Privacy Policy

Last updated: April 21, 2026

1. Introduction

SupCMMS ("we", "our", or "us") operates the SupCMMS maintenance management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By using SupCMMS you agree to the practices described here.

2. Information We Collect

We collect information in the following ways:

  • Account data: When you register, we collect your name, email address, and organization name.
  • Usage data: Work orders, assets, maintenance records, inventory, and other content you create inside the app.
  • Files and media: Photos, documents, and attachments you upload to work orders or assets.
  • Communication data: Messages you send via our contact form or support ticketing system.
  • Technical data: IP addresses, browser type, device identifiers, and usage logs collected automatically when you use the service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the SupCMMS platform.
  • Send transactional emails (work order notifications, password resets, invitations).
  • Respond to support requests and contact form submissions.
  • Monitor platform health, security, and abuse prevention.
  • Comply with legal obligations.

4. Legal Basis for Processing

We process your personal data under one or more of the following legal bases, depending on the activity and, where applicable, the protections required under the GDPR:

  • Contractual necessity — to deliver the Service you have subscribed to (for example, hosting your work orders and sending transactional emails).
  • Legitimate interest — to secure the platform, prevent abuse, and improve the Service, provided these interests do not override your fundamental rights.
  • Consent — where you have explicitly opted in (for example, to receive optional communications). You may withdraw your consent at any time.
  • Legal obligation — where processing is required to comply with applicable law (such as tax, accounting, or responding to lawful requests from authorities).

5. Data Storage and Security

Your data is stored on Supabase-managed PostgreSQL databases hosted on AWS infrastructure. Files are stored in Supabase Storage (S3-compatible). Data is encrypted in transit (TLS) and at rest. We implement row-level security (RLS) policies to enforce tenant data isolation — no tenant can access another tenant's data.

Despite our safeguards, no transmission or storage system is 100% secure. If you believe your data has been compromised, contact us immediately at hello@supcmms.com.

6. Cookies

SupCMMS uses cookies and similar technologies for:

  • Authentication: Session tokens stored in cookies to keep you logged in.
  • Preferences: A NEXT_LOCALE cookie stores your language preference (1-year expiry).

We do not use third-party advertising cookies, tracking pixels, or analytics cookies. You can disable cookies in your browser settings, but some features (such as staying logged in) will not function without them.

7. Third-Party Services

We share data with the following third-party providers solely to operate the service:

  • Supabase — database, authentication, and file storage.
  • Mailjet — transactional email delivery (work order notifications, invitations, password resets).
  • Vercel — hosting and edge infrastructure.
  • Paddle — payment processing, invoicing, and tax handling for paid plans.

Each provider has their own privacy policy governing their handling of your data. We do not sell your personal data to third parties.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. If you close your account, your data will be deleted within 30 days, except where retention is required by applicable law.

9. International Data Transfers

SupCMMS is operated from the Republic of Serbia, and our infrastructure providers (Supabase on AWS, Vercel) may process your data in data centers located outside your country of residence, including in the European Union and the United States. Where data is transferred outside your jurisdiction, we rely on our providers' contractual safeguards — including Standard Contractual Clauses where applicable — to protect the data.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Deletion — request deletion of your data, subject to legal retention obligations.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing that relies on legitimate interest.
  • Complaint — lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at hello@supcmms.com. We will respond within 30 days.

11. Children's Privacy

SupCMMS is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance.

13. Contact Us

Questions about this Privacy Policy? Contact us at hello@supcmms.com or via our contact form.