Skip to content

Privacy Policy

Last Updated: August 16, 2025 | Effective Date: August 16, 2025

Table of Contents

Introduction

SuperteamAI (“we,” “us,” “our”) operates an artificial intelligence platform enabling businesses to deploy AI agents for marketing, sales, and customer engagement. This Privacy Policy governs the collection, processing, storage, transmission, and protection of personal data obtained through our website (www.superteamai.com), software-as-a-service (SaaS) platform, APIs, mobile applications, and affiliated services (collectively, the “Service”).

By accessing or using our Service, you unconditionally consent to the practices described herein. If you disagree with any provision, you must immediately cease all use of our Service. We reserve the right to modify this policy at our sole discretion, with such modifications becoming effective upon posting.

Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person, including but not limited to name, email address, IP address, device identifiers, location data, and behavioral patterns.
  • Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, erasure, or destruction.
  • Controller: SuperteamAI, which determines the purposes and means of personal data processing.
  • Processor: Third parties engaged by SuperteamAI to process data on our behalf pursuant to written instructions.
  • User: Any individual or entity accessing or using our Service, including customers, trial users, website visitors, and business contacts.

Information Collection

3.1 Direct Collection

We collect the following categories of personal data directly from Users:

  • Identity Data: Full name, company name, job title, professional credentials.
  • Contact Data: Email addresses, telephone numbers, physical addresses, social media handles.
  • Financial Data: Payment card details, billing addresses, transaction histories (processed via PCI-DSS compliant processors).
  • Authentication Data: Usernames, encrypted passwords, security questions, multi-factor authentication tokens.
  • Communications Data: Content of inquiries, support tickets, feedback submissions, and correspondence.

3.2 Automated Collection

Our systems automatically collect:

  • Technical Data: IP addresses, MAC addresses, device type, operating system, browser version, screen resolution, plugin details.
  • Interaction Data: Clickstream data, mouse movements, scroll patterns, session duration, feature usage frequency, error logs.
  • Performance Data: API response times, system latency, error rates, crash reports.
  • Inferred Data: Behavioral patterns, preferences, interests, and segmentation classifications derived from your interactions.

3.3 Third-Party Collection

We may obtain data from:

    • Business partners with whom you have an existing relationship
    • Social media platforms upon authorized connection
    • Data enrichment providers for business verification purposes
    • Publicly available sources (e.g., professional directories, company websites)

Lawful Bases for Processing

We process personal data only when at least one of the following lawful bases applies:

  • Consent: You have given explicit consent for specific processing activities (Article 6(1)(a) GDPR).
  • Contract Performance: Processing is necessary to fulfill our contractual obligations to you (Article 6(1)(b) GDPR).
  • Legitimate Interests: Processing is necessary for our legitimate interests in providing, improving, and securing our Service, provided such interests do not override your fundamental rights and freedoms (Article 6(1)(f) GDPR).
  • Legal Compliance: Processing is necessary to comply with applicable laws, regulations, or court orders (Article 6(1)(c) GDPR).

Data Usage & Purposes

We utilize collected data for the following specified, explicit, and legitimate purposes:

  • Service Provision: To deliver, maintain, and enhance our AI platform, including agent deployment, performance monitoring, and technical support.
  • Personalization: To customize user experiences, content recommendations, and AI agent behavior based on your preferences and historical interactions.
  • Communication: To respond to inquiries, provide support, send transactional messages, and deliver marketing communications (where consented).
  • Analytics: To analyze usage patterns, measure Service effectiveness, conduct research, and develop statistical insights.
  • Security: To detect, prevent, and respond to security incidents, fraudulent activities, and malicious behavior.
  • Compliance: To meet legal obligations, regulatory requirements, and industry standards.

Business Operations: For auditing, financial reporting, corporate development, and strategic planning.

Data Sharing & Disclosure

6.1 Service Providers

We engage carefully vetted subprocessors for:

  • Cloud infrastructure (AWS, Google Cloud Platform)
  • AI model providers (OpenAI, Anthropic, Mistral)
  • Payment processing (Stripe, PayPal)
  • Email delivery (SendGrid, Mailchimp)
  • Analytics (Google Analytics, Mixpanel)
  • Customer support (Zendesk, Intercom)

All subprocessors execute written agreements imposing data protection obligations equivalent to those in this policy.

6.2 Legal Requirements

We may disclose data:

  • When required by law, subpoena, or governmental authority
  • To establish or exercise our legal rights
  • To protect against legal claims
  • To investigate potential violations of our Terms of Service

6.3 Business Transfers

In connection with any merger, acquisition, sale of assets, or business transition, your data may be transferred as part of due diligence and transaction completion, subject to confidentiality obligations.

