<img src="https://ws.zoominfo.com/pixel/615750b99f3554001334ec79" width="1" height="1" style="display: none;">
Request a Demo

 

Privacy Policy

Last updated: 01/27/2026

Suralink, Inc. (“Suralink,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it. This Privacy Policy explains the types of information we collect when you visit www.suralink.com or any subdomain of suralink.com (collectively, the “Site”) or use the services we make available through the Site (collectively, the “Service”). It also describes how we use and share that information, the rights and choices available to you, and how we safeguard the information we process.

By using the Site or the Service, you acknowledge that you have read and understand this Privacy Policy. If you do not agree with our practices, you should not use the Site or the Service.

We may update this Privacy Policy from time to time. If we make changes, we will update the “Last Updated” date above and post the updated policy on this page, and in the case of material changes where we deem it appropriate in our discretion, we may also provide additional notice such as email notifications or in-product messaging.

If you have questions about this Privacy Policy or our privacy practices, you may contact us at support@suralink.com or by mail at:

Suralink, Inc.
Attn: Privacy
10 Exchange Place, Suite 300
Salt Lake City, Utah 84111 USA

Table of Contents

    1. 1. Use of the Service by Suralink and Our Customers
    2. 2. Information We Collect
    3. 3. How We Use Information We Collect
    4. 4. How We Share Information We Collect
    5. 5. International Transfer of Information
    6. 6. Cookies and Similar Technologies
    7. 7. How to Access & Control Your Personal Data
    8. 8. Legal Basis for Processing of Personal Data
    9. 9.  EU/UK/Swiss Representatives
    10. 10. California Consumer Privacy Act (CCPA)
    11. 11. Updates to This Policy

1. Use of the Service by Suralink and Our Customers

The Suralink Service

The Service enables organizations to upload and store documents, create and manage requests, exchange documents, and collaborate with others. Information submitted to the Service by customers or their authorized users is stored and processed on Suralink’s service providers’ systems in accordance with our agreements with those customers.

Use by Suralink

We use the Service ourselves for internal business purposes, such as requesting and exchanging documents with customers, partners, and vendors. When we use the Service in this way, we act as the controller of the information we collect, and such information is handled in accordance with this Privacy Policy.

Use by Our Customers

Customers of ours use the Service to upload, collect (including, for certain Services we offer, from their clients, with their client’s knowledge and permission), manage, and share information, including potentially Personal Information (as hereinafter defined). In doing so, customers act as the controllers of the data they submit to the Service. Suralink processes that information only on behalf of and in accordance with our agreements with our customers.

We do not control the types of information customers choose to submit to the Service, nor how they classify, use, or manage that information. Customers are responsible for ensuring that their use of the Service complies with applicable laws and for providing any necessary notices or obtaining any necessary consents from individuals whose information they process through the Service.

We generally have no direct relationship with the individuals whose Personal Information customers upload or manage through the Service. Individuals seeking to access, correct, or delete Personal Information of theirs submitted by a customer should direct their request to that customer. If we receive a request from such an individual, we will refer the request to the appropriate customer and assist the customer in fulfilling the request where and to the extent required by our agreements or applicable law.

Suralink may disclose or transfer customer data to subprocessors and service providers that support the operation and delivery of the Service, consistent with our contractual obligations to our customers. Transfers to subsequent third parties are governed by the service agreements in place with our customers.

2. Information We Collect

When You Visit our Site

You are free to explore the Site without providing any Personal Information about yourself. When you visit the Site we collect usage and device information and we may request (but do not require) that you provide Personal Information about yourself. When you register for the Service, we collect usage and device information, and we may request and/or may require Personal Information about you.

Personal Information

“Personal Information” as used herein refers to any information that you voluntarily submit to us and that is defined as “Personal Data” or “Personal Information” under any applicable state, national, international, or regional data privacy law, including the GDPR and the CCPA (each discussed below) including any information that identifies you personally, including contact information, such as your name, e-mail address (other than a generic business email address), address, phone number, and other information about yourself. Personal Information also refers to any such information that our customers may submit to us about you by using the Service (e.g., Personal Information embedded in documents uploaded by Customers or clients of Customers). Personal Information can also include information about any transactions, both free and paid, that you enter into on the Site, and information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.

