PRIVACY POLICY

Last updated: 11/7/2025 • Version 1.0

PRIVACY POLICY

Superagent Technologies, Inc. 1111B S Governors Ave STE 3232, Dover, DE 19904

Last Updated: November 7, 2025

INTRODUCTION

This Privacy Policy describes how Superagent Technologies, Inc. ("Superagent," "we," "us," or "our") collects, uses, protects, and shares your personal information when you use our dashboard at https://superagent.sh (the "Dashboard").

Important Distinction: Account Data vs. Customer Data

This Privacy Policy governs our collection and processing of your Account Data - the personal information we collect to provide you with access to our Dashboard, including your name, email address, login credentials, and dashboard usage information. For this Account Data, Superagent acts as a data "Controller" under applicable privacy laws, meaning we determine how this data is processed.

This Privacy Policy does NOT cover Customer Data that you submit through our paid API services (Guard, Verify, Redact endpoints). When you use our API services to process your customer data, Superagent acts as a data "Processor" operating under your instructions. The processing of API Customer Data is governed by our separate Data Processing Agreement, which forms part of the API Services Agreement.

If you have questions about this Privacy Policy, please contact us at privacy@superagent.sh.

By using our Dashboard, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Dashboard.

TABLE OF CONTENTS

  1. What Information We Collect
  2. How We Use Your Information
  3. Legal Bases for Processing
  4. How We Share Your Information
  5. Cookies and Tracking Technologies
  6. International Data Transfers
  7. Data Retention
  8. Security Measures
  9. Children's Privacy
  10. Your Privacy Rights
  11. Updates to This Policy
  12. How to Contact Us

1. WHAT INFORMATION WE COLLECT

We collect Account Data to provide you with access to our Dashboard and manage your account. This section describes the personal information we collect as the Controller of your Account Data.

1.1 Information You Provide

When you create an account and use our Dashboard, you provide us with:

Contact Information:

  • Name
  • Email address

Account Credentials:

  • Login credentials (username and password, or authentication through Google if you choose that option)
  • Account preferences and settings

1.2 Information We Collect Automatically

When you access and use our Dashboard, we automatically collect certain technical information:

Usage Information:

  • Pages viewed within the Dashboard
  • Features accessed
  • Time spent on Dashboard
  • Actions taken (e.g., creating or modifying settings)
  • Date and time of access

Technical Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device type
  • Screen resolution
  • Language preferences
  • Referring website addresses

Log Data:

  • Server logs recording your interactions with the Dashboard
  • Error reports and diagnostic information
  • Performance data

1.3 Authentication Information

We offer Google authentication as a convenient login option. If you choose to authenticate using your Google account, we receive your name, email address, and profile picture from Google. We use this information solely for authentication and account management purposes. We do not access your Google Drive, Gmail, or other Google services beyond basic authentication.

1.4 Payment Information

If you upgrade from our free Dashboard to our paid API services, payment information is collected and processed by our third-party payment processor, Stripe. We do not store your complete payment card information. For details about how your payment data is handled, see Section 4 below and Stripe's Privacy Policy at https://stripe.com/privacy.

1.5 What We Do NOT Collect

We do not collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, health information, biometric data, or precise geolocation data.

We do not collect Customer Data submitted via API. When you submit data through our API services for processing (such as content sent to our Guard, Verify, or Redact endpoints), that data is Customer Data processed under our Data Processing Agreement, not under this Privacy Policy.

2. HOW WE USE YOUR INFORMATION

As the Controller of your Account Data, we process your personal information for the following specific purposes:

2.1 Providing Dashboard Access

  • Create and maintain your Dashboard account
  • Authenticate your login and verify your identity
  • Provide access to Dashboard features and functionality
  • Display your account information and preferences
  • Enable you to manage your account settings

2.2 Service Improvement

  • Analyze Dashboard usage patterns to improve functionality
  • Identify and fix technical issues and bugs
  • Develop new features and enhancements
  • Conduct internal research on user experience
  • Optimize Dashboard performance

2.3 Communication

  • Send service-related notifications and updates
  • Respond to your inquiries and provide customer support
  • Send important account or policy updates
  • Notify you of Dashboard maintenance or disruptions

2.4 Security and Fraud Prevention

  • Monitor for unauthorized access attempts
  • Detect and prevent fraudulent activity
  • Protect against security threats and abuse
  • Investigate potential violations of our Dashboard Terms
  • Maintain the security and integrity of our systems

2.5 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Enforce our Dashboard Terms and policies
  • Protect our legal rights and interests
  • Fulfill regulatory reporting obligations

2.6 Marketing (With Your Consent)

  • Send information about new Dashboard features
  • Notify you about API service upgrades and enhancements
  • Share product updates and company news

You may opt out of marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us at privacy@superagent.sh. Opting out of marketing communications will not affect service-related communications.

