← Back to Home

Privacy Policy

Last Updated: February 16, 2024

1. Introduction

This Privacy Policy describes the privacy practices of SUS Labs Inc. ("SUS", "we", "us", or "our") and how we collect, use and disclose information about individuals who use our mobile application and related services (collectively, the "Services").

SUS is the data controller responsible for the processing of your personal information. If you have any questions about this Privacy Policy or would like to exercise your rights, contact us at privacy@trysus.link.

By using the Services, you agree to the collection, use, storage, processing, disclosure and cross-border transfer of your information as described in this Privacy Policy. If you do not agree, please do not use the Services.

2. How SUS Works

SUS is an anonymous social platform that allows users to:

  • Create and join anonymous groups via shareable links
  • Create "subjects" (topics, people, or questions) for discussion within groups
  • Post anonymous messages and comments
  • Create and participate in anonymous polls
  • Send anonymous voice notes (Pro feature)

We do not require users to provide names, email addresses, or phone numbers. We collect limited technical information such as IP address and device identifiers necessary to operate and secure the service. We may disclose information when required by law.

3. Information We Collect

3.1 Information You Provide

  • Group content: Group names, descriptions, and settings you create
  • Subject content: Topics, names, or questions you create for discussion
  • Messages and comments: Anonymous content you post in subjects
  • Poll responses: Your anonymous votes and poll creations
  • Voice notes: Anonymous audio messages (Pro users only)
  • Profile pictures: Optional images you upload (if applicable)

3.2 Information Automatically Collected

We and our service providers automatically collect the following information:

  • Device information: Operating system type and version, device manufacturer and model, browser type, screen resolution, device type (phone/tablet), language settings, mobile carrier
  • Device identifiers: Unique device identifiers, advertising identifiers (IDFA/AAID), and anonymous identifiers we generate
  • IP address: Your IP address for security, fraud prevention, and approximate location (city/state level only)
  • Usage data: Pages viewed, features used, time spent, interaction patterns, crash reports, performance data
  • Location data: Approximate location derived from IP address (city, state, or geographic area - not precise GPS)

3.3 Information from Third Parties

We receive analytics data from:

  • Analytics providers: Google Analytics, Firebase Analytics (usage patterns, app performance)
  • Payment processors: Apple App Store, Google Play Store (subscription status, transaction data)
  • Content moderation services: AI moderation providers for safety (content analysis only, not identity)

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal information based on the following legal grounds:

  • Contractual necessity: To provide the Services you requested
  • Legitimate interests: To improve the Services, prevent fraud, ensure security, and analyze usage
  • Consent: Where required by law (e.g., analytics cookies)
  • Legal obligation: To comply with applicable laws and regulations

5. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Services
  • Enable anonymous group discussions and interactions
  • Process subscription payments and manage accounts
  • Detect and prevent abuse, spam, fraud, and harmful content
  • Enforce our Terms of Service and Community Guidelines
  • Provide customer support and respond to inquiries
  • Analyze usage patterns and optimize performance
  • Send service-related notifications
  • Comply with legal obligations and protect our rights

6. Content Moderation and Safety

To protect user safety and comply with our Terms of Service, we employ:

  • AI-powered content moderation: Automated systems scan content for harmful, abusive, or illegal material
  • User reporting: Users can report content that violates our policies
  • Human review: Reported content may be reviewed by our moderation team

Content moderation does not involve revealing user identities. We analyze content patterns, not individual identities.

7. How We Share Your Information

We may share your information with:

7.1 Service Providers

Third parties who help us operate the Services, including:

  • Cloud hosting providers (AWS, Google Cloud)
  • Analytics providers (Google Analytics, Firebase)
  • Content moderation services
  • Payment processors (Apple, Google)
  • Customer support tools

7.2 Legal Requirements

SUS may disclose user information in response to valid legal requests including subpoenas, court orders, or law enforcement investigations. We may disclose information when required by law, court order, or to:

  • Comply with legal obligations
  • Respond to law enforcement requests
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activity
  • Enforce our Terms of Service

7.3 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you of any such change.

We do not sell your personal information to third parties.

8. Data Retention

We retain your information as follows:

  • Free tier groups: Deleted 7 days after creation
  • Pro subscription groups: Retained while subscription is active, deleted 30 days after cancellation
  • Messages and content: Deleted when parent group is deleted
  • IP address logs: Retained for 90 days for security purposes
  • Analytics data: Aggregated and anonymized after 26 months
  • Backup data: Retained for 30 days, then permanently deleted
  • Legal hold data: Retained as required by law or ongoing legal matters

9. Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Access controls and authentication
  • Regular security audits
  • Incident response procedures

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect information from children under 18. If we learn that we have collected information from a child under 18, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with information, contact us at privacy@trysus.link.

11. Your Rights and Choices

Depending on your location, you may have the following rights:

11.1 Access and Portability

Request access to your personal information and receive a copy in a portable format.

11.2 Correction

Request correction of inaccurate or incomplete information.

11.3 Deletion

Request deletion of your personal information, subject to legal retention requirements.

11.4 Objection and Restriction

Object to processing or request restriction of processing in certain circumstances.

11.5 Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time.

11.6 Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority.

To exercise these rights, contact us at privacy@trysus.link. We will respond within 30 days.

12. International Transfers

Our servers are located in the United States. Your information may be transferred to and processed in countries other than your own, including the United States, which may have different data protection laws.

For transfers from the EEA, UK, and Switzerland, we rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Your explicit consent where required

13. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or shared
  • Right to opt-out of sale (we do not sell personal information)
  • Right to deletion
  • Right to non-discrimination for exercising privacy rights

To exercise these rights, email privacy@trysus.link or call 1-800-SUS-PRIV.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Updating the "Last Updated" date
  • Posting a notice in the app
  • Sending an in-app notification for significant changes

Continued use of the Services after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

SUS Labs Inc.
Email: privacy@trysus.link
Address: 123 Anonymous Ave, San Francisco, CA 94102
Phone: 1-800-SUS-PRIV

EU Representative:
Email: eu-privacy@trysus.link