Privacy Policy

1. Introduction and Scope

SuperSpawn ("we," "our," or "us") is committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy applies to all information collected through our website, services, and any related applications, tools, or resources (collectively, the "Service").

This policy covers:

• Our business intelligence platform and company directory services
• All interactions with our website and mobile applications
• Communications between you and SuperSpawn
• Third-party integrations and data sources

By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Service:

• Account Registration: Email address, full name, company name, job title, and encrypted password
• Profile Information: Professional details, preferences, and account settings
• Communication Data: Messages, support tickets, feedback, and survey responses
• Payment Information: Billing address, payment method details (processed securely through third-party providers)
• User-Generated Content: Comments, reviews, saved searches, and custom lists

2.2 Information Collected Automatically

When you access or use our Service, we automatically collect certain technical information:

• Device Information: Device type, operating system, browser type and version, screen resolution
• Usage Analytics: Pages visited, time spent on pages, click patterns, search queries, feature usage
• Network Data: IP address, ISP information, general geographic location (city/country level)
• Session Data: Login timestamps, session duration, referral sources
• Performance Metrics: Load times, error reports, system diagnostics

2.3 Information from Third Parties

We may collect information about you from third-party sources:

• Business Data Providers: Publicly available company information, professional contacts
• Social Media: Public profile information when you connect social accounts
• Analytics Services: Aggregated usage statistics and market research data
• Security Providers: Fraud detection and account security information

3. How We Use Your Information

3.1 Primary Service Functions

We use your information to provide and improve our core services:

• Account Management: Create, maintain, and secure your user account
• Service Delivery: Provide access to company data, search functionality, and analytics tools
• Personalization: Customize your experience based on preferences and usage patterns
• Data Quality: Enhance and verify business information accuracy

3.2 Communication and Support

• Respond to your inquiries and provide customer support
• Send service-related notifications and updates
• Deliver marketing communications (with your consent)
• Conduct user research and gather feedback

3.3 Business Operations

• Process payments and manage billing
• Analyze usage patterns to improve our services
• Conduct research and development for new features
• Generate anonymized analytics and market insights

3.4 Legal and Security

• Ensure platform security and prevent fraud
• Enforce our Terms of Service and acceptable use policies
• Comply with legal obligations and regulatory requirements
• Protect our rights and the rights of our users

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data under the following legal bases:

• Contractual Necessity: Processing required to provide our services under our Terms of Service
• Legitimate Interest: Analytics, security, fraud prevention, and service improvement
• Consent: Marketing communications and optional features (withdrawable at any time)
• Legal Obligation: Compliance with applicable laws and regulations

5. Information Sharing and Disclosure

5.1 Service Providers

We share information with trusted third-party service providers who assist in operating our business:

• Cloud Infrastructure: Hosting, storage, and computing services
• Payment Processing: Secure payment and billing management
• Analytics and Monitoring: Performance tracking and error reporting
• Customer Support: Help desk and communication tools
• Email Services: Transactional and marketing email delivery

All service providers are contractually bound to protect your information and use it only for specified purposes.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will provide notice and ensure continued protection under this policy.

5.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of SuperSpawn, our users, or the public
• Prevent fraud, security breaches, or illegal activities

5.4 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

6. Data Security and Protection

6.1 Security Measures

We implement comprehensive security measures to protect your information:

• Encryption: Data encryption in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Multi-factor authentication and role-based access restrictions
• Infrastructure Security: Secure cloud hosting with regular security audits
• Monitoring: 24/7 security monitoring and incident response procedures
• Regular Updates: Continuous security patches and vulnerability assessments

6.2 Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for 3 years after closure
• Usage Analytics: Aggregated data retained for up to 5 years for business intelligence
• Communication Records: Support tickets and communications retained for 2 years
• Legal Requirements: Some data may be retained longer to comply with legal obligations

6.3 Data Breach Response

In the event of a data breach, we will:

• Investigate and contain the breach immediately
• Notify affected users within 72 hours when required by law
• Report to relevant authorities as legally required
• Take steps to prevent future incidents

7. Your Privacy Rights

7.1 Universal Rights

Regardless of your location, you have the following rights:

• Account Access: View and download your account information
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your account and associated data
• Communication Preferences: Opt out of marketing communications

7.2 Additional Rights (GDPR/CCPA)

If you're located in the EU, UK, or California, you may have additional rights:

• Data Portability: Receive your data in a machine-readable format
• Processing Restriction: Limit how we process your information
• Objection: Object to processing based on legitimate interests
• Automated Decision-Making: Opt out of automated profiling
• Non-Discrimination: Equal service regardless of privacy choices

7.3 Exercising Your Rights

To exercise your privacy rights:

1. Log into your account settings for basic controls
2. Contact us at privacy@superspawn.com for complex requests
3. We will respond within 30 days (or as required by applicable law)
4. We may require identity verification for security purposes

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality and security
• Performance Cookies: Help us understand how users interact with our site
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (with consent)

8.2 Cookie Management

You can control cookies through:

• Our cookie consent banner (displayed on first visit)
• Your browser settings and preferences
• Third-party opt-out tools and browser extensions
• Industry opt-out mechanisms (NAI, DAA)

8.3 Third-Party Analytics

We use third-party analytics services that may collect information about your online activities:

• Google Analytics: Website usage statistics (anonymized)
• Mixpanel: Product analytics and user behavior insights
• Hotjar: User experience and heatmap analysis (with consent)

9. International Data Transfers

Your information may be transferred and processed in countries other than your country of residence. We ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate privacy laws
• Standard Contractual Clauses: EU-approved data transfer mechanisms
• Certification Programs: Privacy Shield successors and industry certifications
• Corporate Policies: Binding corporate rules for internal transfers

We maintain a list of our international service providers and transfer mechanisms, available upon request.

10. Children's Privacy

Our Service is designed for business professionals and is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal information from a child under 16, we will:

• Delete the information immediately
• Terminate the associated account
• Notify the parent or guardian if contact information is available
• Implement additional safeguards to prevent future collection

11. California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act:

Categories of Information We Collect:

• Identifiers (name, email, IP address)
• Commercial information (transaction history, preferences)
• Internet activity (website usage, search history)
• Professional information (job title, company)
• Inference data (preferences, characteristics)

Your CCPA Rights:

• Right to Know: Request disclosure of collected information
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the sale of personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

Note: We do not sell personal information to third parties for monetary consideration.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the "Last updated" date at the top of this policy
• We will notify you via email or prominent notice on our website
• For significant changes, we may seek your renewed consent
• We will maintain previous versions for your reference

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

13. Regulatory Compliance

SuperSpawn complies with applicable privacy laws and regulations, including:

• GDPR: European General Data Protection Regulation
• CCPA: California Consumer Privacy Act
• PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
• LGPD: Lei Geral de Proteção de Dados (Brazil)

We regularly review our practices to ensure ongoing compliance with evolving privacy requirements.