Privacy Policy

Controller and Contact

Controller: SUPERING TECHNOLOGY LLC

Address: 5830 E 2nd St, Ste 7000, Casper, Wyoming 82609, US

Email: hello@supering.io

Storage and Sync

To sync your content across devices, your account data and user-generated content are stored in Supabase (Postgres) with Row Level Security (RLS). We also use secure local storage on your device for offline access and caching. Data is hosted primarily in the United States. Our providers may process data in other countries consistent with the safeguards described in International Transfers below.

Information We Collect

Mobile Application

• Account Information: Email address, full name, profile photo (avatar), an app-scoped user ID, and optional preferences you choose to provide (e.g., budget level, dietary preferences, favorite cuisines, commute method, health goals).
• User-Generated Content: Notes, tasks, reminders, goals, diary entries, files/photos you attach, and AI prompts/responses you create. Your content may include personal or sensitive information at your discretion.
• Location (Foreground Only): With permission, precise (GPS) and approximate location while the app is in use to power context-aware features (e.g., weather, relevant suggestions). No background location. Location may be sent to OpenWeatherMap only to fetch weather conditions.
• Voice Input (Optional): With permission, microphone audio to convert speech to text for commands and note-taking. Audio is processed by our transcription/AI provider (e.g., Google speech services and/or Google AI/Gemini) solely to return text results and is not retained by us after transcription. Resulting text may be stored with your account.
• Camera (Optional): With permission, the camera to capture photos you attach to content. We do not import your device's photo library unless you choose to share from it.
• Calendar (Optional): If enabled, we create or update calendar events.
• Notifications & Device Data: Push notification token and limited device details (brand/model/OS version) to deliver notifications reliably.
• Diagnostics & Usage: IP address, device/OS type, app version, and feature usage necessary to secure, operate, and improve the Application.
• Biometric Authentication (Optional): When enabled, device biometric APIs (Face ID/Touch ID/Android Biometric) protect access to sensitive screens. Biometric templates never leave your device; we do not receive or store biometric data.

Website and Waitlist

• Waitlist Signup Information: When you join our waitlist, we collect your email address, referrer code (if provided), IP address, user agent string, referer header, UTM parameters (utm_source, utm_medium, utm_campaign), timestamp, and calculated waitlist position.
• Website Analytics: We use Vercel Analytics to collect page views, interactions, and basic usage statistics to improve our website. This includes anonymized data about how you interact with our website.
• Rate Limiting Data: We collect IP addresses temporarily for rate limiting purposes to prevent abuse and ensure service reliability. This data is stored in-memory and is not retained after the session ends.

How We Use Information

• Mobile Application: Provide core features including login, syncing, storage, reminders, notifications, calendar integration, and biometric lock (if enabled).
• Mobile Application: Send prompts and context you provide to our AI provider (e.g., Google AI/Gemini) to generate responses/suggestions. We may store responses with your account for history and search.
• Mobile Application: Process audio solely to return text results; we do not retain the audio after transcription.
• Mobile Application: Deliver transactional and service communications (e.g., verification, receipts, important updates) via Resend.
• Website and Waitlist: Manage waitlist signups, send email communications about product updates and availability, and track your position on the waitlist.
• Website and Waitlist: Use analytics data to improve website functionality and user experience.
• All Services: Prevent abuse, troubleshoot, and improve reliability and user experience.
• All Services: Comply with law, enforce terms, and protect rights, safety, and property.

What We Don't Do

• We do not sell your personal information.
• We do not import your device's contacts. Any contacts you store are those you manually enter.
• We do not collect advertising IDs for ad targeting.

Third-Party Service Providers

Mobile Application: We rely on service providers such as Supabase (authentication, database, edge functions), Google (OAuth, Google AI/Gemini, speech), Apple (Sign in with Apple), Expo (push notifications), RevenueCat (subscriptions/entitlements), OpenWeatherMap (weather data), xAI (Grok models for insights), OpenAI (via secured Supabase edge functions), and Resend (transactional email).

Website and Waitlist: We use Google Sheets API to store waitlist signup data, Loops email service for CRM and email communications, and Vercel Analytics for website analytics. Your waitlist signup information (email, IP address, user agent, referer, UTM parameters, timestamp) is stored in Google Sheets and Loops CRM for waitlist management and email communications.

