Privacy Policy

Effective Date: August 18, 2025
Last Updated: August 18, 2025
Version: 2.1

This page is operated by SuperNomics Technologies Inc.

This Privacy Policy explains how SuperNomics collects, uses, processes, and protects personal information in connection with our Services. Some products have Product Privacy Addenda (e.g., Sque). If there is a conflict, the Addendum controls.

Plain-Language Summary

  • We don't sell or "share" personal data.
  • AI inputs: minimum necessary, no-training settings, minimized retention.
  • Customer data stays yours.
  • SOC 2-aligned security program.
  • Easy access to rights: correction, deletion, portability.

1. Scope and Roles

  • Applies to visitors, users, prospects, and business contacts.
  • Controller: for websites and direct relationships.
  • Processor: for customer data under a DPA.

2. Categories of Data

  • Account & identity
  • Billing & transactions
  • Support & communications
  • Technical & usage data
  • Website & marketing data
  • Integrations
  • Recruiting (where applicable)

3. Sources

  • Direct input
  • Automatic collection
  • Third parties
  • Your organization

4. Purposes

  • Service delivery, support, security, improvement, legal compliance, marketing.
  • De-identified/aggregated insights for performance improvement.

5. AI Processing

  • Third-party AI providers (e.g., OpenAI).
  • Minimum necessary inputs only.
  • No model training without explicit opt-in.
  • Safeguards for privileged data.
  • Roadmap for local closed-loop LLMs.

6. Disclosures

  • Subprocessors (list here).
  • Affiliates, advisors, transactional counterparties.
  • Authorities where required.
  • Integrations you enable.

7. Cookies

8. Retention

  • Retained only as necessary.
  • After termination: 90-day export window + backup purge.

9. Security

  • Encryption at rest/in transit.
  • RBAC, least privilege, vulnerability management.
  • SOC 2 Type II certification underway.

10. International Transfers

  • Safeguards via SCCs and DPAs.

11. Your Rights

12. Jurisdiction Notices

  • California: CPRA compliance.
  • GDPR: legal bases include contract, legitimate interest, obligations, consent.

13. Children's Privacy

Not directed to children under 16.

14. Third-Party Links

Integrations governed by third-party policies.

15. Changes

Policy may be updated; material changes will have notice.

Contact Information

Related Documents