Privacy Policy
CCPA Compliance
GDPR Compliance
Data Processing Agreement

This Data Processing Agreement ("Agreement") sets out the basis on which Superpowered processes all customer data.

Superpowered will only process, use and store data according to this Agreement.

Processing outside the scope of this Agreement requires prior agreement between the customer and Superpowered on additional instructions for processing, unless other processing is required by the United States of America, European Union or European Union member state law to which Superpowered is subject. In this case Superpowered shall, to the extent permitted by applicable law, inform the customer of that legal requirement before processing that customer data.

Location of Data Processing and Storage

Superpowered uses the following subprocessors:

• Xero (http://xero.com) is used for invoicing customers. Only the necessary banking details are processed by Xero for this specific usecase.
• Zendesk (http://zendesk.com) is used to provide customer support. Zendesk processes the customer contact details and their questions.
• TypeForm (http://typeform.com) is used by customers to talk to Superpowered sales. TypeForm processes the customer contact details and their answers to the sales questions.
• Mailchimp (http://mailchimp.com) is used to send automatic information e-mails to customers. Mailchimp processes customer names and email addresses.
• Pipedrive (http://pipedrive.com) is used to track sales progress, processing customer contact details and sales metadata.
• X.AI (http://x.ai) is used to schedule meetings with customers, processing customer contact information.
• Superpowered uses Google Tag Manager and Google Analytics on https://superpowered.com for website visitor analytics. Google services are not used in the licensing system https://superpowered.com/dev, where customers can actually log in, process, use or store data.

Superpowered doesn't use any other third-parties to process, use or store data.

Superpowered processes, uses and stores customer data exclusively on the Superpowered servers in the United States of America.

Passwords are stored as encrypted and salted hashes only. Passwords are never stored or logged as plaintext passwords and therefore can not be retrieved.

Data Usage

Customer data is exclusively provided by the customers by creating an account, signing in and registering applications at https://superpowered.com/dev/.

Superpowered uses customer data only to implement the license key system of the Superpowered SDKs. Superpowered doesn't use customer data for any other purposes and doesn't sell nor transfer any customer data in any way to third parties.

Customer license key data is never exposed outside of the Superpowered license key system. Search engines and other "external systems" have no access to customer data.

Personal Information

Superpowered requires all customers to be 18 years or older, or to be business entities. Superpowered does not allow minors to use the system, and therefore it doesn't involve actions that require parental consent.

In order to identify users and implement user sign-in, Superpowered stores the following customer data:

• email address
• full name
• third-party login provider identification (such as "1" for Google), thumbnail image and user id from the third-party login provider
• last login timestamp
• application data: name, platform, bundle id, company, date registered, license status
• if email+password login is used, encrypted password hash

Right to be forgotten: customer accounts can be requested for full delete (including all customer data) by emailing hello@superpowered.com. Superpowered will perform a full delete within 2 business days.

Data Access

Superpowered requires end-to-end encryption (HTTPS and HSTS) for any data access.

Superpowered employees, personnel and third-party development contractor access to customer data is limited to those who have a business need to have access to it, such as developers fixing bugs reported by customers. Superpowered maintains internal procedures to enforce strictly defined data access.

Superpowered employees, personnel and third-party development contractor with access to customer data must keep it confidential and should not copy or transfer any part of it outside the Superpowered servers, including internal Superpowered communication on third-party services (such as Slack).

Data Breach Policy

If Superpowered becomes aware of a security incident, it will notify the customer of the incident within 1 business day and will begin investigation immediately. Superpowered will also provide reasonable assistance to the customer (and any law enforcement or regulatory official) as required.

Privacy, Security and GDPR Representative

Contact the Superpowered representative for any question, request, inquiries or complaints:

Gabor Szanto (CTO, EU Member State Citizen),
gabor@superpowered.com