Privacy Policy

This Privacy Policy explains how SuiteDash Services, LLC (“SuiteDash,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you visit our website, interact with us, and use our services.

It also explains your privacy rights and how applicable law protects you.

Please read this Privacy Policy together with our Terms of Service and any other privacy notices we may provide.

This Privacy Policy was last updated on May 2, 2026.

Data Privacy Framework

SuiteDash Services, LLC participates in and complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, with respect to personal data received from the EU, UK, and Switzerland. This coverage extends to SuiteDash’s covered affiliates, SuiteDash, Inc. and My Portal App, LLC. For full details — including coverage of HR data, the independent recourse mechanism, and onward transfer obligations — please see our Data Privacy Framework Notice. SuiteDash’s certification can be viewed on the U.S. Department of Commerce’s Data Privacy Framework List at https://www.dataprivacyframework.gov/list.

1. Who We Are

1.1 Data Controller. SuiteDash Services, LLC, a Delaware limited liability company with its principal place of business at 1321 Upland Drive STE 6351, Houston, TX 77043, is the data controller responsible for personal data processed by or on behalf of SuiteDash. Throughout this Privacy Policy, “SuiteDash,” “we,” “us,” and “our” refer to SuiteDash Services, LLC.

1.2 Affiliates. SuiteDash’s affiliates may process personal data on SuiteDash’s behalf in connection with the operation of the Services, including the entities that own SuiteDash’s intellectual property and operate SuiteDash’s infrastructure. Such processing is governed by intercompany agreements that impose data protection obligations equivalent to those described in this Privacy Policy.

1.3 Scope. This Privacy Policy applies to www.suitedash.com, app.suitedash.com, help.suitedash.com, su1te.com, and any subdomains, related URLs, mobile applications, and the SuiteDash Platform. The Services are not intended for children under 13, and we do not knowingly collect personal data from children under 13.

2. Personal Data We Collect

2.1 Categories. We collect the following categories of personal data:

Identity Data: title, first name, last name, username or similar identifier, and an encrypted version of your login credentials.
Contact Data: billing address, delivery address, phone number, and email address.
Financial Data: encrypted token data linking your account to your payment method, which is stored by our third-party payment processors (Braintree and Stripe).
Transaction Data: details of payments to and from you and other details of products and services you have purchased from us.
Profile Data: username and password, purchases or orders made by you, preferences, feedback, and survey responses.
Technical Data: IP address, login data, browser type and version, time zone, location, browser plug-ins, operating system, and other device technology.
Usage Data: information about how you use our website, products, and services.
Tracking Data: information collected via cookies, web beacons, pixels, mobile identifiers, and similar technologies.
Marketing and Communications Data: preferences in receiving marketing and communication preferences.

2.2 Special Categories. We do not collect Special Categories of Personal Data (race, ethnicity, religious beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, or genetic and biometric data) about you. If you choose to upload such data into your portal or otherwise submit it through the Services, we will treat it as ordinary personal data and we will not be able to identify or specially handle it. Protected Health Information is governed by Section 5.

2.3 Aggregated Data. We may aggregate or anonymize personal data so that it can no longer be associated with you. Aggregated data is not personal data. If we combine aggregated data with personal data such that you can be identified, we treat the combined data as personal data.

3. How We Collect Personal Data

3.1 Direct Interactions. You provide personal data when you sign up for a free trial, subscribe to paid services, submit a contact or support form, sign up for a webinar, contact customer service, leave reviews, or otherwise correspond with us.

3.2 Automated Technologies. As you interact with the Services, we automatically collect Technical Data and Usage Data via cookies, server logs, and similar technologies.

3.3 Third Parties. We may receive personal data from analytics providers, advertising networks, payment and fraud prevention providers, data partners, and other third parties permitted by law to share your data with us.

4. How We Use Personal Data

We use personal data to:

Provide, operate, secure, and improve the Services;
Process payments and manage subscriptions;
Authenticate users and protect against fraud and abuse;
Communicate with you about your account, support requests, and Service updates;
Send marketing communications where permitted by law and where you have not opted out;
Comply with legal obligations and enforce our agreements;
Conduct research, analytics, and product development.

We do not sell your personal data, and we do not share your personal data with third parties for their own marketing purposes without your consent.

5. Protected Health Information (HIPAA)

5.1 Capability. SuiteDash is HIPAA-capable but not HIPAA-by-default. The SuiteDash platform may be used to store, transmit, and process Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) only by customers who have first executed a Business Associate Agreement (“BAA”) with SuiteDash.

5.2 Required BAA. If you are a Covered Entity or Business Associate as defined under HIPAA and intend to use the Services in connection with PHI, you must request and execute a BAA with SuiteDash before doing so. PHI handled under an executed BAA is governed by the terms of that BAA, which controls in the event of any conflict with this Privacy Policy with respect to PHI.

5.3 Without a BAA. For users who have not executed a BAA with SuiteDash, you agree not to store, transmit, or process PHI on or through the Services. SuiteDash has no obligation to monitor user content for PHI, and any submission of PHI without an executed BAA is at your sole risk and liability and is governed by this Privacy Policy and the Terms of Service as ordinary personal data.

6. Data Security

6.1 Safeguards. We implement administrative, physical, and technical safeguards designed to protect personal data from unauthorized access, disclosure, alteration, and destruction. These safeguards include encryption of data in transit and at rest using industry-standard methods, access controls limiting access to personal data on a need-to-know basis, audit logging, multi-factor authentication for administrative access, and regular review of security controls.

6.2 No Absolute Security. No method of electronic transmission or storage is completely secure. While we use commercially reasonable efforts to protect your personal data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6.3 Security Incidents. In the event of a security incident affecting your personal data, we will notify you without undue delay in accordance with applicable law.

