Privacy Policy

Effective Date: 19-03-2025

Last Updated: 19-03-2025

SURPLUS SYSTEMS ("we," "our," "us") is committed to safeguarding the privacy of our users ("you," "your") and their clients. This Privacy Policy explains how we collect, use, store, and protect your personal information. By accessing or using our website and services (collectively, the "Service"), you agree to the terms outlined in this Privacy Policy.

1. Information We Collect

We collect the following types of information strictly for providing and enhancing our services:

a) Personal Information (PII)

• Full Name

• Email Address

• Phone Number

• Mailing Address

• Payment Information (e.g., credit card details)

b) Transactional & Usage Data

• Transaction data from invoicing and accounting applications (e.g., QuickBooks, Xero, Clio).

• User-generated content uploaded to the Service.

• Browser and device information, including IP address and site usage statistics.

• Cookies and tracking technologies to improve user experience.

c) Third-Party Client Information

• Any client data entered by users for invoicing or business purposes is strictly

confidential and used only for service-related activities.

d) Additional Data Collection

• Information collected from customer service interactions and surveys.

2. How We Use Your Information

We use collected information for the following purposes under applicable legal bases:

• Contractual Necessity: Providing services, processing transactions, and managing accounts.

• Legitimate Interest: Improving our platform, ensuring security, and preventing fraud.

• Legal Compliance: Meeting regulatory obligations.

• User Consent: Sending marketing communications (you may opt in or out at any time).

3. Strict No-Sharing Policy

SURPLUS SYSTEMS does not sell, rent, or share your personal information with any third party. Your data is used exclusively for the operation of our services.

Exceptions:
We will only disclose your data in the following cases:

• Legal Compliance: If required by law, court order, or subpoena.

• Security Protection: To investigate fraud, security breaches, or violations of our policies.

4. How We Protect Your Information

We implement strict security measures, including:

• Encryption: All sensitive data is encrypted using AES-256 encryption.

• Secure Storage: Data is stored on SOC 2 and ISO 27001 certified servers within the U.S.

• Access Controls: Strict user authentication and administrative access restrictions.

• Regular Audits: Security assessments and monitoring for vulnerabilities.

While we take industry-standard precautions, no system is entirely secure. By using our Service, you acknowledge that we cannot guarantee absolute data security.

5. Data Retention & Deletion

We retain your personal information only as long as necessary for:

• Providing services.

• Compliance with legal obligations.

• Resolving disputes and enforcing agreements.

Your Data Deletion Rights:

• You may request deletion of your account and data by contacting us at [email protected].

• Certain legal and regulatory requirements may require us to retain some data for a specific period.

6. Your Rights & Choices

• Access & Updates: You can review and update your information by logging into your account.
• Data Deletion: You may request account deletion, subject to applicable laws.

• Marketing Preferences: Opt-in and opt-out options are available for promotional emails.

• Cookies: Manage cookie preferences in your browser settings.

• Data Portability: You may request a copy of your data in a structured format.

• Right to Lodge a Complaint: If you believe we have not complied with data protection laws, you may contact the appropriate data protection authority.

7. Cookies & Tracking Technologies

We use cookies for:
• Essential Functionality: Remembering your login details and improving user experience.
• Analytics & Performance: Collecting usage data to optimize our Service.
• Marketing & Retargeting: If applicable, cookies may be used for personalized advertising.

You can manage or disable cookies through your browser settings. If required under applicable law (e.g., GDPR), you may be prompted to provide consent before certain tracking technologies are used.

8. Compliance with GDPR & CCPA

SURPLUS SYSTEMS complies with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) where applicable. This ensures that users have full control over their personal data, including the right to access, rectify, delete, or restrict processing of their data.

9. Children’s Privacy

Our Service is not intended for individuals under 18. We do not knowingly collect data from minors. If discovered, such data will be deleted immediately. If you believe we have collected a minor's information, please contact us.

10. Links to External Websites

Our website may contain links to third-party sites. SURPLUS SYSTEMS is not responsible for their privacy policies. Users should review external policies before sharing information.

11. Data Breach Notification

In case of a data breach, affected users will be notified promptly via email or as required by law.

12. International Data Transfers

If you access our services from outside the U.S., your data may be processed and stored in the U.S. By using our services, you consent to such data transfers, subject to applicable protections.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any changes will be posted here, and continued use of our Service indicates acceptance of the updated policy.

14. Contact Us

For privacy-related inquiries, contact:

Customer Support Team

SURPLUS SYSTEMS

[email protected].