Personal Information also includes usage, device, and payment information where such information can directly or indirectly identify an individual. We do not intentionally collect sensitive information for our own business purposes. Customers may upload sensitive information to the Service at their discretion, and Suralink processes such information solely on their behalf. For information uploaded or submitted by customers through the Service, the customer acts as the controller and determines what information to submit.

If you subscribe to the Service, your payment card information (which constitutes Personal Information) is processed by our PCI-compliant payment processor. We do not store full payment card numbers or security codes; our processor may store limited card details (such as last four digits and expiration date) for billing purposes.

Log Files

When you use the Site or the Service, we automatically collect log and usage information about your device and interactions with the Service. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our Site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. This information is used by Suralink for the operation of the Service, to maintain quality of the Service, and to provide general statistics regarding use of the Site. We may associate this information with your account where necessary or useful to operate, secure, or improve the Service.

Information About Children

The Site and Service are not intended for or targeted at children under 18, and we do not knowingly or intentionally collect information about children under 18. If you believe we have collected Personal Information from a child under 18, please contact us at support@suralink.com and we will delete the information if and as required by applicable law.

3. How We Use Information We Collect

We Do Not Sell Personal Information

We do not ‘sell’ or ‘share’ your Personal Information, as those terms are defined under applicable U.S. state privacy laws.

Use of Personal Information

In addition to the uses identified elsewhere in this Privacy Policy, we may use your Personal Information to:

  • Provide the Service (which may include the detection, prevention, and resolution of security and technical issues);
  • Communicate with you about your account, billing, and administrative matters;
  • Respond to your requests, questions, and support needs;
  • Improve and enhance the functionality, security, and performance of the Service;
  • Prevent fraud, unauthorized access, and other security incidents;
  • Comply with applicable laws, regulations, and contractual obligations; and
  • Otherwise to fulfill our obligations under our agreements with the customer

Use of Credit Card Information

Suralink uses third-party payment processing services to process payment transactions. When you enter sensitive information (such as credit card number) for payment, Suralink or its third party provider encrypts that information using Transport Layer Security technology (TLS). We do not store full payment card numbers or security codes.

If you choose to pay for the Service via payment card, your payment card details are processed by our PCI-compliant third-party payment processors (currently we use Maxio and Stripe; we reserve the right to change providers). These providers may store limited card details (such as last four digits and expiration date) for billing purposes. Use of your personal information by these providers is governed by their respective privacy policies, which can be found at the following links:

Security of your Personal Information

We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use or disclosure. Our hosting service provider (currently AWS) secures the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Information is protected using appropriate physical, technical and organizational measures, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of likelihood and severity for your fundamental rights and freedoms, to ensure a level of security appropriate to such risk. The measures ensure in particular safeguarding the confidentiality, integrity and availability of the Personal Information by implementing policies and procedures governing, among other things, the encryption of data, access control of data, secure development of our products, secure network, and technical vulnerability management.

In its dedication to protect data (including Personal Information), Suralink complies with the AICPA SOC 2 (Type 2) standards and undergoes annual independent audits as an ongoing validation of our compliance against those standards.

Amazon Web Services provides our servers and maintains them in high-security controlled environments pursuant to the AWS Cloud Security policy.

You should, however, understand that no method of transmission over the Internet or electronic storage is 100% secure, Therefore, while Suralink strives to use commercially reasonable means to protect your Personal Information, we cannot guarantee its absolute security. The security of your information also depends on our customers/end-users: customers/end-users are responsible for using unique, strong usernames and passwords for each of their accounts and for keeping those usernames and passwords confidential. We are not responsible for the circumvention of any privacy settings or cybersecurity measures contained in our Service.

Retention of Personal Information

We retain Personal Information for as long as necessary to provide the Service, fulfill the purposes described in this Privacy Policy, and comply with applicable legal, regulatory, and contractual obligations. Retention periods may vary depending on the type of data and the context in which it is processed.

