Privacy policy

Welcome to Supernova website and apps. This Privacy Policy explains how Supernova.io Inc., whose registered office is at 1111B S Governors Ave STE 6495, Dover, 19904 Delaware, United States, Delaware entity number 7171181 (“Supernova” or “we”) works with information in relation to our website supernova.io, supernova-docs.io and apps, in particular Supernova Studio including all of its versions and app.supernova.io (collectively, the "Software"). This Privacy Policy provides also for your choices and rights in relation to the collection and use of your information and applies to all visitors, users, and others who access the Software ("Users"). Due to the fact that we are seated under the US jurisdiction, we have appointed representative in the Czech Republic which is our subsidiary Supernova Corporation CZ s.r.o. with its registered office at Sokolovská 685/136f, Praha, 186 00, Czech Republic, company number 067 81 021 (“Supernova subsidiary”). This Privacy Policy is a part of Terms for using Supernova website and Software consisting of Terms & Conditions and Payment Terms as defined in Terms & Conditions.

Supernova complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce.  Supernova has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit:https://www.dataprivacyframework.gov/

1. Information we collect

1.1. We collect and further process the following types of information:

  • Your first and last name, username, password and e-mail address when you register for Supernova account.
  • User content (e.g., comments) that you post to the Software.
  • Communications between you and Supernova. We may send you e-mails related to the Software (e.g., news, changes/updates to features of the Software), whereas you may opt out of those Software-related e-mails.
  • Information about your use of the Software, both anonymous and user-specific. We may use third-party analytics tools to help us measure usage trends for the Software. This may involve analysing of your data.

When you access the Software, you disclose certain information related to your hardware and software that we automatically collect. For example, we may collect in particular your IP (Internet Protocol) address, operating system, browser type, access times, pages visited, search terms, mobile carrier, device type, device IDs, application IDs, and other meta data. We collect this information to generate statistics about use of the Software and use the results to customize as well as improve the overall quality of the Software (the “Log data”).

1.2. The payments for Software are processed by a third party and we do not store or process any data regarding your payments or means of payment (such as credit card details etc.). It terms of payment, you will be redirected to the relevant third party.

How Supernova uses your information

2.1. In addition to some of the specific uses of information we describe in this Privacy Policy, we may use information that we receive to:

  • create a user profile and provide Software;
  • help you efficiently access your information and user profile after you sign in;
  • identify the User who made the payment for the Software;
  • provide personalized content and information to you and others, which could include online ads or other forms of marketing;
  • provide, improve, test, and monitor the effectiveness of our Software;
  • develop and test new products and features;
  • monitor metrics such as total number of visitors, traffic, and demographic patterns;
  • diagnose or fix technology problems;
  • possible e-mail communication.

2.2. We process your information mainly to fulfil our mutual contract. When you download our Software and agree with our Terms & Conditions, you enter into the contract with us by the terms of processing of personal data.

2.3. We also process your information on the basis of legitimate interests which are stipulated in Article 2.1. number (ii), (iv), (v), (vi), (vii), (viii) and (ix). Our legitimate interest lies in improving the functionality of the Software. For the purpose of this processing, we considered interests of our Users and evaluated that the processing is possible.

2.4. We also process your information in regards of payment and provision of Software to fulfill our legal duties, e.g., tax and accounting duties or other relevant duties that we should abide while providing Software.

Sharing of your information

3.1. We will not rent or sell your information to third parties outside Supernova without your consent. We will not also share your information with third parties except companies that help us with developing and testing our products. We also share your information with workers and freelancers of Supernova subsidiary.

3.2. The data may be also stored by the following cloud providers (processors):

  • Company used for storing of personal data: Amazon Web Services - US-based company, but we hold data on servers in the EU. The company is listed under Data Privacy Framework.
  • Google providing services related to cookies, YouTube etc. The company is listed under Data Privacy Framework.

3.3. We may also use the services of third parties, that help us with processing your information on the basis of legitimate interest. Although some of the companies are settled in the US, we have concluded relevant data processing contracts and the export of information is made under Standard contractual clauses or under Data Privacy Framework. We also evaluated the risks connected with using of this third-country parties. Here you can find out used services(Vendors & Subprocessors). Types of such trhird-parties:

  • Company providing services of security of the Software;
  • Company providing services of sharing documents, management, internal communication
  • Company providing services in connection with functionality of Software and fulfillment of our duties

3.4. We may remove parts of data that can identify you and share anonymized data with other parties. We may also combine any anonymized information with other information in a way that it is no longer associated with you and share that aggregated information.

3.5. We do not add any cookies to customer sites. The cookies described in this Policy only apply to Supernova’s own marketing and product pages, not websites, exporters, or other products that are created with Supernova or published via supernova-docs.io. Customers may make changes to their published projects at their own discretion that may cause cookies to be added on Supernova's subdomains (for example, enabling Google Analytics), but these changes are optional and not made by Supernova which has no responsibility.