7. Data Retention

7.1 Active Accounts. We retain personal data for as long as your account is active and as needed to provide the Services.

7.2 Free Trials. Data from inactive free trial accounts is deleted approximately 3 months after inactivity begins.

7.3 Paid Accounts. Data from cancelled or expired paid accounts is retained for approximately 12 months following cancellation or expiration, after which it is deleted unless the account is reactivated.

7.4 Legal Obligations. We may retain personal data longer where required by law or for the establishment, exercise, or defense of legal claims.

7.5 Backups. We may retain residual copies in routine system backups for a limited period after deletion.

8. Data Storage and Subprocessors

8.1 Storage. SuiteDash uses third-party vendors and hosting partners to provide the necessary infrastructure to operate the Services. Although SuiteDash owns the code, databases, and all rights to the SuiteDash applications, you retain all rights to your data.

8.2 Subprocessors. We engage the following third-party subprocessors. We enter into data processing agreements with each subprocessor that extend appropriate data protection safeguards.

Amazon Web Services — cloud infrastructure
Braintree — payment processing
Stripe — payment processing
Google Analytics — web analytics
Postmark — email delivery
HelpScout — help desk software
FirstPromoter — referral tracking
Cloudflare — security and performance

This list is current as of the effective date and may be updated. Material changes will be reflected in updates to this Privacy Policy.

9. International Data Transfers and Data Privacy Frameworks

9.1 Operation from the United States. The Services are operated from the United States. By using the Services, you consent to the transfer, storage, and processing of your data in the United States and in any other country where our subprocessors operate.

9.2 Data Privacy Framework Certification. SuiteDash complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as administered by the U.S. Department of Commerce. SuiteDash has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles. SuiteDash’s commitment to these Frameworks extends to and is adhered to by all entities and subsidiaries, including SuiteDash Services, LLC, SuiteDash, Inc., and My Portal App, LLC.

9.3 Conflict. If there is any conflict between this Privacy Policy and the EU-U.S. DPF Principles or Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework program and view our certification, please visit https://www.dataprivacyframework.gov.

9.4 FTC Authority. With respect to personal data received under the Data Privacy Frameworks, SuiteDash is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

9.5 Onward Transfers. SuiteDash remains responsible and liable under the Data Privacy Framework Principles if third-party agents we engage to process personal data on our behalf do so in a manner inconsistent with the Principles, unless we prove we are not responsible for the event giving rise to the damage.

9.6 HR Data Coverage. SuiteDash’s DPF certification covers both Non-HR data and HR data. SuiteDash does not have employees in the EU/EEA, UK, or Switzerland and does not receive HR data from European entities in the context of its own employment relationships. HR data coverage applies where SuiteDash’s customers use the Services to manage their own staff. In such cases, SuiteDash acts strictly as a data processor on behalf of those customers, who serve as data controllers. For HR data, SuiteDash commits to cooperate with the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, and to comply with the advice given by such authorities. See our DPF Notice for full details.

10. Your Privacy Rights

10.1 GDPR and UK GDPR. If you are located in the EU, EEA, or UK, you have the following rights:

Right of Access
Right to Correction
Right to Erasure
Right to Restrict Processing
Right to Object
Right to Data Portability
Right to Lodge a Complaint with a Supervisory Authority
Right not to be Subject to Automated Decision-Making

10.2 California (CCPA/CPRA). If you are a California resident, you have the right to know what personal data we collect, the right to delete personal data, the right to correct inaccurate personal data, the right to opt out of any sale or sharing of personal data, the right to limit use of sensitive personal information, and the right to non-discrimination for exercising these rights. We do not sell personal data.

10.3 Other U.S. States. Residents of other U.S. states with applicable privacy laws have similar rights, which we honor in accordance with applicable law.

10.4 How to Exercise. Many of these rights can be exercised by signing in and updating your account directly. To exercise other rights, contact us at [email protected]. We may need to verify your identity before fulfilling your request and will respond within the timeframes required by applicable law.

11. EU, UK, and Swiss Privacy Complaints

In compliance with the Data Privacy Framework Principles, SuiteDash commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. EU, UK, and Swiss individuals with DPF inquiries or complaints should first contact SuiteDash at [email protected].

SuiteDash has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to BBB National Programs, a U.S.-based independent dispute resolution mechanism. If you do not receive timely acknowledgment of your complaint or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers. This service is provided free of charge.

If your DPF complaint cannot be resolved through the above channels, under certain conditions you may invoke binding arbitration for residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

12. Cookies and Tracking

A cookie is a small data file sent from a website’s server and stored on your device. Cookies are required to use the SuiteDash services. We use cookies to record current session information. We also use similar technologies including pixels, web beacons, and local storage. For more information, please see our Cookie Policy.

13. Law Enforcement and Legal Disclosures

While we may be required to disclose your personal information in response to a lawful request by public authorities (including to meet national security or law enforcement requirements), SuiteDash will not otherwise disclose data to law enforcement unless a court order requires it. We reject requests from local and federal law enforcement that seek data without a court order. Unless legally prevented from doing so, we will inform you when such requests are made.

14. Business Transfers

If SuiteDash is acquired by or merged with another company, or if we sell substantially all of our assets, we may transfer your personal data to the acquirer. We will notify you of any such transfer and any changes to applicable privacy practices.

15. Notice of Non-Affiliation

On suitedash.com, we make comparative references to other software products only for the purpose of market comparison. We are not affiliated with, associated with, authorized, endorsed by, or in any way officially connected with these products or their owners. Names, marks, emblems, and images of third-party products are registered trademarks of their respective owners.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by sending notice to the primary email address on your account or by posting a prominent notice on the Site. Your continued use of the Services after the effective date of any change constitutes acceptance.