2.7 Scope Limitation

We process your Account Data only for the purposes described above. We do not use your Account Data for AI training, automated decision-making with legal effects, or any purpose unrelated to providing and improving Dashboard access.

3. LEGAL BASES FOR PROCESSING

We process your Account Data only when we have a valid legal basis under applicable privacy laws.

3.1 For Users in the EU, UK, and Switzerland (GDPR)

Under the General Data Protection Regulation (GDPR) and UK GDPR, we rely on the following legal bases:

Contract Performance (Primary Basis): Processing your Account Data is necessary to fulfill our contract with you under the Dashboard Terms. Without processing your Account Data, we cannot provide you with Dashboard access and account management services.

This legal basis applies to:

  • Account creation and management
  • Authentication and login
  • Dashboard functionality
  • Account settings and preferences
  • Service delivery

Legitimate Interests (Secondary Basis): We have legitimate business interests in processing your Account Data for analytics, service improvement, security monitoring, and fraud prevention. We have balanced these interests against your privacy rights and determined that processing is proportionate and reasonable.

This legal basis applies to:

  • Usage analytics and service improvement
  • Security monitoring and threat detection
  • Fraud prevention
  • Technical diagnostics and bug fixes

Consent: For marketing communications, we rely on your explicit consent. You may withdraw consent at any time by unsubscribing from marketing emails.

Legal Obligations: We process your Account Data when required to comply with applicable laws, such as responding to valid legal requests or fulfilling regulatory requirements.

3.2 For Users in Canada

We process your Account Data with your express or implied consent, or where otherwise permitted by Canadian privacy law. You may withdraw your consent at any time by contacting us at privacy@superagent.sh.

In certain exceptional cases, we may process your Account Data without consent where permitted by law, such as:

  • For fraud detection and prevention
  • To comply with legal obligations or court orders
  • When collection is clearly in your interests and consent cannot be obtained timely
  • For business transactions under specific conditions

3.3 For Users in the United States

We process your Account Data to provide the Dashboard services you have requested and to fulfill our legitimate business interests in maintaining and improving our services, subject to applicable US privacy laws.

4. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your Account Data. We share your Account Data only in the limited circumstances described below.

4.1 Service Providers (Sub-Processors)

We share your Account Data with trusted third-party service providers who assist us in operating our Dashboard and providing services to you. These service providers act as our sub-processors and are contractually obligated to protect your personal information and use it only for the purposes we specify.

Current Service Providers:

Payment Processing:

  • Stripe Inc. - Processes payment information if you upgrade to API services
  • Purpose: Payment processing and billing
  • Location: United States
  • Privacy Policy: https://stripe.com/privacy

Cloud Infrastructure:

  • Vercel Inc. - Hosts Dashboard application

  • Purpose: Dashboard hosting and application delivery

  • Location: United States

  • Address: 340 S Lemon Ave #4133, Walnut, CA 91789, USA

  • Privacy Policy: https://vercel.com/legal/privacy-policy

  • Transfer Safeguards: Standard Contractual Clauses

  • Convex Inc. - Backend infrastructure and data storage

  • Purpose: Database and backend services for Dashboard

  • Location: United States

  • Privacy Policy: https://www.convex.dev/privacy

Authentication Services:

  • Google LLC - Provides Google authentication option
  • Purpose: Account authentication via Google login
  • Location: United States
  • Privacy Policy: https://policies.google.com/privacy

Product Analytics:

  • PostHog Inc. - Dashboard usage analytics
  • Purpose: Track Dashboard usage, performance metrics, and user activity to improve service
  • Location: United States
  • Address: 2261 Market Street #4008, San Francisco, CA 94114, USA
  • Privacy Policy: https://posthog.com/privacy
  • Transfer Safeguards: Standard Contractual Clauses