3.6. We may access, preserve and share your information to comply with legal requirements. We may also access, preserve and share information when it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm. Supernova shall disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

3.7. If we transfer personal information to a third parties, we always meet obligations set out in DPF, namely:

  • if we transfer personal data to controllers, a contract is concluded that provides for the same level of protection as is available under the EU-U.S. DPF,
  • if we transfer personal data to processors (or agents), we:
    • transfer such data only for limited and specified purposes;
    • ascertain that the processor (agent) is obligated to provide at least the same level of privacy protection as is required by the Principles;
    • take reasonable and appropriate steps to ensure that the processor (agent) effectively processes the personal information transferred in a manner consistent with our obligations under the Principles;
    • require the processor (agent) to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
    • upon notice, including under previous point, take reasonable and appropriate steps to stop and remediate unauthorized processing;
    • provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request;
    • meet all other necessary obligations under GDPR.
  • when we act as personal data processor, data processing contract is always concluded.


3.8. Supernova shall remain liable under the principles set out in DPF (“DPF Principles”) when onward transfers to third parties are applicable and has responsibility for the processing of personal information when transferring to other recipients, mainly if its agent or sub-processor processes such personal information in a manner inconsistent with the DPF Principles, unless Supernova proves that it is not responsible for the event giving rise to the damage.

Protecting your information

4.1. Taking into account the state of the art, scope, context and purposes of processing of your personal information as well as the risk of varying likelihood and severity for your rights and freedoms, we take reasonable steps to protect and secure your personal information against unauthorized access or disclosure. We use security software to protect the confidentiality of your personal information. We review our business practices periodically for compliance with policies and procedures governing the security of our information.

4.2. To register with the Software, you will be required to select a password to protect your account unless you log in with your account using a third-party service (Google or GitHub account). You must keep your password confidential.

Your choices about your information

5.1. You can update your account information at any time by logging in and changing your profile settings.

5.2. You are entitled to unsubscribe from email communications from us by clicking on the "unsubscribe link" provided in such communications.

Period of processing

6.1. We store and process your personal information for the period of your use of the Software. Following termination or deactivation of your account, Supernova may retain information (including your profile information) and User Content for a commercially reasonable time for backup, archival or audit purposes or for establishment, exercise or defence of our legal claims; such information will not be retained for more than 1 year after your termination or deactivation of your account and will not be used for any other purposes (only if legal duties shall apply).

Your rights

7.1. We take reasonable measures to ensure that you are able to keep your personal information accurate and up-to-date. You can always ask us to confirm whether or not we process your personal information and if we do, to what extent, and require access to it.

7.2. In accordance with applicable laws and as further detailed below, you have the right to request access to, rectification, erasure or portability (e.g. to another service provider) of your personal information that we process, as well as to request restriction of such processing. You can also withdraw your consent that you have given to us at any time (if we process your personal data on the basis of the consent). Please note that withdrawal of your consent does not affect lawfulness of any processing done on the understanding that you had given the consent before.

7.3. Access. You have the right to obtain confirmation from us as to whether or not we are processing your personal data. If we process your personal data, you also have the right to request access to information about the purpose and scope of the processing, the recipients of the data, the duration of the processing, the right to rectification, erasure, restriction of processing and to object to the processing, the right to lodge a complaint with a supervisory authority and the sources of the personal data (this information is already provided in this document). You can also ask us for a copy of the personal data we process. The scope of the data provided may be limited so as not to interfere with the rights and freedoms of others.

7.4. Inaccurate information. If you find out that your personal information is inaccurate or incomplete and you are unable to update this information according to Section 5 of this Privacy Policy, you may request us to update such personal information. We will verify your information accordingly without undue delay.

7.5. Erasure of your personal information. You can request that we erase your personal information at any time. If you approach us with such a request, we will delete (and ensure deletion by the processors that we engage) your personal information we have without undue delay. We will also delete all your personal information in case you withdraw your consent or under the circumstances that applicable laws require us to do so. Your personal information will be deleted accordingly, provided that it is no longer necessary for provision of the Software or there is no other legal ground for the processing.

7.6. Restriction of processing. If you request to restrict the processing of your personal information, e.g. in circumstances when you contest the accuracy of your personal information, or lawfulness of our need to process your personal information, we will limit processing of your personal information to the necessary minimum (storage). In such case, if applicable, we will process your personal information only for the establishment, exercise or defence of legal claims or, where necessary, for protection of rights of another natural or legal person, or other limited reasons dictated by the applicable law. In case the restriction is lifted and we continue processing your personal information, we will inform you accordingly without undue delay.

7.7. Portability of your personal information. You have the right to receive personal data which relate to you and you have provided to us. If you approach us with such request, we will provide you with your personal information in a commonly used and machine-readable format. If you request so, we may also send your personal information to a third party (another data controller) which you may identify in your request, unless such request would adversely affect rights or freedoms of others or would not be technically feasible.

7.8. Objections to direct marketing. If you no longer wish to receive marketing or promotional materials from us or you do not wish that your personal information is used for profiling as related to such marketing or promotional activities, you can request that we cease the use of your personal information for these purposes. In such case, you will no longer be able to benefit from some of the Software or specific features for which this category of processing is essential (i.e. the receipt of (personalised) marketing and promotional materials).