For customer data processed through the Service, our retention practices are governed by our agreements with customers. Customers control the data they submit to the Service, including how long they choose to store it. Following termination or expiration of a customer’s subscription, we handle customer data in accordance with the retention and deletion commitments set out in those agreements. Therefore, if clients of our customers provide information to our customers as part of their use of the Service, our customers decide how long to retain the data (which may include Personal Information about various persons, including you) they collect. If a customer terminates its use of the Service, then we will provide that customer with access to all information stored for the customer by the Service, including any Personal Information provided by or about you, for export by the customer according to our agreement with our customer. After termination, we may, unless legally prohibited, delete all customer information, including your Personal Information, from the Service.

For Personal Information we process for our own business purposes—such as account administration, security, analytics, or marketing preferences—we retain such information only for as long as necessary for those purposes and whilst we have an ongoing legitimate business need to do so, unless a longer retention period is required or permitted by law or you request deletion sooner.

4. How We Share Information We Collect

Except as otherwise expressly set forth in this Privacy Policy, we do not sell or share Personal Information and do not disclose Personal Information to third parties except as described below. We may disclose such information:

  • to respond to subpoenas, court orders, lawful request by authorities or other legal process, or to establish or exercise our legal rights or defend against legal claims (as further described below under “Compelled Disclosure”);
  • if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our agreements or policies, or as otherwise required by law;
  • to contractors, service providers, and other third parties we use to support our business;
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Suralink, users of the Service, and/or others;
  • to the extent permissible under applicable data privacy laws, to third parties in aggregated, anonymized, and/or de-identified form that cannot reasonably be used to identify any individual;
  • for the purpose of performing our legal or contractual obligations (including to comply with applicable laws) or supporting our business.
  • in the case of a corporate event such as a company reorganization, merger, or sale (as further described below under “Corporate Events”).
  • to support integrated third-party applications, to the extent applicable. You may choose to use certain third-party applications, integrations, or software services (collectively, "Third-Party Apps") in connection with the Service. These Third-Party Apps may collect or receive your Personal Information when enabled or used. Suralink has no ownership of such third parties nor control over the behavior of these Third-Party Apps or the types of data they may collect. Please review the privacy policies of any Third-Party Apps that you wish to integrate before enabling; and
  • otherwise with your consent.

Corporate Events

Suralink may share your data with a potential buyer or partner in the event of a potential or actual acquisition or merger. If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy, operation of law, or otherwise, that company would receive all information gathered by Suralink on the Sites and the Service. In this event, you will be notified via email and/or a prominent notice on our Site, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.

Compelled Disclosure

Your Personal Information may be shared with governmental agencies, law enforcement officers or courts if required by law (including to meet national security or law enforcement requirements), or a valid court order. In addition, we reserve the right to use or disclose your Personal Information if we reasonably believe that such use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a legal process.

5. International Transfer of Information

We are based in the United States and may transfer Personal Information to the United States and/or maintain Personal Data in the United States, and/or other countries where we or our service providers operate.

If you are located in the EU or EEA, we may transfer your Personal Information outside the European Economic Area, including to the United States. When we do so, we implement appropriate safeguards to protect your Personal Information, such as the Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms including compliance with the Data Privacy Framework as discussed in detail below.

6. Cookies and Similar Technologies

Cookies

Suralink and its partners use cookies or similar technologies (such as web beacons) to operate the Site, understand usage patterns, improve performance, and support certain features. To find out more about how we use cookies on our Site and how to manage your cookie preferences, please see our Cookie Policy at https://www.suralink.com/cookie-policy.

Advertising

We may partner with third party ad networks to manage our advertising on other sites. Our ad network partners use cookies and web beacons to collect information about your activities on this and other websites to provide you targeted advertising based upon your interests. You can manage your advertising preferences or opt out of interest-based advertising by adjusting your browser or device settings, or by using industry opt-out tools such as those provided by the Network Advertising Initiative (NAI) (for example, https://thenai.org/how-to-opt-out/) or Digital Advertising Alliance (DAA) (https://youradchoices.com/). Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

Third Party Tracking Technologies

Third parties may use cookies or similar technologies when providing services on our behalf. Their use of tracking technologies is governed by their own privacy policies.

