PRIVACY & SECURITY

Privacy Policy

Last updated: February 4, 2026

Our Commitment to Your Privacy

At Supoid, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI-powered research assistant service.

🔒

Encrypted Storage

Your data is encrypted at rest and in transit

🚫

No Data Selling

We never sell your personal information

Full Control

Delete your data anytime

1. Information We Collect

1.1 Information You Provide

When you create an account or use our Service, we collect:

  • Account Information: Email address, name, password (encrypted)
  • Profile Information: Optional profile picture, preferences, language settings
  • Content: Articles you save, notes you create, highlights, tags, collections
  • Payment Information: Processed securely by Polar.sh (we don't store credit card details)

1.2 Automatically Collected Information

  • Usage Data: Features used, actions taken, time spent
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, pages viewed
  • Cookies: Session cookies for authentication and preferences

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process articles, generate summaries, create knowledge graphs
  • Personalization: Customize your experience based on preferences and usage
  • Communication: Send service updates, security alerts, and important notifications
  • Improvement: Analyze usage patterns to improve features and performance
  • Security: Detect and prevent fraud, abuse, and security threats
  • Compliance: Fulfill legal obligations and enforce our Terms of Service
  • Customer Support: Respond to your questions and resolve issues

3. AI Processing and Third-Party Services

3.1 AI Content Processing

We use AI models (including but not limited to Llama 3.3, Claude, and others via OpenRouter) to:

  • Generate article summaries and key points
  • Discover connections between articles
  • Answer questions about your library (Pro/Team plans)

Your content is sent to these AI services for processing. We use enterprise agreements with zero-retention policies where available. AI providers do not use your data to train their models.

3.2 Third-Party Services

  • Supabase: Database and authentication (encrypted storage)
  • Polar.sh: Payment processing (PCI-DSS compliant)
  • Vercel: Hosting and CDN (SOC 2 Type II certified)
  • OpenRouter: AI model access with privacy controls

4. Data Sharing and Disclosure

We do not sell your personal information. We only share your information in the following circumstances:

  • With Your Consent: When you explicitly authorize sharing
  • Service Providers: Trusted partners who help us operate the Service (under strict confidentiality agreements)
  • Team Sharing: With team members on Team plans for shared collections
  • Legal Requirements: When required by law, subpoena, or court order
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to you)
  • Security and Fraud: To protect rights, property, and safety of Supoid, users, or the public

5. Data Security

We implement industry-standard security measures to protect your data:

🔐 Encryption

AES-256 encryption at rest, TLS 1.3 in transit

🛡️ Access Control

Role-based permissions, Row Level Security (RLS)

🔍 Monitoring

24/7 security monitoring and threat detection

✅ Audits

Regular security audits and penetration testing

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continuously work to improve our protections.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specific retention periods:

  • Account Data: Until you delete your account
  • Saved Articles: Until you delete them or your account
  • Usage Analytics: Aggregated and anonymized after 12 months
  • Payment Records: 7 years (legal requirement)
  • Support Tickets: 3 years after resolution

When you delete your account, we permanently remove all personal data within 30 days, except where retention is required by law.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your data in machine-readable format
  • Object: Object to certain processing activities
  • Restrict: Request limitation of data processing
  • Withdraw Consent: Opt-out of marketing communications

To exercise these rights, contact us at privacy@supoid.com. We respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for authentication and core functionality
  • Preference Cookies: Remember your settings and choices
  • Analytics Cookies: Understand how you use the Service (anonymized)

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by regulatory authorities
  • Servers located in secure, SOC 2 compliant data centers
  • Compliance with GDPR, CCPA, and other privacy regulations

10. Children's Privacy

Supoid is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it immediately. If you believe a child has provided us with personal information, contact us at privacy@supoid.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice on our website
  • In-app notification when you next log in

Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Privacy Team: privacy@supoid.com

General Support: support@supoid.com

Data Protection Officer: dpo@supoid.com