Location Details

Precise and approximate location are collected only with your permission and only while using the app to power weather and context features. Location may be sent to OpenWeatherMap to retrieve conditions. No background location tracking.

AI & Transcription Providers

We configure our AI and transcription providers (e.g., Google speech services, Google AI/Gemini, xAI/Grok, and OpenAI routed through Supabase edge functions) to avoid using your prompts or audio to train their models where such controls are available. If a provider retains limited logs for service reliability or abuse prevention, we minimize the data we send and apply protective measures. We log AI prompts and responses in Supabase to provide history, debugging, and safety review. We never use AI/transcription content for targeted advertising and we do not make automated decisions that produce legal or similarly significant effects.

User-Provided API Keys

Certain features allow you to supply your own API keys (e.g., Google Gemini, xAI/Grok, OpenWeatherMap). These keys are stored locally on your device in secure application storage and are transmitted only to the selected provider when you invoke related functionality. We do not receive or store these keys on our servers. You can delete them at any time from settings or by clearing the app's local storage; doing so may disable the associated features.

Legal Bases for Processing (EEA/UK/Similar)

• Performance of a contract: Provide core features you request.
• Legitimate interests: Security, troubleshooting, and service improvement.
• Consent: Location, microphone/camera, calendar, notifications, and certain AI features.
• Legal obligations: Compliance with applicable laws.

Data Retention

Mobile Application: Account data and content (including AI prompts and responses stored in Supabase for history and safety review) are retained while your account is active and deleted upon request (subject to legal obligations and routine backup cycles). Voice audio is not retained after transcription; transcripts may be stored with your content. Diagnostics and usage data are retained up to 24 months and may be aggregated or anonymized thereafter. Deleted data may persist in encrypted backups for a limited period under our backup retention schedule before being purged.

Website and Waitlist: Waitlist signup data stored in Google Sheets and Loops CRM is retained until you request deletion or unsubscribe from our communications. You can request deletion of your waitlist data at any time by emailing us. IP addresses collected for rate limiting are stored temporarily in-memory and are not retained after the session ends. Analytics data from Vercel Analytics is retained according to Vercel's data retention policies.

Sharing and Disclosure

We share data with the providers listed above only as needed to operate the Application. We may disclose information to comply with legal process, enforce terms, protect safety, prevent fraud, or in connection with a corporate transaction (e.g., merger, acquisition), subject to continued protections.

Your Choices and Rights

• Disable location, microphone, camera, calendar, and biometric access in device settings at any time.
• Email hello@supering.io to request access, export, or deletion of your data. We will respond within a reasonable timeframe.
• Depending on your location (e.g., GDPR/CPRA), you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. You may appeal our decision by replying to our response or emailing us with "Appeal" in the subject. We do not sell or share personal information for cross-context behavioral advertising and we do not use sensitive personal information for additional purposes.

Security

We apply encryption in transit (HTTPS), provider encryption at rest (e.g., Supabase), least-privilege access, audit logging, and access controls (including database Row Level Security). We will notify you and/or regulators of data breaches as required by law. No system is 100% secure.

International Transfers

We may process and store data in the United States and other countries where our providers operate, using appropriate safeguards where required (e.g., EU Standard Contractual Clauses and the UK IDTA/UK Addendum).

Data Safety Summary

• Location (precise/approximate): App functionality (weather/context); not used for advertising.
• Identifiers (account ID, push token): Account management and notifications.
• Diagnostics/usage: App performance, reliability, and security.
• Contacts: Not imported; only information you manually enter.
• Messages: We do not access device Emails or SMS/MMS content; only in-app messages are processed.

Children's Privacy

The Application is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn such data was provided, we will delete it. In some regions (e.g., EEA/UK), higher age thresholds may apply.

Changes to This Policy

We may update this Policy from time to time. We will post updates in-app or on our website. Continued use constitutes acceptance of the updated Policy.

Contact

SUPERING TECHNOLOGY LLC
5830 E 2nd St, Ste 7000, Casper, Wyoming 82609, US
Email: hello@supering.io