Privacy Policy
Effective Date: February 6, 2026
Last Updated: February 6, 2026
This Privacy Policy describes how SuperDocs (“we,” “us,” or “our”) collects, uses, stores, and protects your information when you use the SuperDocs platform, including our web application at use.superdocs.app, our API, and any related services (collectively, the “Service”).
SuperDocs is operated by [SuperDocs / Entity Name — to be updated upon company registration]. We are currently an early-stage company building the future of AI-assisted document editing. We are transparent about that, and we are transparent about how we handle your data.
We encourage you to read this policy in full. If you have any questions, contact us at hello@superdocs.app.
1. Information We Collect
We collect information in the following categories. For each, we explain what we collect and why.
| Category | Data Collected | Purpose | Retention |
|---|---|---|---|
| Account Information | Email address, display name, profile picture (if provided), authentication method (email/password or Google Sign-In) | To create and manage your account, authenticate your identity, and communicate with you | Until you delete your account |
| Document Content | Documents you create, upload, or edit within SuperDocs, including text, formatting, and structure | To provide the core document editing and AI assistance features you request | Until you delete the document or your account |
| Attachments | Files you upload to the platform (PDFs, images, text files) for use with AI features | To process your files and provide the AI-assisted features you request | Until you remove the attachment or delete your account |
| Usage Data | Features used, number of AI operations performed, session identifiers, timestamps of interactions | To enforce usage limits per your subscription tier, improve the Service, and provide customer support | Aggregated data retained for analytics; per-user data deleted upon account deletion |
| API and Integration Data | API keys, session identifiers, request metadata (for B2B customers using our API) | To authenticate API requests, enforce rate limits, and provide the integration services | Until the API key is revoked or the organization account is deleted |
| Device and Technical Data | Browser type, operating system, IP address, referring URL | To maintain security, prevent abuse, and ensure the Service functions correctly across devices | Retained in server logs for up to 90 days |
| Communication Data | Emails or messages you send to us via support or contact channels | To respond to your inquiries and provide support | Retained for the duration of the support relationship |
| Payment Data | Billing information, payment method details (when payment processing is enabled) | To process payments for paid subscription tiers | Managed by our payment processor; we do not store full payment card details |
What we do NOT collect:
- We do not purchase personal data from data brokers or third-party sources.
- We do not collect biometric data, precise geolocation, or health information.
- We do not collect data from children (see Children's Privacy below).
2. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service — To operate SuperDocs, process your documents, deliver AI-assisted features, and maintain your session and document state across visits.
- Account Management — To create and manage your account, verify your identity, and process subscription changes.
- Usage Tracking — To track your AI operation usage against your subscription tier limits (Free: 500 ops/month, Plus: 2,000 ops/month, Pro: 10,000 ops/month, Enterprise: custom).
- Service Improvement — To understand how the Service is used in aggregate, identify issues, and improve functionality. We analyze usage patterns in aggregate form, not at the individual document level.
- Security and Abuse Prevention — To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
- Communication — To send you essential service notifications (e.g., password resets, usage limit alerts, service updates). We do not send marketing emails unless you explicitly opt in.
- Legal Compliance — To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
What we do NOT do with your information:
- We do not sell your personal data to third parties.
- We do not use your personal data for targeted advertising.
- We do not share your document content with other users or organizations unless you explicitly choose to do so.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing the Service (account, documents, AI features) | Performance of a contract (Article 6(1)(b) GDPR) |
| Usage tracking and subscription enforcement | Performance of a contract (Article 6(1)(b) GDPR) |
| Security and abuse prevention | Legitimate interest (Article 6(1)(f) GDPR) |
| Service improvement (aggregate analytics) | Legitimate interest (Article 6(1)(f) GDPR) |
| Legal compliance | Legal obligation (Article 6(1)(c) GDPR) |
| Marketing communications (if opted in) | Consent (Article 6(1)(a) GDPR) |
Where we rely on legitimate interest, our interest is in operating a secure, functional, and improving service. We balance this against your rights and do not use legitimate interest for any processing that would be unexpected or intrusive.
4. AI and Document Processing
SuperDocs uses AI technology to provide document editing, analysis, and generation features. This section explains how your data interacts with our AI systems.
How AI processing works:
- When you use AI features (such as asking the AI to edit, analyze, or generate content), the relevant portions of your document and your instructions are sent to our AI service provider for processing.
- The AI processes your request and returns a response, which SuperDocs then applies to your document.
- AI processing occurs only when you actively use AI features. Simply editing a document manually does not trigger AI processing.
Your data and AI model training:
- We do not use your documents, prompts, or AI-generated content to train any AI or machine learning models.
- Our AI service provider is contractually prohibited from using your data to train their models when processing is performed through paid service tiers.
- Our AI service provider may retain prompts and responses for a limited period (up to 55 days) solely for the purpose of abuse monitoring and enforcing their usage policies. This retention is handled by the provider, not by SuperDocs, and is subject to the provider's data handling practices.
Content ownership:
- You retain full ownership of all content you create, upload, or generate using SuperDocs, including any AI-assisted or AI-generated content.
