. Analytics, hosting, payment, and communication providers that support our operations may share information with us as described in this policy.

4. How we use information

We use personal information for the following purposes:

  • To respond to your inquiries and to provide quotes, proposals, or estimates.
  • To negotiate, enter into, and perform contracts with clients, vendors, and partners, and to deliver our Services.
  • To invoice, take payment, and keep accounting and tax records.
  • To operate, maintain, secure, and improve our website and our internal tools and workflows.
  • To send transactional and relationship communications (e.g., status updates, invoices, scheduling, and changes to our terms or this policy).
  • To send marketing emails and our newsletter where permitted, and to measure how those communications perform. You can unsubscribe at any time.
  • To evaluate and respond to job applications and to manage our hiring and contractor onboarding processes.
  • To detect, prevent, investigate, and respond to fraud, abuse, security incidents, and other harmful or illegal activity.
  • To establish, exercise, or defend legal claims and to comply with our legal obligations.

We do not sell personal information for money. We do not engage in "cross-context behavioral advertising" as defined under California law. See the California notice for more.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on the following legal bases:

  • Performance of a contract— to take steps at your request before entering into a contract and to perform contracts we enter into with you or your organization.
  • Legitimate interests— to operate, secure, and grow our business; to evaluate prospects; to send relationship and limited B2B marketing communications; and to investigate misuse of our Services. We balance these interests against your rights and freedoms and you can object at any time.
  • Consent— for non-essential cookies, certain marketing communications where required by law, and any other processing for which we ask for your consent. You can withdraw consent at any time.
  • Compliance with a legal obligation— to meet legal, regulatory, accounting, and tax obligations.

6. How we share information

We share personal information only as described below:

  • Service providers and subprocessors. Vendors that help us run our business, including hosting, analytics, email, customer relationship management (CRM), payment processing, accounting, communication, and AI infrastructure providers. They are contractually limited to using information for the services we hire them to perform.
  • Clients and project participants. When we engage with a client, we may share contact and project information among the people working on the engagement (both at Suave Tech and at the client).
  • Professional advisors. Lawyers, auditors, accountants, and insurers, under confidentiality obligations.
  • Authorities and other parties when required by law. To comply with a subpoena, court order, lawful request, or to protect rights, safety, or property.
  • Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections.

7. Service providers and subprocessors

The categories of service providers we use to operate our website and business include:

  • Hosting and infrastructure (e.g., Vercel, AWS, Cloudflare).
  • Analytics (e.g., Google Analytics).
  • Email and communication (e.g., Google Workspace, Postmark or similar transactional providers, newsletter platforms).
  • CRM and sales tools used to track inquiries and engagements.
  • Payment and accounting (e.g., Stripe, Wise, and accounting software).
  • AI and developer tools (e.g., OpenAI, Anthropic, GitHub, code hosting, productivity, and project management tools) used internally to deliver our services.

When we deliver client engagements, we will identify the specific subprocessors involved in our written agreement with the client (typically a Master Services Agreement and Data Processing Addendum) and update them in line with that agreement.

8. International data transfers

We are based in the United States and we work with clients and contractors around the world. Personal information we collect may be transferred to, stored, or processed in countries other than the country in which it was originally collected, including the United States. These countries may have data protection laws that differ from those of your country.

When we transfer personal information out of the European Economic Area, the United Kingdom, or Switzerland to a country that has not been deemed adequate, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or our certification under applicable frameworks where available. You can request a copy of the safeguards we use by contacting us at hello@suavetech.solutions.

9. AI, automation, and automated decision-making

AI is a core part of what we build for clients, and we use AI tools internally to help us research, write code, draft content, and run our business. We have a few important commitments about how we handle personal information in connection with AI.

  • We do not train foundation models on your data. We do not use personal information collected through our website, our sales process, our recruiting, or client confidential information to train any general-purpose foundation model that we own or license.
  • We use enterprise / API tiers wherever possible. When we use third-party AI services (for example OpenAI, Anthropic, or other large language model providers) we configure them to operate under their no-training, zero or limited-retention business terms wherever the provider offers them.
  • Data minimization in prompts. We avoid sending unnecessary personal information to AI tools and we redact identifying information when we can.
  • No solely-automated decisions with legal effects on you. We do not use AI or other automated processing to make decisions about you that produce legal or similarly significant effects without meaningful human involvement. If we ever do, we will tell you in advance and explain your rights.
  • Transparency for AI we deploy. When we deploy AI features that interact with end users on behalf of a client, we work with the client to provide the transparency required by laws like the EU AI Act (for example, telling users they are interacting with AI).

If you have questions about how AI is used in a specific engagement, please contact us or your point of contact at Suave Tech.

10. Cookies and analytics

Our website uses cookies and similar technologies. Strictly necessary cookies are used so the site works properly. We also use analytics cookies (currently Google Analytics 4) to understand how visitors use our website, which pages perform well, and where to invest engineering and content effort.

You can control cookies through your browser settings, and most browsers let you block third-party cookies, clear cookies on exit, or browse in a private window. We honor the Global Privacy Control (GPC) signal where required by law. Blocking some cookies may affect site features.

