Privacy Policy

Effective Date: September 20, 2025

Superly (“we,” “our,” or “us”) values your privacy deeply. This Privacy Policy explains how we collect, use, and safeguard your information when you use our application and related services (“Services”). It is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Information We Collect

We may collect the following categories of information:

Account Information: Name, email, login credentials.
Payment and Billing Information: When you subscribe to our paid services, we collect payment information (processed securely by our payment provider), billing address, and purchase history. We do not store your full credit card details on our servers.
Whiteboard Data: Content you create, upload, or edit within the app.
AI Processing Data: Text, drawings, or other inputs you provide when using AI-powered features.
Usage Data: Device information, IP address, browser type, activity logs, and app interactions.
Cookies & Tracking Technologies: We use cookies, local storage, and similar technologies to improve app performance, remember your preferences, and analyze usage patterns (see Section 4 for details).

Google Sign-In and Authentication

When you sign in to Superly using Google Sign-In, we request access to the following Google user data:

Email address (email scope): Used to create and identify your account, send service communications, and provide customer support.
Basic profile information (userinfo.profile): Includes your name and profile picture. Used to personalize your account and display your identity within the app.
OpenID (openid scope): Used to authenticate your identity and enable secure sign-in.

How we handle your Google data:

Your Google authentication is securely managed and encrypted by our authentication service provider.
We only access the non-sensitive scopes listed above. We do not access your Google Drive, Gmail, Calendar, or other Google services.
Your Google email and profile information are stored securely in our database solely for account management and service provision.
We do not share your Google user data with third parties for advertising or marketing purposes.
We do not use your Google user data to train AI models or for any purpose other than providing our Services to you.
You can revoke our access to your Google account at any time through your Google Account permissions page.

2. How We Use Your Information

We process your information for the following purposes:

To provide, operate, and maintain the Services.
To enable AI-powered features (e.g., generating text or assisting with tasks).
To personalize and improve the app experience.
To communicate with you regarding updates, support, or security notices.
To deliver targeted advertising and measure marketing campaign effectiveness using Meta Pixel and Conversions API.
To comply with legal obligations.

We do not sell your personal information.

3. Security Measures

We implement industry-standard security measures to protect your personal data:

Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption protocols.
Access Controls: Strict access controls ensure that only authorized personnel can access user data, and only when necessary for service provision or support.
Authentication: Secure authentication mechanisms protect your account, including encrypted password storage and support for secure third-party authentication (Google Sign-In).
Regular Security Audits: We regularly review and update our security practices to address emerging threats.
Infrastructure Security: Our hosting infrastructure employs firewalls, intrusion detection, and other protective measures.

Important: While we take extensive precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using industry best practices.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Types of Technologies We Use:

Essential Cookies: Required for basic app functionality, authentication, and security.
Analytics Cookies: Help us understand how users interact with our Services to improve performance and user experience.
Preference Cookies: Remember your settings and preferences (e.g., theme, language).
Advertising/Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness. This includes:
- Meta Pixel (Facebook Pixel): Tracks user interactions to enable targeted advertising, remarketing, and conversion measurement on Meta platforms (Facebook, Instagram).
- Meta Conversions API (CAPI): Server-side tracking that sends conversion events to Meta for advertising optimization and measurement.
Local Storage: Used to store user preferences and app state data locally in your browser.

How to Control Cookies:

You can control cookies through your browser settings. However, disabling essential cookies may affect app functionality. Most browsers allow you to:

View and delete cookies
Block third-party cookies
Block all cookies (may impact functionality)
Clear cookies when closing the browser

For Meta/Facebook advertising cookies, you can:

Opt-out of personalized ads through your Facebook Ad Preferences
Manage your ad settings on Meta's Ad Settings page
Use browser extensions or privacy tools to block tracking pixels

For more information, visit your browser's help section.

5. Use of AI Models

Certain features in our app rely on third-party AI providers (e.g., large language models).

Your inputs (e.g., text, documents, or drawings) may be temporarily processed by these providers to generate responses.
We take measures to avoid sending unnecessary personal data to AI providers.
AI providers process data in accordance with their own privacy policies.
Unless explicitly stated, your data is not used by these providers to train their models.
Processing may involve servers located outside your home country (see Section 10: International Data Transfers).
Important: AI-generated responses are assistive tools only. All final decisions remain under your control, and we do not use AI for automated decision-making that affects your rights.

6. Legal Basis for Processing (GDPR)

We process your personal data under the following lawful bases:

Contractual necessity: To provide the Services you request.
Consent: For optional features, non-essential cookies, and marketing communications.
Legitimate interests: To improve our Services, ensure security, prevent fraud, and analyze usage patterns.
Legal obligations: To comply with applicable laws and regulations.

7. Your Rights

Under GDPR (for EU/EEA users):

You have the right to:

Access your personal data.
Request correction or deletion.
Restrict or object to processing.
Data portability (receive your data in a structured, machine-readable format).
Withdraw consent at any time (without affecting prior processing based on consent).
Lodge a complaint with your local data protection authority.