7. How to Access & Control Your Personal Data

Reviewing, Correcting and Removing Your Personal Information

Under the GDPR (defined below), You have the following data protection rights (and you may have similar or additional rights under the laws of other countries/regions and various US states):

  • Right to Access: You have the right to request access to your Personal Data (as defined in the GDPR) that we hold.
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete Personal Data.
  • Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your Personal Data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
  • Right to Restriction of Processing: You have the right to request the restriction of processing of your Personal Data under certain circumstances.
  • Right to Withdraw Consent: If you have provided consent for the processing of your Personal Data, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Object: You have the right to object to the processing of your Personal Data based on legitimate interests or direct marketing.
  • Right to Data Portability: You have the right to receive the Personal Data you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
  • Right to Complain: You have the right to complain to a data protection authority in your country or region about our collection and use of your personal information. Please also see your right to complain under the Data Privacy Framework (DPF) described below. The following contact lists are provided for your convenience only, but may not be fully current, complete or correct in all specifics.
  • Contact details for certain data protection authorities in the EEA, Switzerland and certain non-European countries are available here: (note this list is not kept current) http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.html.
  • For additional non-official lists that include information on data protection authorities in more countries (including the US and Canada), you could consider these unofficial sources: https://en.wikipedia.org/wiki/National_data_protection_authority#:~:text=China:%20Cyberspace%20Administration%20of%20China%20(CAC)%20Hong,Japan:%20Personal%20Information%20Protection%20Commission%20(Japan)%20(PPC) or https://globalprivacyassembly.com/participation-in-the-assembly/list-of-accredited-members/
  • Depending on your location, you may have additional rights under applicable privacy laws. Without limiting the general nature of the preceding sentence, if you are a California resident certain of your additional rights are discussed below under the heading “California Consumer Privacy Act.”

To exercise any of these rights, please fill out this form: https://share.hsforms.com/1Gavo88DyRzmRgsfQIEY1Lg3hfb4 or contact us at support@suralink.com. Please include sufficient detail in your request so we can verify your identity and respond appropriately. We will respond to your request to change, correct, or delete your information within a reasonable timeframe compliant with applicable privacy laws and notify you of the action we have taken.

As a supplement to Suralink’s obligations under the GDPR, Suralink additionally participates in the Data Privacy Framework Program as designed by the U.S. Department of Commerce, the European Commission, the UK Government, and the Swiss Federal Administration (the “DPF”), and hereby declares our commitment to comply with the DPF. Suralink is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In compliance with the DPF, Suralink commits to resolve complaints about our collection or use of your personal information.

Suralink complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Suralink has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Suralink has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (together the “Principles”), the applicable Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In the event that you have a complaint regarding our compliance with any of the Principles, you have the right to (a) submit complaints to us directly, (b) submit a complaint to the designated independent recourse mechanism(s) set out on our DPF Program Record (i.e., TRUSTe, discussed below in this paragraph), (c) submit a complaint directly to your local data protection authority; (d) under certain conditions, if other mechanisms have failed to satisfactorily resolve your complaint, to invoke binding arbitration as a means of dispute resolution with the ICDR-AAA (https://go.adr.org/dpf_irm.html); or (e) contact the US enforcement authority (the FTC). For your convenience, we have provided links that set forth details on the complaint process and the arbitration process in the paragraphs immediately following this one. Without limiting the general nature of the foregoing, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Suralink commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint with TRUSTe. The services of TRUSTe are provided at no cost to you.

The following link describes the complaint process: https://www.dataprivacyframework.gov/program-articles/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization%E2%80%99s-Compliance-with-the-DPF-Principles.

The following link describes the arbitration process: https://www.dataprivacyframework.gov/framework-article/G%E2%80%93Arbitration-Procedures.

Suralink remains responsible under the DPF Principles for Personal Information that we transfer to third parties acting as our agents if those third parties process such information in a manner inconsistent with the DPF Principles. Please see the following link for additional information: https://www.dataprivacyframework.gov/framework-article/3%E2%80%93ACCOUNTABILITY-FOR-ONWARD-TRANSFER.

