Privacy Policy

Last updated: February 28, 2026

1. Data Controller

The data controller responsible for your personal data is:

Souppe
Tel Aviv, Israel
Email: [email protected]

2. What You Share With Us

The only way we collect personal data is through our contact form. When you submit it, we receive:

  • Your name
  • Your email address
  • Your message
  • Your company or organization, if you choose to provide it
  • Your IP address, which we use solely for rate limiting and security

Name, email and message are required to submit the form. Without them, we have no way to get back to you.

3. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the GDPR:

  • Legitimate interest (Article 6(1)(f)) - to respond to your inquiry, schedule follow-up calls and provide information about our services. Our legitimate interest is to communicate with prospective users who have contacted us directly.
  • Legal obligation (Article 6(1)(c)) - to comply with applicable laws and regulations.
  • Consent (Article 6(1)(a)) - for any marketing communications, which we will only send with your explicit prior consent.

4. What We Do With It

Three things, and only these three:

  • Reply to your message
  • Schedule a follow-up call or demonstration if you're interested
  • Rate-limit submissions to prevent abuse

We will never send you marketing emails unless you explicitly ask us to. We do not run automated decision-making or profiling on any data you provide.

5. Data Storage and Retention

Contact form submissions are stored in a secure database on servers located within the European Union. Access is restricted to authorized Souppe team members.

We retain your personal data for 24 months from the date of your last interaction with us. After this period, your data is permanently deleted unless we are required by law to retain it longer. You may request earlier deletion at any time (see Section 8).

6. International Data Transfers

Your data is stored on servers within the European Union. Souppe operates from Israel, which has been granted an adequacy decision by the European Commission, meaning the European Commission recognizes Israel as providing an adequate level of data protection. Your data is not transferred to countries without adequate data protection safeguards.

7. Third-Party Sharing

We do not sell, trade or share your personal information with third parties. We may share information only if required by law or to protect our legal rights.

8. Your Control Over Your Data

If you are in the European Economic Area, you can ask us to do any of the following at any time:

  • See it (Article 15) - get a copy of everything we hold about you.
  • Fix it (Article 16) - correct anything that's inaccurate or incomplete.
  • Delete it (Article 17) - have your data permanently removed.
  • Limit it (Article 18) - restrict how we use your data while a concern is resolved.
  • Move it (Article 20) - receive your data in a structured, machine-readable format.
  • Object (Article 21) - challenge our processing when it's based on legitimate interest.
  • Withdraw consent (Article 7(3)) - take back consent at any time, for any reason.

Email [email protected] and we will respond within 30 days.

If you believe we are not handling your data properly, you have the right to lodge a complaint with your local data protection authority. A directory of EU authorities is available at the European Data Protection Board website.

9. Cookies and Analytics

souppe.ai does not use cookies. We operate a first-party analytics system that records anonymous page view data to understand how visitors use our website. This system collects page paths, referrer URLs, device type, browser, operating system, screen dimensions and approximate geographic location (country and city, derived from your IP address). Your IP address is hashed using SHA-256 and the raw IP is never stored. Session identifiers are kept in your browser's sessionStorage (cleared when you close the tab) and are not shared with any third party. No personal data is collected, no cross-site tracking occurs and no data is sent to external analytics services.

10. Security

We implement appropriate technical and organizational measures to protect your personal information, including encrypted data transmission, access controls and secure storage. However, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. If we make material changes that affect how we process your personal data, we will provide prominent notice on our website.

12. Contact

For questions about this privacy policy or to exercise your data protection rights, contact us at [email protected].