Suitekore (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our websites and services (collectively, the “Services”).
1. Information We Collect
1.1 Information You Provide
When you create an account or use our Services, we may collect the following information directly from you:
- Account information: Email address and password (hashed) when you register for a Suitekore product.
- Company information: Business name, address, bank details, and logo when setting up invoicing.
- Client information: Names, email addresses, phone numbers, and addresses of your clients that you enter into the Services.
- Payment information: Payment card details are processed directly by Stripe, our payment processor. We do not store full card numbers on our servers.
- Communications: Messages you send to us via email or contact forms.
1.2 Information Collected Automatically
When you access our Services, we may automatically collect:
- Usage data: Pages visited, features used, and actions taken within the Services.
- Device information: Browser type, operating system, and device identifiers.
- Log data: IP address, access times, and referring URLs.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: To provide, maintain, and improve the Services — including generating invoices, sending emails, and processing payments.
- Account management: To authenticate your identity, manage your account, and communicate with you about your account.
- Customer support: To respond to your inquiries and provide technical assistance.
- Service improvement: To understand how users interact with the Services and identify areas for improvement.
- Legal compliance: To comply with applicable laws, regulations, and legal processes.
We do not sell your personal information. We do not use your client data for any purpose other than providing the Services to you.
3. Data Storage & Security
3.1 Data Storage
Your data is stored on self-hosted PostgreSQL databases running on our private VPS infrastructure (IONOS, EU-based). Invoice PDFs and uploaded assets are stored on encrypted volumes on the same infrastructure.
3.2 Security Measures
We implement appropriate technical and organizational measures to protect your information:
- Passwords are hashed using bcrypt with a work factor of 12.
- All data in transit is encrypted via TLS 1.2/1.3.
- Database access is restricted to the application server and requires authentication.
- API endpoints are protected by session-based authentication and rate limiting.
- Payment processing is handled entirely by Stripe; we do not handle raw card data.
3.3 Data Retention
We retain your account information and the data you enter into the Services for as long as your account is active. You may request deletion of your data at any time by contacting us. Invoice records may be retained for legal and accounting purposes as required by applicable law.
4. Third-Party Services
We use the following third-party services to operate the Services:
- Stripe — Payment processing. Stripe receives your payment card details directly and processes payments on our behalf. Stripe Privacy Policy ↗
- Resend — Transactional email delivery (invoice emails, reminders). Resend Privacy Policy ↗
These third parties have their own privacy policies. We encourage you to review them. We do not share your data with third parties for their own marketing purposes.
5. Cookies
Our Services use essential session cookies to maintain your authenticated session. These cookies are strictly necessary for the operation of the Services and do not track you across other websites.
We do not use third-party tracking cookies, advertising cookies, or analytics cookies on our application domains.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: You may request a copy of the personal data we hold about you.
- Correction: You may request that we correct inaccurate or incomplete data.
- Deletion: You may request that we delete your personal data, subject to legal retention requirements.
- Portability: You may request a copy of your data in a structured, machine-readable format.
- Objection: You may object to certain processing of your data.
To exercise any of these rights, contact us at privacy@suitekore.com. We will respond within 30 days.
7. Children's Privacy
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Services after any changes constitutes acceptance of the updated policy.
9. Contact
If you have questions or concerns about this Privacy Policy or our data practices, please contact us: