Privacy Policy.

Suan Digital LLC, the operator of Naew, is the controller of personal data described in this policy. Reach us at privacy@suan.digital for any privacy-related question.

We collect only what we need to run the service:

• Account data: your email address, the organization you belong to, and your role.
• Cloud account metadata: the identifiers, display names, and read-only credentials you connect (encrypted at rest).
• Billing data from your providers: daily and monthly cost figures, broken down by service and region.
• Subscription data: plan, status, and Stripe customer identifiers (we do not store card numbers).
• Operational logs: request metadata and error traces used to keep the service healthy.

We do not buy data about you, we do not run third-party advertising trackers, and we do not sell your data.

We process the data above to:

• Authenticate you and keep your session secure.
• Fetch and display your cloud spend.
• Send alerts you have configured (e.g. budget thresholds).
• Charge for paid plans through Stripe.
• Diagnose problems and prevent abuse of the service.
• Comply with our legal obligations.

For users in the European Economic Area and the United Kingdom, we rely on the following legal bases: performance of a contract (to deliver the service you signed up for), legitimate interests (to keep the service secure and improve it), and consent (where required, for example for non-essential cookies). You can withdraw consent at any time.

We keep your data for as long as your account is active. If you close your account, we delete or anonymize identifying data within 30 days, except where we are legally required to retain it longer (for example, invoice records for tax purposes).

We use a small set of sub-processors to run the service. Each is bound by a data-processing agreement and processes data only on our instructions:

• Supabase for database, authentication, and storage.
• Stripe for subscription billing and payments.
• Cloud providers you connect (AWS, GCP, Azure, OpenAI, Anthropic, and others). We read billing data from them on your behalf.
• An email delivery provider for magic-link sign-ins, receipts, and alerts you configure.

We may also disclose data when required by law, to enforce our terms, or to protect the rights and safety of our users.

Data is stored in regions operated by our hosting and database providers. Some sub-processors may transfer data internationally; where they do, they rely on standard contractual clauses or equivalent legal mechanisms.

Access tokens and provider credentials are encrypted at rest. Access to production systems is restricted to a small set of authorized personnel and requires strong authentication. We use TLS for all data in transit. No system is perfect, and we will notify affected users in line with applicable law if a breach occurs.

Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing. You can exercise these rights from within Naew or by writing to privacy@suan.digital. You also have the right to lodge a complaint with your local supervisory authority.

We use a small number of strictly necessary cookies to keep you signed in and protect against cross-site request forgery. We do not use advertising cookies or third-party analytics that profile visitors.

Naew is intended for use by adults in a professional context. We do not knowingly collect personal data from children under the age of 16.

If we make a material change, we will give reasonable notice (for example, by email or in-app banner) before it takes effect. The “last updated” date at the top of this page always reflects the current version.

Privacy questions, requests, or complaints? privacy@suan.digital.