We take the security of your data seriously. As a Sugester user, you are the data controller for your customers, contractors and employees. Sugester acts as the data processor — we process data solely on your behalf, under a data processing agreement.
All connections to Sugester servers are encrypted using SSL/TLS. Data transmitted between your browser and our servers is protected against interception.
You can enable two-step login verification using Google Authenticator or any compatible app. Even if your password is leaked, your account remains secure.
The system logs all security-related events: logins, password changes, data exports, deletions. Account administrators have access to the full event log.
We perform regular backups of all data. Backups are stored in encrypted form on separate servers. In the event of a failure, we are able to restore your data.
Account administrators can define roles and permissions for individual users. Each employee sees only the data they have been granted access to. You can restrict access to modules, departments and individual features.
Sugester allows permanent deletion of a contact's data upon their request — in accordance with Article 17 GDPR. The "forget contact" feature removes personal data from the system, retaining only anonymised information required for accounting and tax purposes.
Any administrator can export all data from the system at any time — contacts, tickets, tasks, emails, files. Data is exported in standard formats (CSV, JSON), making it easy to transfer to another system.
Sugester servers are located in data centres within the European Union. Data is not transferred outside the EEA without the appropriate safeguards required by the GDPR.
Access to data is limited to authorised employees of Sugester sp. z o.o. who are bound by confidentiality obligations. Data is processed solely for the purpose of providing the service. We do not share personal data with third parties for marketing purposes.
No. The data processing agreement forms part of the Terms of Service (§12). By accepting the terms at registration, you simultaneously enter into a data processing agreement in accordance with Article 28 GDPR.
After account deactivation you have 7 days to restore it. After that period the account and all data are permanently deleted. Backups containing account data are removed within 30 days.
As an administrator you have full access to all data in the Sugester panel. You can browse, export and modify it at any time. If you need additional information about processing, please contact our Data Protection Officer.
The main infrastructure is located in the EU. When using integrations (e.g. SMS sending, calendar synchronisation), data may be transferred to entities in third countries, but only on the basis of appropriate safeguards (standard contractual clauses, adequacy decisions).
Data Protection Officer: [email protected]
General enquiries: [email protected]
Sugester sp. z o.o., ul. Smulikowskiego 6/8, 00-389 Warszawa
The full data processing policy can be found in the Terms of Service (§12–§19).
Many companies store their customers' data in several different places at once: email with one provider, email marketing with another service, documents scattered across various applications and CRM data on yet other servers. This setup creates chaos and makes it difficult to manage personal data as required by the GDPR. Sugester lets you consolidate all this information in one secure location — which significantly simplifies demonstrating the purpose of processing and the consents obtained.
With Sugester, if a customer asks how you process their data, you will be able to immediately provide the necessary information. If they wish to exercise the right to be forgotten and request deletion of their data — you can do it quickly and securely. By keeping customer and contractor data in a system secured with SSL encryption and requiring login, you minimise the risk of it falling into the wrong hands.
Under the GDPR, you are the data controller for the data you entrust to us — it is you who decides the purposes and means of processing the personal data entered into the system. Sugester acts as the data processor: we process data solely on your behalf and at your instruction, under a data processing agreement.
As a processor, Sugester stores data on Amazon AWS servers located within the European Union, meeting the requirements for data transfers outside the EEA. All data stored by Sugester is backed up daily, and backups are kept on servers in the European Economic Area. In the event of accidental data loss, we can restore a specific backup from a requested date and time upon your request.
In line with the principles of the GDPR, Sugester gives you full control over your data: you can edit, export or delete it at any time. Data export to XLS or CSV files is available for customers, contacts, tickets and email campaigns — your data always belongs to you. If you stop using Sugester's services, you can request permanent deletion of all data from our servers.
In the event of a personal data breach, Sugester is obliged to inform you of the incident without undue delay — in accordance with Articles 33 and 34 GDPR. You also have the right to obtain from us information about what data we process, for what purpose and on what legal basis.
