Legal
Privacy Policy
Last updated: May 2026
1. Introduction
This Privacy Policy explains how SupplierForge ("we," "us," or "our") collects, uses, and protects personal information when you visit our website at supplierforge.com (the "Website") or interact with our services.
SupplierForge is operated by BoreaTech.
We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Italian Legislative Decree 196/2003 (as amended by Legislative Decree 101/2018), and other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
BoreaTech
Email: [email protected]
3. What Personal Data We Collect
3.1 Contact Form Data
When you submit a demo request or contact us through our Website, we collect:
- Full name
- Company or organization name
- Work email address
- Role or job title (optional)
- Number of suppliers in your organization (optional)
- Message content (optional)
3.2 Automatically Collected Data
When you visit our Website, certain technical data may be automatically collected through our hosting and security infrastructure:
- IP address
- Browser type and version
- Operating system
- Pages visited and time spent on pages
- Referring website
- Date and time of access
This data is collected by Cloudflare, Inc., which provides hosting, content delivery, and security services for our Website.
3.3 Cookies
Our Website uses only strictly necessary cookies placed by Cloudflare for security and performance purposes. These may include:
- __cf_bm: Bot detection and management (expires after 30 minutes of inactivity)
- cf_clearance: Security challenge verification
- __cflb: Load balancing (session-based)
These cookies are essential for the proper functioning and security of the Website and do not track your browsing activity across other websites. We do not use any analytics cookies, advertising cookies, or third-party tracking technologies.
4. How We Use Your Personal Data
We process your personal data for the following purposes:
| Purpose | Data Used | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Responding to your demo requests and inquiries | Contact form data | Art. 6(1)(b): Pre-contractual measures taken at your request |
| Delivering and securing the Website | IP address, browser data, cookies | Art. 6(1)(f): Legitimate interest in website security and performance |
| Communicating with you about our services | Contact form data | Art. 6(1)(f): Legitimate interest in responding to business inquiries |
| Complying with legal obligations | All data as required | Art. 6(1)(c): Legal obligation |
We do not use your personal data for automated decision-making or profiling.
5. How We Share Your Personal Data
We do not sell, rent, or trade your personal data to third parties. We share your data only with the following service providers (data processors), who process data on our behalf and under our instructions:
5.1 Cloudflare, Inc.
- Purpose: Website hosting (Cloudflare Pages), content delivery, security, and DNS
- Data processed: IP addresses, browser information, security cookies
- Location: United States (with global edge network)
- Safeguards: EU-U.S. Data Privacy Framework; Cloudflare's DPA incorporating EU Standard Contractual Clauses
5.2 Resend, Inc.
- Purpose: Transactional email delivery (sending contact form submissions to our team)
- Data processed: Name, email address, and message content from contact form
- Location: United States
- Safeguards: Data Processing Agreement with EU Standard Contractual Clauses
We may also disclose your personal data if required by law, regulation, or legal process, or to protect our rights, property, or safety.
6. International Data Transfers
Your personal data may be transferred to and processed in the United States by our service providers (Cloudflare and Resend). These transfers are protected by:
- The EU-U.S. Data Privacy Framework adequacy decision (adopted July 10, 2023)
- EU Standard Contractual Clauses (SCCs) incorporated into our data processing agreements
- Additional technical and organizational safeguards implemented by our service providers
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy:
- Contact form data: Retained for up to 24 months after your last interaction with us, unless you request earlier deletion
- Automatically collected data (Cloudflare): Retained according to Cloudflare's data retention policies, typically no longer than 72 hours
- Security cookies: Expire as described in Section 3.3 above
After the retention period, your data is securely deleted or anonymized.
8. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR:
- Right of access (Art. 15): Request a copy of the personal data we hold about you
- Right to rectification (Art. 16): Request correction of inaccurate personal data
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to restriction of processing (Art. 18): Request that we limit how we use your data
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interests
- Right to withdraw consent (Art. 7(3)): Where processing is based on consent, withdraw it at any time
To exercise any of these rights, please contact us at:
Email: [email protected]
We will respond to your request within 30 days. If we need more time (up to an additional 60 days), we will inform you of the reason for the delay.
9. Right to Lodge a Complaint
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. For Italy, the competent authority is:
Garante per la Protezione dei Dati Personali
Piazza Venezia 11, 00187 Roma, Italy
Website: garanteprivacy.it
Email: [email protected]
You may also lodge a complaint with the supervisory authority in your country of residence or place of work.
10. Security Measures
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:
- HTTPS encryption (TLS/SSL) for all Website traffic
- Cloudflare security services including DDoS protection and bot management
- Encrypted storage of API keys and credentials
- Access controls limiting who can view submitted contact data
11. Third-Party Links
Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. We encourage you to read the privacy policies of any third-party websites you visit.
12. Children's Privacy
Our Website and services are intended for business professionals and are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will indicate the date of the latest revision at the top of this page. We encourage you to review this Privacy Policy periodically.
Material changes will be communicated through a notice on our Website.
14. Contact Us
If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us:
SupplierForge
Email: [email protected]
General inquiries: [email protected]