Privacy Policy.

Suan Digital LLC, a Delaware limited liability company, operates Naew and is the controller of personal data described here. When you use Naew as part of an organization, that organization is the controller of personal data about its members and we process it under the Data Processing Addendum. Contact: [email protected].

• Account data: email, the organization you belong to, your role.
• Cloud account metadata: identifiers, display names, and read-only credentials you connect (encrypted at rest).
• Billing data from your providers: daily and monthly cost figures by service and region.
• Subscription data: plan, status, and Stripe customer identifiers. We never store card numbers.
• Operational logs: request metadata and error traces used to keep the service healthy.

We do not buy data about you, run ad trackers, or sell your data.

To authenticate you, fetch and display your cloud spend, send the alerts you configure, charge for paid plans through Stripe, and keep the service secure. For users in the EEA and UK, the legal bases are performance of a contract and our legitimate interest in operating the service securely; consent applies only where required.

Most identifying data is deleted or anonymized within 30 days of account closure. A few categories are kept longer:

• Billing records and invoices: up to seven years for tax and accounting.
• Security and audit logs: up to 12 months for abuse and incident investigations.
• Backups: rotated on the standard schedule of our hosting provider; residual copies purged within 90 days.

A small set of sub-processors, each bound by data-protection terms and processing only on our instructions. Current list: /legal/sub-processors. Cloud providers you connect (AWS, GCP, Azure, OpenAI, Anthropic, and others) are your own vendors, not ours; we read billing data from them using credentials you supply. We may also disclose data when required by law.

Personal data is stored and processed in the United States. For transfers from the EEA, the UK, or Switzerland to countries without an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable). Details in the DPA.

Credentials are encrypted at rest in Supabase Vault. Production access requires strong authentication and is limited to named personnel. TLS is required in transit. If we confirm a personal-data breach affecting you, we will notify you within 72 hours of confirmation. More at /legal/security.

Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing. Exercise these from within Naew or by emailing [email protected]. EEA/UK/Swiss residents also have the right to lodge a complaint with their local supervisory authority.

Categories we collect are listed in § 02. We do not “sell” or “share” personal information as the CCPA defines those terms, and we do not use sensitive personal information for purposes that would require additional disclosure. You have the right to know, to delete, to correct, and to be free from retaliation. Submit a verifiable request to [email protected] from the email on your account.

We set two strictly necessary cookies and use no third-party trackers:

• Supabase Auth tokens: keep you signed in across page loads.
• naew_org: remembers which organization is active when you belong to more than one.

Because nothing optional is set, Do Not Track and Global Privacy Control signals have no behavior to disable - the answer is already “no” for everyone.

Naew is intended for adults in a professional context. We do not knowingly collect personal data from children under 16 (or under 13 in the United States, per COPPA).