Ostatnia aktualizacja: 2026-06-18
This Privacy Policy explains how Siup("Siup", "we", "us"), operated by Leon Brąś, Zielona Góra, Polska, collects, uses, and protects personal data when you use the Siup web application and automations at get-siup.win (the "Service"). We comply with the EU General Data Protection Regulation (GDPR) and Polish data-protection law.
For data about your account and use of Siup (your email, name, billing, run logs), Siup is the data controller.
For lead and customer data you submit to run automations (names, email addresses, message contents), you are the controller and Siup acts as a data processor, handling that data only on your instructions. A Data Processing Agreement (DPA) is available on request at brasleon6@gmail.com.
Account data — your email address and name (via Google sign-in), and your workspace and team membership.
Configuration data — automation settings you save (e.g. sender email, review/feedback links, prompt options).
Lead / customer data — the contact details and message content you (or your connected forms/CRM via webhooks) submit so an automation can draft and, optionally, send an email.
Usage & run logs — automation run status, timestamps, AI token usage and computed cost, and a redacted record of inputs and outputs, used to show your history and meter billing.
Technical data — your IP address (used transiently for rate-limiting and abuse prevention) and essential session cookies needed to keep you signed in.
Billing data — if you subscribe, your customer and subscription identifiers from Stripe. Card details are handled solely by Stripe; Siup never sees or stores your full card number.
We process personal data to: provide and operate the Service (performance of a contract); secure the Service and prevent abuse (legitimate interest); process payments and comply with tax/accounting obligations (legal obligation); and send service-related emails. AI-generated email drafts are produced to deliver the feature you requested. Lead/customer data is processed on your documented instructions as your processor.
To draft emails and qualify leads, the text you submit is sent to Anthropic's Claude API. This data is used only to generate the response for your request and, per Anthropic's API terms, is not used to train models. Avoid submitting special categories of data (health, etc.) unless necessary and lawful.
We rely on the following providers to run the Service. Each processes personal data only as needed to provide its function, under appropriate safeguards (e.g. EU Standard Contractual Clauses for transfers outside the EEA):
Some sub-processors are located outside the European Economic Area (e.g. in the United States). Where that is the case, transfers are protected by the European Commission's Standard Contractual Clauses or an equivalent valid transfer mechanism.
We keep account and configuration data while your account is active. Run logs and lead/customer data are retained to provide history and billing, and are deleted (or anonymised) on request or within a reasonable period after you close your account. Billing records are kept as long as required by tax law. You can request deletion at any time (see Your rights).
Data is encrypted in transit (HTTPS/TLS). Per-tenant secrets are encrypted at rest, access is restricted to your workspace, and we apply rate-limiting, signed webhooks, and security headers. No system is perfectly secure, but we work to protect your data.
Every automated email sent through Siup includes an unsubscribe link. Recipients who unsubscribe are added to a suppression list and will not receive further automated emails from that workspace.
We use only essential cookies required for authentication and to remember your active workspace. We do not use advertising or third-party tracking cookies.
Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, to object to certain processing, and to withdraw consent. To exercise these rights, contact us at brasleon6@gmail.com. You also have the right to lodge a complaint with your supervisory authority — in Poland, the President of the Personal Data Protection Office (UODO, uodo.gov.pl).
The Service is not intended for individuals under 16, and we do not knowingly collect their data.
We may update this policy; we will revise the "Last updated" date above and, for material changes, take reasonable steps to notify you.
Questions or requests: brasleon6@gmail.com.