7.9. If you exercise any of your rights according to this Section or applicable laws, we will communicate any rectification or erasure of your personal data or restriction of processing in accordance with your request to each recipient to whom the personal information has been disclosed pursuant to Section 3, unless such communication proves impossible or involves disproportionate effort.

7.10. If you wish to exercise these rights and/or obtain all relevant information, please contact support@supernova.io. We will respond within 1 month after receipt of your request, but we retain the right to extend this period up to 2 months if necessary. We will in any event inform you within 1 month after receipt of your request whether it is necessary to extend the period to respond.

7.11. You have the right to submit a complaint concerning our data processing activities to the competent supervisory authority, which is, for Supernova subsidiary being subject to Czech jurisdiction, the Office for Protection of Personal Information (www.uoou.cz). Supernova is also subject to the investigatory and enforcement powers of the Federal Trade Commission („FTC“).

7.12. In addition to all rights mentioned above and in compliance with the EU-U.S. DPF, Supernova commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact Supernova at: support@supernova.io.

7.13. In compliance with the EU-U.S. DPF, Supernova commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF in the context of the employment relationship.

Binding arbitration conditions

8.1. Supernova is obliged to arbitrate claims and follow principles under Annex I of the Data Privacy Framework. These articles stipulate conditions for the individual to invoke binding arbitration.

8.2. If Supernova violates principles, under which it was certified to Data Privacy Framework (available here: https://www.dataprivacyframework.gov/s/article/A-Scope-dpf?tabset-35584=2, hereinafter also as “Principles”) and such violation remains fully or partially unremedied, individual may invoke arbitration. Decision of individual to invoke is entirely voluntary.

8.3. The arbitration will be held by the EU-U.S. Data Privacy Framework Panel which has the authority to impose relief (such as access, correction, deletion, or return of the individual’s data in question) necessary to remedy the violation of the principles only with respect to the individual. Each party bears its own attorney’s fees.

8.4. Before invoking the arbitration, individual must take following steps prior to initiating:

  • Raise the claimed violation directly with the Supernova and afford Supernova an opportunity to resolve the issue within the 45 days of receiving a complaint;
  • Make use of the independent recourse mechanism under the Principles, at no cost to the individual; and
  • Raise the issue through the individual’s DPA to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the Department’s International Trade Administration, at no cost to the individual.

Arbitration may not be invoked in situations stipulated herein: https://www.dataprivacyframework.gov/s/article/C-Pre-Arbitration-Requirements-dpf?tabset-35584=2, where the individual can also learn about other conditions of the arbitration.

8.5. FTC action may proceed in parallel with arbitration.

8.6. Supernova and individual may agree on language of arbitration. If nothing agreed, the language will be English.

CCPA and CPRA

9.1. This part applies only to a natural person who is a California resident according to relevant law.

9.2. Supernova does not sell any category of personal data being processed according to the Article 1.1. of this Privacy policy. Supernova does not collect any sensitive personal information.

9.3. All categories of personal data are processed under criteria set out in Article 6.1 of this Privacy policy.

9.4. Under CCPA and CPRA you have:

  • right to delete personal data - you shall have the right to request that a Supernova delete any personal data about you which Supernova has collected from you,
  • right to correct inaccurate personal data - you shall have the right to request Supernova that maintains inaccurate personal data about you correct such inaccurate personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data,
  • right to know what personal data is being collected - you have right to request to disclose information about personal data being processed about you.

Additional information provided to you:

  • categories of personal data processed in past 12 months are available in Article 1.1 of this Privacy policy;
  • all personal data are collected from website of Supernova, mutual communication or software provided;
  • personal data are not selled and are used only for provision of services and for purposes stipulated above;
  • categories of third parties are stipulated in Article 3.2. of this Privacy policy.

You also have these rights:

  • right to know what personal data is sold or shared to whom
  • right to opt out of sale or sharing of personal data
  • right to limit use and disclosure of sensitive personal data
  • right of no retaliation following opt out or exercise of other rights,

All of rights mentioned above will be exercised according to the CCPA and CPRA

9.5. Any consumer that falls within the scope of CCPA and CPRA has right to exercise their rights mentioned above. This right may be executed via e-mail support@supernova.io or via 1 724 790 4650

Other websites and services

10.1. We are not responsible for the practices related to personal data protection employed by any websites or services linked to or from our Software, including the information or content contained within them.

How to contact us

11.1. If you have any questions about this Privacy Policy or the Software, please find contact us at support@supernova.io.

Changes to our Privacy Policy

12.1. Supernova reserves right to modify or update this Privacy Policy from time to time. We shall inform you in advance about every substantial amendment hereof. Your continued use of the Software after any modification to this Privacy Policy will constitute your acceptance of such modifications made by us from time to time. Should any of the modifications of the Privacy Policy require your consent, we will contact you in order to obtain your consent herewith.

Effective date: 1st October 2023

© 2023 Supernova.io Inc.

Product

Pricing
Documentation
For enterprise
Integrations
Changelog
Request a feature

Resources

Blog
Events
Learn Supernova
FAQ
Slack Community
Developers

Supernova

Customers
Careers
Privacy Policy
Terms & Conditions
Master Subscription Agreement
Status