Under CCPA (for California residents):

You have the right to:

Know what personal data we collect, use, and disclose.
Request deletion of your data.
Opt-out of the “sale” or “sharing” of personal information (we do not sell your data).
Non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at help@superly.app

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Account Data: Retained while your account is active and for up to 90 days after account deletion to allow for restoration or legal compliance.
Whiteboard Content: Retained while your account is active. Permanently deleted within 90 days of account deletion.
Payment Records: Retained for up to 7 years to comply with tax and accounting regulations.
Usage Logs: Typically retained for 12-24 months for security and analytics purposes.
Support Communications: Retained for 3 years to assist with ongoing support needs.

You can request account deletion at any time (see Section 9 below).

9. Account Deletion and Data Portability

How to Delete Your Account:

Log in to your Superly account.
Navigate to Account Settings.
Select "Delete Account" and follow the confirmation steps.
Your account and associated data will be permanently deleted within 90 days.

Note: Some data may be retained as required by law (e.g., payment records for tax purposes) or to resolve disputes. We will inform you of any such retention.

Data Export:

Before deleting your account, you can export your data:

Go to Account Settings.
Select "Export My Data."
You will receive a downloadable file containing your whiteboard content and account information in a structured format (JSON).

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify affected users without undue delay, and where feasible, within 72 hours of becoming aware of the breach.
Inform relevant authorities as required by applicable law (e.g., data protection authorities under GDPR).
Provide details about the nature of the breach, the data affected, and steps taken to mitigate harm.
Offer guidance on protective measures you can take.

We maintain incident response procedures to quickly identify, contain, and remediate security incidents.

11. Automated Decision-Making and AI

We do not use automated decision-making or profiling in ways that produce legal effects or similarly significantly affect you.

AI-Powered Features: Our AI features (e.g., text generation, content assistance) are assistive tools designed to help you work more efficiently. You retain full control over all content and decisions.
No Automated Decisions: We do not make automated decisions about your account status, pricing, or access to Services.
Human Review: You always have the right to request human review of any AI-assisted outputs or recommendations.

Under GDPR, if we ever implement automated decision-making, you will have the right to object and request human intervention.

12. International Data Transfers

Our Services are provided globally, and your information may be transferred to and processed in countries outside your home country, including outside the European Economic Area (EEA).

When we transfer data internationally, we implement appropriate safeguards:

Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers from the EEA.
Adequacy Decisions: We may transfer data to countries deemed to provide adequate protection by the European Commission.
Service Provider Commitments: Our service providers are contractually required to protect your data in accordance with applicable laws.

By using our Services, you acknowledge and consent to the international transfer of your data as described in this policy.

13. Sharing of Information

We do not sell your personal data. We may share data only in the following circumstances:

Service Providers:

We work with trusted third-party service providers who process data on our behalf:

Authentication Services: Secure user authentication and identity verification.
Hosting and Infrastructure: Cloud hosting and database services to store and deliver our Services.
Payment Processors: Secure payment processing for subscriptions (we do not store your full credit card details).
AI Model Providers: Third-party AI services for enabling AI-powered features (e.g., text generation, content assistance).
Analytics Services: Tools to analyze app usage and improve user experience.
Advertising and Marketing Platforms: To deliver targeted advertisements and measure campaign effectiveness. This includes:
- Meta (Facebook/Instagram): We use Meta Pixel and Meta Conversions API to track conversions, optimize ad campaigns, and enable remarketing. Meta may collect information about your interactions with our Services including page views, button clicks, and conversion events. For more information, see Meta's Data Policy.
Email Services: Transactional and customer support email delivery.
Customer Support Tools: Platforms to manage and respond to support requests.

All service providers are contractually required to:

Use your data only for the specified purposes
Implement appropriate security measures
Comply with applicable privacy laws
Not use your data for their own purposes

Legal Requirements:

We may disclose your information if required by law, regulation, legal process, or governmental request, including to:

Comply with valid legal obligations (e.g., court orders, subpoenas)
Protect our rights, property, or safety
Investigate potential violations of our Terms of Service
Prevent fraud or security threats

Business Transactions:

In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change and your options regarding your data.

14. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Currently, there is no universal standard for how to respond to DNT signals.

Our Services do not currently respond to DNT signals. However, you can control cookies and tracking through your browser settings (see Section 4: Cookies and Tracking Technologies).

15. Children's Privacy

Our Services are not directed to children under 13 years of age (or the minimum legal age in your country, such as 16 in the EEA).

We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child, please contact us at help@superly.app.

16. Changes to this Policy

We may update this Privacy Policy from time to time. Updates will be posted with an updated “Effective Date.” Continued use of the Services means you accept the revised policy.

17. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, please contact us:

Superly
Florence Labs Inc.
Email: help@superly.app

We are committed to resolving privacy concerns promptly and will respond to your inquiry within the timeframes required by applicable law.

Last Updated: September 20, 2025