11. Data retention

We keep personal information only for as long as we need it for the purposes described in this policy. The actual length depends on the category of information and the purpose:

  • Inquiries and prospects. Up to 24 months from your last interaction with us, unless we have an active discussion or you ask us to delete sooner.
  • Client engagement records.For the duration of the engagement and for a reasonable period after, typically 6–7 years for tax, accounting, and statute-of-limitations purposes.
  • Recruiting information. For the duration of the recruiting process and for a limited period after to evaluate you for future opportunities, unless you ask us to delete sooner.
  • Newsletter subscribers. Until you unsubscribe, plus a short period to honor your suppression preference.
  • Website logs and analytics. Typically up to 14 months at the identifiable level.

12. Security

We use administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, and disclosure. These include encryption in transit, access controls, principle of least privilege, hardware security keys for high-risk systems, regular software updates, and vendor diligence. No system is 100% secure and we cannot guarantee absolute security.

13. Your rights and choices

Depending on where you live, you may have the following rights with respect to personal information we hold about you:

  • Access— request a copy of the personal information we hold about you.
  • Correction— ask us to correct inaccurate or incomplete information.
  • Deletion— ask us to delete personal information, subject to exceptions.
  • Portability— receive your information in a portable, machine-readable format.
  • Restriction or objection— ask us to limit or stop certain uses of your information, including uses based on legitimate interests and direct marketing.
  • Withdraw consent— for processing based on your consent.
  • Opt out of sale or sharing— we do not sell personal information or share it for cross-context behavioral advertising, but you can confirm or update your preferences with us at any time.
  • Non-discrimination— we will not discriminate against you for exercising your rights.

To exercise any of these rights, email us at hello@suavetech.solutions with the subject line "Privacy Rights Request." We may need to verify your identity before responding. You can authorize an agent to make a request on your behalf subject to verification. We respond within the timeframes required by applicable law, typically 30–45 days.

14. California (CCPA / CPRA) notice

This section gives California residents the additional disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively the "CCPA").

Categories of personal information

In the prior 12 months, we have collected the following categories of personal information (as defined under the CCPA): identifiers; commercial information; internet or other electronic network activity information; geolocation data (approximate, derived from IP); professional or employment-related information; education information (when submitted with a job application); and inferences drawn from any of the above.

Sources, purposes, and recipients

We collect personal information directly from you, automatically through your use of our website, and from third parties (referrals, public sources, and our service providers). We use it for the business and commercial purposes described in section 4 of this policy. We disclose the categories above to service providers and to the other recipients described in section 6.

"Sale" and "sharing" of personal information

We do not "sell" personal information for money, and we do not "share" personal information for cross-context behavioral advertising, in each case as those terms are defined under the CCPA. We have not knowingly sold or shared the personal information of consumers under 16 years of age.

Sensitive personal information

We do not use or disclose sensitive personal information for purposes that would require a "Limit the Use of My Sensitive Personal Information" link under the CCPA.

Your CCPA rights

California residents have the right to know, delete, correct, opt out of sale or sharing, limit the use of sensitive personal information, and the right to be free from discrimination for exercising these rights. To exercise them, contact us as described in section 13. You may use an authorized agent.

15. Other US state privacy rights

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Tennessee, or another state with a comprehensive consumer privacy law, you may have rights similar to those described above, including the right to access, correct, delete, obtain a copy, and opt out of targeted advertising, sale, or certain profiling. Where required, we honor universal opt-out signals like the Global Privacy Control. Contact us using the methods in section 13 to exercise these rights.

You also have the right to appeal a denial of a request. If we deny a request and you would like to appeal, reply to our denial email and we will review the appeal and respond within the time required by your state's law.

16. EEA, UK, and Switzerland

If you are in the EEA, the UK, or Switzerland, you have rights under the EU General Data Protection Regulation (GDPR), the UK GDPR, the UK Data Protection Act 2018, or the Swiss Federal Act on Data Protection (FADP), as applicable. You also have the right to lodge a complaint with your local supervisory authority. In the UK, that is the Information Commissioner's Office (ICO). In Switzerland, that is the Federal Data Protection and Information Commissioner (FDPIC).

17. Brazil (LGPD)

If you are in Brazil, you have the rights afforded by the Lei Geral de Proteção de Dados (LGPD), including the rights to confirmation of processing, access, correction, anonymization, blocking or deletion, portability, information about sharing, and to revoke consent. You may lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

18. Canada (PIPEDA / Quebec Law 25)

If you are in Canada, our processing is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws, including Quebec's Law 25. You have the right to access and correct your information and to withdraw consent. You may file a complaint with the Office of the Privacy Commissioner of Canada (or the Commission d'accès à l'information du Québec, where applicable).

19. Children

Our website and Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

20. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, our services, or the law. When we make material changes, we will revise the "Last updated" date at the top of this page and, where appropriate, give you additional notice (such as by email or through a prominent notice on our website).

21. Contact us

If you have questions about this policy, want to make a privacy request, or have any other concern about how we handle your personal information, please contact us at hello@suavetech.solutions.

This policy is provided for transparency and is not legal advice. Your use of our website and Services is also governed by our Terms of Service.