Email Communications:

  • Loops.so (Astrodon Corporation) - Email marketing and automation
  • Purpose: Send service emails, notifications, and marketing communications
  • Location: United States
  • Address: 9450 Southwest Gemini Drive PMB 22902, Beaverton, OR 97008, USA
  • Privacy Policy: https://loops.so/privacy
  • Transfer Safeguards: Standard Contractual Clauses

API Analytics Infrastructure:

  • AWS (AppRunner) - Hosts analytics services
  • Purpose: API request metadata and performance metrics (for API services, not dashboard Account Data)
  • Location: United States
  • Address: Amazon Web Services, Inc., 410 Terry Ave N, Seattle, WA 98109, USA
  • Privacy Policy: https://aws.amazon.com/privacy/
  • Transfer Safeguards: Standard Contractual Clauses

4.2 Business Transfers

If Superagent is involved in a merger, acquisition, asset sale, or bankruptcy, your Account Data may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Dashboard before your Account Data is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your Account Data if required to do so by law or in response to valid legal requests, such as:

  • Court orders or subpoenas
  • Legal process or government investigations
  • Requests from law enforcement or regulatory authorities
  • To protect our legal rights or comply with legal obligations
  • To protect the safety, rights, or property of Superagent, our users, or others

4.4 With Your Consent

We may share your Account Data with other third parties when you explicitly consent to such sharing.

4.5 No Sale of Personal Information

We do not sell, share, or rent your Account Data to third parties for their marketing purposes. We do not engage in targeted advertising using your Account Data.

5. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to provide functionality, analyze usage, and improve your Dashboard experience.

5.1 Types of Cookies We Use

Essential Cookies: Necessary for Dashboard functionality, including authentication, session management, and security. These cookies cannot be disabled without affecting Dashboard functionality.

Analytics Cookies: Help us understand how users interact with the Dashboard, identify popular features, and improve user experience. You can opt out of analytics cookies through your browser settings.

Preference Cookies: Remember your Dashboard settings and preferences, such as language selection and display options.

5.2 Third-Party Cookies

We use PostHog for product analytics to understand how users interact with the Dashboard. PostHog may set cookies to track usage patterns and improve service quality.

If you authenticate using Google, Google may set cookies in accordance with their privacy practices. We do not control these third-party cookies.

For detailed information about third-party cookies, see our Cookie Policy at [Cookie Policy URL].

5.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can:

  • Block all cookies
  • Accept only certain cookies
  • Delete cookies after each session
  • Receive notification when a cookie is set

Please note that disabling essential cookies will prevent you from using certain Dashboard features.

For more detailed information about the cookies we use and how to manage them, please see our Cookie Policy at [Cookie Policy URL].

5.4 Do Not Track (DNT)

Some web browsers include a Do-Not-Track (DNT) feature. Because there is no industry standard for recognizing DNT signals, we do not currently respond to DNT browser signals. If a standard is adopted that we must follow, we will update this Privacy Policy accordingly.

6. INTERNATIONAL DATA TRANSFERS

6.1 Data Transfer to the United States

Our servers and primary operations are located in the United States. When you use our Dashboard, your Account Data is transferred to, stored in, and processed in the United States.

6.2 Safeguards for International Transfers

For users in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we implement appropriate safeguards to protect your Account Data when it is transferred internationally:

Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses for transfers of personal information from the EEA and UK to the United States. These clauses require all recipients to protect personal information in accordance with European data protection laws and regulations.

Supplementary Measures: In addition to SCCs, we implement technical and organizational measures to ensure an adequate level of protection for your Account Data, consistent with GDPR requirements and guidance from European Data Protection Authorities.

Transfer Impact Assessment: We have conducted a transfer impact assessment to evaluate the risks associated with transferring Account Data to the United States and have implemented appropriate supplementary measures.

6.3 Requesting Documentation

You may request a copy of our Standard Contractual Clauses or additional information about our international transfer safeguards by contacting us at privacy@superagent.sh.

6.4 Relationship to Data Processing Agreement

The international transfer mechanisms described in this Privacy Policy apply to Account Data processed under our Controller relationship. For Customer Data processed via our API services, international transfer mechanisms are detailed in our Data Processing Agreement.