- We claim no intellectual property rights over your documents or their contents.
AI-generated content disclaimer:
- Content generated or modified by AI features is provided as assistance. SuperDocs does not guarantee the accuracy, completeness, or legal sufficiency of AI-generated content. You are responsible for reviewing and verifying all content before use.
5. Data Storage and Security
Where your data is stored:
- Your data is stored on secure infrastructure provided by Google Cloud Platform, located in the United States.
- We are actively expanding our regional hosting options to serve customers globally. For current regional availability, contact hello@superdocs.app.
How we protect your data:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
- Encryption at rest: Data stored in our database infrastructure is encrypted at rest using industry-standard encryption.
- Authentication security: We use Firebase, a Google-operated authentication service, to manage user authentication. Passwords are never stored in plain text.
- Access controls: Access to production systems and customer data is restricted to authorized personnel only.
- Infrastructure security: Our cloud infrastructure provider maintains industry-recognized security certifications, including SOC 1, SOC 2, SOC 3, and ISO 27001 compliance.
What we cannot guarantee:
- No method of electronic transmission or storage is 100% secure. While we implement industry-standard measures to protect your data, we cannot guarantee absolute security. If we become aware of a security breach affecting your personal data, we will notify you in accordance with applicable law.
6. Third-Party Services
We use the following third-party services to operate SuperDocs. For each, we describe the general purpose and link to their privacy documentation.
| Service Provider | Purpose | Privacy Documentation |
|---|---|---|
| Google Cloud Platform | Cloud infrastructure, hosting, and secure database services | Google Cloud Privacy Notice · Data Processing Addendum |
| Firebase (Google) | User authentication (email/password and Google Sign-In) | Firebase Privacy and Security · Data Processing Terms |
| Google AI Services | AI-powered document processing features | Gemini API Terms · Data Logging Policy |
| Zoho | Email services (for support and communication) | Zoho Privacy Policy |
Our commitments regarding third-party services:
- We maintain appropriate data processing agreements with our service providers.
- We select providers that maintain industry-recognized security standards and certifications.
- We do not share your data with third parties for their own marketing or advertising purposes.
- We review our third-party service providers periodically to ensure they continue to meet our security and privacy standards.
7. Data Sharing
We share your personal data only in the following limited circumstances:
- Service providers: With the third-party services listed above, solely to operate the Service. Each provider processes data only on our behalf and under our instructions.
- Legal requirements: When required by law, regulation, legal process, or enforceable governmental request. We will notify you of such requests where legally permitted.
- Safety and rights protection: To protect the rights, safety, or property of SuperDocs, our users, or the public, including enforcing our Terms of Service.
- Business transfers: In connection with a merger, acquisition, or sale of assets. In such an event, we will notify you before your personal data is transferred and becomes subject to a different privacy policy.
- With your consent: When you explicitly direct us to share your data (e.g., sharing a document with another user or third party).
We do not:
- Sell your personal data to any third party, under any circumstances.
- Share your document content with other SuperDocs users or organizations without your explicit direction.
- Provide your data to advertisers or data brokers.
8. Your Rights
Depending on your location, you have some or all of the following rights regarding your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of the personal data we hold about you | Email hello@superdocs.app |
| Correction | Request correction of inaccurate personal data | Update your profile in-app, or email us |
| Deletion | Request deletion of your account and associated data | Email hello@superdocs.app |
| Export | Request a portable copy of your data (documents and account info) | Email hello@superdocs.app |
| Restriction | Request that we restrict processing of your data | Email hello@superdocs.app |
| Objection | Object to processing based on legitimate interest | Email hello@superdocs.app |
| Withdraw Consent | Withdraw consent where processing is based on consent | Update preferences in-app, or email us |
Response timeline: We will respond to all privacy rights requests within 30 days. If we need additional time (up to 60 additional days for complex requests), we will notify you of the extension and the reason.
Verification: To protect your privacy, we may need to verify your identity before processing your request. We will ask you to confirm your request from the email address associated with your account.
No discrimination: We will not discriminate against you for exercising any of your privacy rights.
9. B2B API Customers
If you are a business or organization using SuperDocs through our API, the following additional terms apply to the data processed through your integration:
Data controller responsibilities:
- When you integrate SuperDocs into your own product via our API, you are the data controller for your end users' data. SuperDocs acts as a data processor on your behalf.
- You are responsible for providing appropriate privacy notices to your end users and obtaining any necessary consents for the processing of their data through our Service.
- You are responsible for ensuring your use of our API complies with all applicable data protection laws in the jurisdictions where your end users are located.
Data processing terms:
- Our API processes data on your behalf according to your instructions (i.e., the API calls you make).
- We do not access, use, or share your end users' data for any purpose other than providing the Service as instructed by your API requests.
- Upon termination of your API agreement, we will delete your organization's data within 30 days, unless retention is required by law.
Data Processing Agreement (DPA):
- Enterprise customers may request a formal Data Processing Agreement that details our obligations as a data processor. Contact hello@superdocs.app to request a DPA.
