Privacy policy

1. Introduction

Welcome to Supercomms ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, store, and protect your information when you use our email intelligence platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Your email address

• Your name (as provided by Google OAuth)

• Profile picture (as provided by Google OAuth)

2.2 Email Data

With your explicit permission through Google OAuth, we access and process:

• Email metadata (subject, sender, recipients, timestamps, labels, thread information)

• Email previews (short snippets for classification and display)

• Gmail labels and categories

If you grant email sending and modification permissions, we may also:

• Send emails on your behalf through your Gmail account

• Modify email labels (e.g., mark emails as read, add or remove labels)

Important: We do NOT store full email body content or attachments. We only store essential metadata and short previews needed for email classification and organization.

2.3 Calendar Data

If you grant calendar permissions, we may access and manage:

• Calendar events and availability

• Event details (title, description, attendees, time, location)

• Create, update, and delete calendar events

2.4 Tasks Data

If you grant tasks permissions, we may access and manage:

• Task lists and tasks

• Task details (title, notes, due dates, completion status)

• Create, update, and delete tasks

3. How We Use Your Information

We use the collected information to:

• Provide Core Services: Sync, classify, and organize your emails using AI. Email content is processed for classification but full body content is not stored.

• Email Intelligence: Analyze email metadata and previews to provide insights, classifications, and smart actions

• Draft Assistance: Generate suggested email replies and responses by accessing email content on-demand via Gmail API

• Email Actions: Send emails on your behalf and mark emails as read when you use these features

• Calendar Integration: View, create, update, and delete calendar events. Suggest meeting times and manage scheduling

• Tasks Integration: View, create, update, and delete tasks. Organize and manage your task lists

• Service Improvement: Analyze usage patterns to enhance features and user experience

• Security: Detect and prevent fraud, abuse, and security incidents

• Communication: Send service-related notifications and updates

4. Google API Services User Data Policy

Supercomms' use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request access to the specific Google user data we need to provide our services

• We do not use, transfer, or sell Google Workspace API user data (including raw data, aggregated data, anonymized data, or derived data) to create, train, or improve foundational machine learning or artificial intelligence models. We only use Google Workspace API data to provide personalized AI features for your specific use case, such as email classification and draft generation tailored to your communication patterns.

• We do not use Google user data for serving advertisements

• We do not allow humans to read your email unless:

  • You have given explicit consent for a specific message

  • It's necessary for security purposes (e.g., investigating abuse)

  • Required by law

• We do not transfer Google user data to third parties except:

  • As necessary to provide or improve our services

  • To comply with applicable laws

  • As part of a merger, acquisition, or sale of assets (with notice to users)

5. Third-Party Services

We use the following third-party services to operate our platform:

• OpenAI: For AI-powered email classification and draft generation. Email metadata and previews are processed but not stored by OpenAI. Full email bodies are accessed from Gmail API only when needed and are not permanently stored.

• Supabase (PostgreSQL): For secure database hosting with encryption at rest

• Trigger.dev: For background job processing

• Google Cloud Platform: For Gmail, Calendar, and Tasks API access

These services are carefully selected and contractually obligated to protect your data according to industry standards.

6. Data Storage and Security

• Encryption in Transit: All data is encrypted in transit using TLS/SSL

• Database Encryption: Data is encrypted at rest by our database provider (Supabase)

• Access Controls: Strict access controls and authentication limit who can access user data

• Application-Level Encryption: Sensitive data is encrypted using AES-256-CBC before storage:

  • OAuth access and refresh tokens

  • Email content (sender, recipients, subject, preview)

  • AI-generated email summaries and classifications

  This provides an additional security layer beyond database encryption, ensuring data remains unreadable even with direct database access

• Data Retention: We retain your data only as long as necessary to provide services or as required by law

• Security Reviews: We regularly review our security practices and infrastructure

7. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data

• Correction: Update or correct inaccurate information

• Deletion: Request deletion of your account and associated data

• Revoke Access: Disconnect your Google account at any time through your Google Account settings or our app

• Export: Export your data in a machine-readable format

• Object: Object to certain types of processing

To exercise these rights, please contact us at info@supercomms.io  or use the account settings in the application.

8. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

• With Your Consent: When you explicitly authorize us to share specific information

• Service Providers: With trusted third-party providers who assist in operating our platform (under strict confidentiality agreements)

• Legal Requirements: When required by law, court order, or governmental request

• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)

• Security: To protect our rights, property, safety, or that of our users

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page

• Updating the "Last Updated" date

• Sending an email notification for significant changes

Your continued use of Supercomms after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: info@supercomms.io

• Support: info@supercomms.io

12. Additional Information for EU/EEA Users

If you are located in the European Union or European Economic Area, you have additional rights under GDPR:

• Right to data portability

• Right to restrict processing

• Right to object to automated decision-making

• Right to lodge a complaint with a supervisory authority

The legal basis for processing your data includes: consent, contractual necessity, legal obligations, and legitimate interests.