7. DATA RETENTION

7.1 During Active Account

We retain your Account Data for as long as your Dashboard account remains active and you continue to use our services. This retention is necessary to provide you with ongoing Dashboard access and account management.

7.2 After Account Termination

When you close your account or your account is terminated for any reason, we will delete your Account Data within 90 days, unless we are required or permitted to retain it longer by law.

7.3 Backup Archives

Account Data deleted from our active systems may remain in backup archives for up to 90 days after deletion. Backup copies are automatically and permanently deleted after this period.

7.4 Legal and Regulatory Requirements

We may retain certain Account Data for longer periods when required by law, such as:

  • Tax and accounting records (as required by applicable law)
  • Records subject to legal holds or litigation
  • Information necessary to resolve disputes or enforce our agreements
  • Records required for regulatory compliance

When legal retention requirements no longer apply, we will delete or anonymize the retained Account Data.

7.5 Anonymized Data

We may retain anonymized or aggregated data that does not identify you personally for analytical and research purposes without time limitation. Anonymized data is not considered personal information under applicable privacy laws.

7.6 Customer Data Retention

This retention policy applies to Account Data only. Retention of Customer Data submitted through our API services is governed by the Data Processing Agreement and is processed according to your instructions.

8. SECURITY MEASURES

8.1 Our Security Commitment

We implement appropriate technical and organizational security measures designed to protect your Account Data against unauthorized access, loss, destruction, alteration, or disclosure.

8.2 Security Measures

Our security measures include:

Technical Measures:

  • Encryption of Account Data in transit using TLS/SSL protocols
  • Encryption of Account Data at rest
  • Secure authentication and access controls
  • Regular security assessments and vulnerability testing
  • Intrusion detection and monitoring systems
  • Secure software development practices

Organizational Measures:

  • Employee training on data protection and security
  • Access restrictions based on need-to-know principle
  • Background checks for personnel with access to personal information
  • Incident response procedures
  • Regular review and update of security policies

8.3 Security Limitations

Despite our security measures, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. We cannot promise or guarantee that unauthorized third parties will never be able to defeat our security measures or access your Account Data.

8.4 Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account. Please:

  • Use a strong, unique password
  • Do not share your password with others
  • Log out after each session on shared devices
  • Notify us immediately if you suspect unauthorized account access

Access the Dashboard only in a secure environment and over secure networks.

8.5 Security Incidents

If we become aware of a security incident that affects your Account Data, we will notify you in accordance with applicable law and provide information about the incident and steps you can take to protect yourself.

9. CHILDREN'S PRIVACY

9.1 Age Restriction

Our Dashboard is not intended for individuals under 16 years of age (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children under 16.

9.2 Parental Consent

If you are under 16, you may not use our Dashboard or provide any personal information to us. By using our Dashboard, you represent that you are at least 16 years old or have parental or guardian consent to use our services.

9.3 Discovery of Children's Information

If we learn that we have collected personal information from a child under 16 without proper parental consent, we will deactivate that account and take reasonable measures to promptly delete such information from our records.

9.4 Reporting

If you become aware of any Account Data we may have collected from children under 16, please contact us at privacy@superagent.sh.

10. YOUR PRIVACY RIGHTS

Your privacy rights depend on where you are located. This section describes the rights available to users in different jurisdictions.

10.1 Rights for All Users

Regardless of your location, you have the following rights with respect to your Account Data:

  • Access: View your Account Data through your Dashboard account settings
  • Correction: Update inaccurate or incomplete Account Data through your account settings
  • Account Management: Update your profile, email address, and preferences
  • Marketing Opt-Out: Unsubscribe from marketing communications at any time

10.2 Additional Rights for EEA, UK, and Switzerland Users (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following additional rights under the GDPR:

Right to Access: Request a copy of your Account Data that we hold.

Right to Rectification: Request correction of inaccurate or incomplete Account Data.

Right to Erasure ("Right to be Forgotten"): Request deletion of your Account Data in certain circumstances, such as:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing: Request that we limit processing of your Account Data in certain circumstances.

Right to Data Portability: Receive your Account Data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object: Object to processing of your Account Data based on legitimate interests. We will cease processing unless we have compelling legitimate grounds that override your interests.