API key security:
- You are responsible for keeping your API keys secure. Do not share API keys in public repositories, client-side code, or insecure environments.
- If you suspect an API key has been compromised, revoke it immediately and contact us.
10. GDPR Compliance
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR):
Your GDPR rights include:
- Right to access your personal data (Article 15)
- Right to rectification of inaccurate data (Article 16)
- Right to erasure (“right to be forgotten”) (Article 17)
- Right to restriction of processing (Article 18)
- Right to data portability (Article 20)
- Right to object to processing based on legitimate interest (Article 21)
- Rights related to automated decision-making (Article 22) — SuperDocs does not make automated decisions that produce legal or similarly significant effects on you. Our AI features assist with document editing based on your explicit instructions and are not used for profiling or automated decision-making about individuals.
International data transfers:
- Your data is stored in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, as incorporated into our data processing agreements with Google Cloud Platform and Firebase, to ensure an adequate level of protection for data transferred from the EEA to the United States.
Supervisory authority:
- You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that our processing of your personal data violates the GDPR.
Data Protection Officer:
- Given our current stage and scale, we have not appointed a formal Data Protection Officer. For all privacy-related inquiries, contact hello@superdocs.app. We will appoint a DPO if and when required by applicable law.
11. CCPA Compliance
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
Your California privacy rights include:
- Right to Know — You may request the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, our purpose for collecting it, and the categories of third parties with whom we share it.
- Right to Delete — You may request that we delete personal information we have collected from you, subject to certain exceptions.
- Right to Correct — You may request that we correct inaccurate personal information we hold about you.
- Right to Opt-Out of Sale or Sharing — We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out of sale or sharing.
- Right to Limit Use of Sensitive Personal Information — We do not use sensitive personal information for purposes beyond what is necessary to provide the Service.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.
Categories of personal information collected (last 12 months):
| CCPA Category | Examples from SuperDocs | Sold? | Shared for Advertising? |
|---|---|---|---|
| Identifiers | Email address, display name, IP address | No | No |
| Commercial information | Subscription tier, usage records | No | No |
| Internet or network activity | Pages visited, features used, session data | No | No |
| Professional or employment information | Only if voluntarily provided in documents | No | No |
| Inferences | None — we do not create consumer profiles | N/A | N/A |
How to exercise your rights: Email hello@superdocs.app with your request. We will verify your identity and respond within 45 days (extendable by an additional 45 days for complex requests).
Authorized agents: You may designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of authorization and may still verify your identity directly.
12. Cookies and Tracking
What we use:
- Essential cookies: We use cookies that are strictly necessary for the Service to function, including authentication session cookies. These cannot be disabled without breaking the Service.
- Analytics: We collect behavioral analytics data (page views, feature usage, button clicks, scroll depth) to understand how the Service is used and to improve it. This data is collected in aggregate and is not used to build individual user profiles for advertising purposes.
What we do NOT use:
- We do not use third-party advertising cookies or tracking pixels.
- We do not participate in cross-site tracking or retargeting.
- We do not sell or share analytics data with advertisers.
Your choices:
- Most browsers allow you to control cookies through their settings. Blocking essential cookies may prevent the Service from functioning correctly.
- We respect the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we treat it as a valid opt-out of any non-essential data sharing.
13. Children's Privacy
SuperDocs is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at hello@superdocs.app. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.
14. Data Retention
We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy.
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Documents and attachments | Until you delete the content or your account |
| Conversation history (chat sessions) | Until you delete the session or your account |
| Usage data (AI operations count) | Aggregated: retained indefinitely for analytics. Per-user: deleted upon account deletion |
| Server logs (IP, device info) | Up to 90 days |
| Support communications | Duration of the support relationship, plus up to 2 years for reference |
What happens when you delete your account:
- Your account information, documents, attachments, and conversation history are deleted within 30 days of your deletion request.
- Some data may be retained in encrypted backups for up to an additional 90 days, after which it is permanently deleted.
- Aggregated, anonymized data that does not identify you may be retained indefinitely for analytics purposes.
- Data that we are legally required to retain (e.g., for tax, legal, or regulatory purposes) will be retained for the legally mandated period and then deleted.
15. International Data Transfers
SuperDocs is operated from and data is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.
Safeguards for international transfers:
- EEA, UK, and Switzerland: We rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, incorporated into our agreements with our cloud infrastructure and authentication providers, to provide adequate protection for data transfers.
- Other jurisdictions: We comply with applicable data transfer requirements in other jurisdictions where our users are located.
We are actively expanding regional hosting options to better serve customers worldwide. For customers requiring data residency in specific regions, contact hello@superdocs.app for current availability.
16. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law.
How we notify you:
- For material changes, we will notify you by email (sent to the address associated with your account) and/or by placing a prominent notice within the Service at least 30 days before the changes take effect.
- For non-material changes (e.g., clarifications, formatting), we will update the “Last Updated” date at the top of this policy.
Your continued use: Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you may delete your account.
17. Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or have a concern about how we handle your data, contact us:
- Email: hello@superdocs.app
We aim to respond to all privacy-related inquiries within 30 days.