6.4 Anonymized & Aggregated Data

We may share anonymized, aggregated, or pseudonymized data that cannot reasonably be used to identify you for research, industry analysis, or marketing purposes.

International Data Transfers

Personal data may be transferred to and processed in countries outside your jurisdiction, including the United States and other nations that may not provide equivalent data protection. Such transfers rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs) where applicable
  • Adequacy decisions for jurisdictions recognized by relevant authorities
  • Appropriate safeguards including technical and organizational measures

You may request a copy of our approved SCCs by contacting privacy@superteamai.com.

Data Security Measures

We implement comprehensive security controls including:

  • Technical Measures:
    • AES-256 encryption for data at rest
    • TLS 1.3+ encryption for data in transit
    • End-to-end encryption for sensitive communications
    • Multi-factor authentication for all administrative access
    • Intrusion detection and prevention systems (IDPS)
    • Regular vulnerability assessments and penetration testing
    • Secure development lifecycle (SDLC) practices
  • Organizational Measures:
    • Strict access controls based on principle of least privilege
    • Comprehensive employee training on data protection
    • Confidentiality agreements with all personnel
    • Third-party security audits (SOC 2 Type II, ISO 27001)
    • Incident response plan with defined escalation procedures
    • Business continuity and disaster recovery protocols

Despite these measures, no system is entirely secure. We cannot guarantee absolute security but commit to maintaining industry-standard protections.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy, subject to the following retention periods:

  • Account Data: Retained while your account remains active, plus 180 days thereafter for administrative purposes.
  • Transaction Data: Retained for 7 years to comply with tax and accounting regulations.
  • Communication Data: Retained for 3 years unless deletion is requested.
  • Analytics Data: Retained for 25 months in aggregated form.
  • Legal Hold Data: Retained indefinitely if required for ongoing legal proceedings.

Upon expiration of retention periods, data is securely deleted or anonymized.

Your Rights & Controls

Subject to applicable laws, you may exercise the following rights:

  • Access: Request confirmation of processing and copies of your personal data.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data under certain circumstances (right to be forgotten).
  • Portability: Request transfer of your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Restriction: Request limitation of processing under specific conditions.

To exercise these rights, contact privacy@superteamai.com. We may require verification of your identity and may refuse requests that are manifestly unfounded or excessive.

Automated Decision-Making

Our Service may utilize automated decision-making, including profiling, for:

  • AI agent behavior optimization
  • Personalized content delivery
  • Risk assessment for fraud prevention
  • Service tier recommendations

You have the right to:

  • Obtain human intervention
  • Express your point of view
  • Contest the decision
  • Receive explanation of the logic involved

Cookies & Tracking

We employ cookies and similar technologies for:

  • Essential functionality (session management, security)
  • Performance analytics (usage statistics, load times)
  • Personalization (content customization, preference storage)
  • Marketing (ad delivery, conversion tracking)

You may configure browser settings to reject cookies, though this may impair Service functionality. Our Cookie Policy provides detailed information about specific cookies used.

Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal data from minors. If we become aware of inadvertent collection, we will promptly delete such information. Parents or guardians may report concerns to privacy@superteamai.com.

Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services. This policy does not apply to such third parties, and we are not responsible for their privacy practices. We encourage reviewing their privacy policies before providing any personal information.

Data Breach Protocol

In the event of a data breach likely to result in risk to your rights and freedoms, we will:

  • Notify affected individuals without undue delay
  • Provide information about the nature and consequences of the breach
  • Describe measures taken to mitigate potential damage
  • Report to relevant supervisory authorities within 72 hours where required by law

Policy Modifications

We reserve the right to amend this policy at our discretion. Material changes will be:

  • Posted on our website with updated revision date
  • Communicated via email to registered users
  • Effective immediately upon posting unless otherwise specified

Continued use of our Service after modifications constitutes acceptance of the revised policy.

Limitation of Liability

To the fullest extent permitted by law:

  • We provide our Service “as is” without warranties of any kind
  • We disclaim all liability for indirect, incidental, special, consequential, or punitive damages
  • Our maximum aggregate liability for any claim related to this policy shall not exceed the fees paid by you in the six months preceding the claim

Governing Law & Disputes

This policy is governed by the laws of [Jurisdiction], without regard to conflict of law principles. Any disputes arising under this policy shall be resolved exclusively in the courts of [Jurisdiction].

Contact Information

For privacy-related inquiries, complaints, or rights requests, contact:
SuperteamAI Privacy Team
Email: privacy@superteamai.com