Right to Withdraw Consent: Where we rely on consent as the legal basis for processing, you may withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint: Lodge a complaint with your local supervisory authority if you believe we have violated your privacy rights. Contact information for EU data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.

Automated Decision-Making: We do not make automated decisions with legal or similarly significant effects based on your Account Data.

10.3 Rights for California and Other US State Residents

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, or another US state with comprehensive privacy laws, you have the following rights:

Right to Know: Know what personal information we collect, use, disclose, and sell (we do not sell personal information).

Right to Access: Access the specific pieces of personal information we have collected about you.

Right to Delete: Request deletion of your personal information, subject to certain exceptions.

Right to Correct: Request correction of inaccurate personal information.

Right to Data Portability: Obtain a copy of your personal information in a portable and readily usable format.

Right to Opt-Out: Opt out of the sale or sharing of personal information for targeted advertising. We do not sell or share personal information for these purposes.

Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights.

Categories of Personal Information: We collect identifiers (name, email, IP address), account information, and usage data. We do not collect sensitive personal information as defined by California law. For details, see Section 1 above.

No Sale or Sharing: We have not sold or shared personal information to third parties for business or commercial purposes in the preceding 12 months. We will not sell or share personal information in the future.

California "Shine the Light" Law: California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

10.4 Exercising Your Rights

To exercise any of the privacy rights described above:

Email: privacy@superagent.sh
Dashboard: Account Settings > Privacy Requests
Mail: Superagent Technologies, Inc., 1111B S Governors Ave ste 3232, Dover, DE 19904, USA

10.5 Verification Process

To protect your privacy and security, we will verify your identity before fulfilling your request. Verification may require:

  • Matching the email address on your request to your account email
  • Confirming account ownership through Dashboard login
  • Providing additional information if we cannot verify your identity from existing records

10.6 Authorized Agents

You may designate an authorized agent to make a privacy request on your behalf. The authorized agent must:

  • Provide written authorization signed by you
  • Verify their own identity
  • Submit proof of authorization

10.7 Response Timeframes

We will respond to your request within:

  • 30 days for GDPR requests (may be extended by 60 days if complex)
  • 45 days for California and US state requests (may be extended by 45 days if necessary)
  • We will notify you if we need additional time

10.8 Appeals (US State Residents)

If we decline your privacy request, you may appeal our decision by emailing us at privacy@superagent.sh. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of our reasons. If your appeal is denied, you may file a complaint with your state attorney general.

11. UPDATES TO THIS POLICY

11.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last Updated" date at the top of this Privacy Policy
  • Post the revised Privacy Policy on our Dashboard
  • Continue to treat your Account Data in accordance with the policy under which it was collected, unless we obtain your consent to the new practices

11.2 Material Changes

If we make material changes that significantly affect your privacy rights or how we process your Account Data, we will provide prominent notice through:

  • Email notification to your registered email address
  • Prominent notice on the Dashboard before the changes take effect
  • Requiring affirmative acceptance of the new policy before continued use

11.3 Your Responsibility

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your Account Data. Your continued use of the Dashboard after we post changes constitutes your acceptance of the updated Privacy Policy, unless the changes require affirmative consent.

12. HOW TO CONTACT US

12.1 Privacy Inquiries

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:

Privacy Email: privacy@superagent.sh
General Inquiries: info@superagent.sh
Mail: Superagent Technologies, Inc.
1111B S Governors Ave ste 3232
Dover, DE 19904
United States

12.2 Supervisory Authorities

EEA/UK Users: If you are located in the EEA or UK and believe we have violated your privacy rights, you have the right to lodge a complaint with your local supervisory authority. Contact information for EU data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.

Swiss Users: If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC) at https://www.edoeb.admin.ch/edoeb/en/home.html.

ADDITIONAL INFORMATION

Language

This Privacy Policy is written in English. If we provide translations into other languages, the English version controls in case of any conflicts or discrepancies.

Severability

If any provision of this Privacy Policy is found to be invalid or unenforceable, the remaining provisions will continue in full force and effect.

No Waiver

Our failure to enforce any provision of this Privacy Policy does not waive our right to enforce that provision in the future.

END OF PRIVACY POLICY

© 2025 Superagent Technologies, Inc. All rights reserved.