To Unsubscribe From Our Communications

You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, updating your communication preferences, or by sending us an email to support@suralink.com or postal mail to Suralink, Inc., 10 Exchange Place, Suite 300, Salt Lake City, Utah, 84111 USA, Attention: Privacy. Customers cannot opt out of receiving transactional emails related to their account with us or the Service.

8. Legal Basis for Processing of Personal Data

We process Personal Data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation [as it is amended from time to time, the “GDPR”]). The legal bases for processing Personal Data include:

Consent: When you have given explicit consent for us to process your data for specific purposes, Art. 6 Sec. 1(a) GDPR. You have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Contractual Necessity: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract, Art. 6 Sec. 1(b) GDPR.

Legal Obligation: When processing is necessary to comply with a legal obligation, Art. 6 Sec. 1 (c) GDPR.

Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms, which require protection of Personal Data, Art. 6 Sec. 1 (f) GDPR.

We rely on these legal bases only to the extent permitted by applicable law.

9. EU/UK/Swiss Representatives

If you are located in the EU, EEA, UK, or Switzerland, you may contact our Data Protection Representative using the details below:

Switzerland (CH):
Name: Lionheart Squared Switzerland SarL
Email: Suralink@LionheartSquared.ch
Post: Lionheart Squared Switzerland SarL, FAO Suralink Blvd George Favon 43, CH-1204 Geneva, Switzerland

European Union / EEA:
Name: Lionheart Squared (Europe) Ltd
Email: Suralink@LionheartSquared.eu
Post: Lionheart Squared (Europe) Ltd, FAO Suralink 2 Pembroke House, Upper Pembroke Street 28-32 Dublin, D02 EK84, Ireland

United Kingdom (UK):
Name: Lionheart Squared Ltd
Email: Suralink@LionheartSquared.co.uk
Post: Lionheart Squared Ltd, FAO Suralink 17 Glasshouse Studios, Fryern Court Road, Fordingbridge Hampshire, SP6 1QX, United Kingdom

10. California Consumer Privacy Act (CCPA)

If you are a resident of California, this section sets out additional rights and information for you.

Many obligations under the California Consumer Privacy Act (the original CCPA) and the California Privacy Rights Act (“CPRA”), which amended the CCPA (together referred to as the “CCPA”) are addressed in other provisions of this Privacy Policy. This supplemental section is meant to fill in the gaps for California residents and the terms used in this section are either defined in the Privacy Policy or in the text of the CCPA.

Suralink has not sold the personal information of any California residents in the preceding 12 months.

CCPA Consumer Rights

  • The right to access, and to know, both the categories of personal information and the specific personal information we collect, the purposes for which personal information is collected, whether personal information is sold or shared, and the retention period for the personal information.
  • The right to have your personal information deleted, subject to some legal limitations.
  • The right to the correction of inaccurate personal information.
  • The right to data portability.
  • The right to limit the sharing of sensitive personal information.
  • The right to opt-out of automated-decision making.
  • The right to opt-out of the sale or sharing (as defined in the CPRA) of personal information.
  • The right to request disclosure of the personal information collected.
  • The right to disclosure of information disclosed for valuable consideration.

Submitting Requests under CCPA

California residents may submit requests for information under the CCPA to Suralink by email to support@suralink.com, or by phoneat 801-203-0002 , or by postal mail to Suralink, Inc., 10 Exchange Place, Suite 300, Salt Lake City, Utah, 84111 USA, Attention: Privacy.

Please be as specific as possible when you exercise your rights under the CCPA and submit a request regarding your personal information, and detail at least the following:

  • The right you wish to exercise or the goal of the request
  • Your name
  • Your email address.

In the event the email address from which we receive the request and the one to which the Personal Information belongs to do not match, we may request additional information to verify the identity of the requesting party.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by posting the new policy on our Site and updating the "Last Updated" date at the top of this page. In the event of material changes to this Privacy Policy, additional notice may be provided at our discretion, as set forth above. Your continued use of the Service after any changes become effective constitutes your acceptance of those changes.