Privacy Policy

Last updated: March 2026

1. Introduction

SuperaCRM ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service at superacrm.com.

2. Data We Collect

Account Data

When you register, we collect your email address and an encrypted password. We do not store passwords in plain text.

Business Data

Data you enter into the Service, including client information, product details, invoices, and company settings. This data is owned entirely by you.

Usage Data

We may collect anonymous usage data such as page views, feature usage, and error logs to improve the Service. This data cannot be used to identify you personally.

3. How We Use Your Data

We use your data exclusively to:

• Provide and maintain the Service
• Authenticate your account
• Generate invoices and PDFs as requested by you
• Process AI assistant requests (text is sent to Anthropic Claude API for processing)
• Process voice input (audio is sent to OpenAI Whisper API for transcription)
• Improve the Service based on anonymous usage patterns

4. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with Row-Level Security (RLS) enabled, ensuring that each user can only access their own data. All data is encrypted in transit (TLS) and at rest. We use industry-standard security practices to protect your information.

5. Third-Party Services

We use the following third-party services:

• Supabase — database hosting, authentication, and file storage
• Anthropic (Claude API) — AI assistant text processing
• OpenAI (Whisper API) — voice-to-text transcription

These services process data only as necessary to provide their functionality. We do not sell or share your data with any other third parties.

6. Data Retention

Your data is retained for as long as your account is active. If you delete your account, your data will be retained for 30 days (to allow recovery) and then permanently deleted. You may request immediate deletion by contacting us.

7. Your Rights

You have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate personal data
• Erasure — request deletion of your personal data
• Portability — export your data in a standard format (PDF, CSV)
• Restriction — request limitation of data processing
• Objection — object to data processing

To exercise these rights, contact us at info@superacrm.com. We will respond within 30 days.

8. Cookies

We use essential cookies only: authentication session cookies and a locale preference cookie (NEXT_LOCALE). We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The "Last updated" date at the top will reflect the most recent revision.

11. Contact

If you have questions about this Privacy Policy or your data, please contact us at info@superacrm.com.