Privacy Policy.

This Privacy Policy explains how Superhack (“we”, “us”) collects, uses, and protects personal data when you visit our website, sign up for an account, or use our platform (the “Service”). It applies to information about visitors, prospective customers, customers, and individual users of the Service.

Account information: name, work email, company name, and any other details you provide when signing up, requesting early access, or contacting us.

Engagement data: targets, scope, configurations, and credentials you connect to the Service so that our agents can test them. Outputs of those engagements — findings, reproduction evidence, logs, and reports — are stored against your account.

Operational telemetry: information about how the Service is used (feature usage, performance, error logs) so we can keep it running and improve it.

Communications: messages you send us through email, the early-access form, or in-product chat.

We use personal data to provide and secure the Service; to deliver findings and reports; to communicate with you about your account, support requests, and product updates; to comply with legal obligations; and to improve the Service.

We do not sell personal data, and we do not use customer engagement data to train models for other customers.

If you are in the EEA or the UK, we process personal data on one of the following legal bases under the GDPR: performance of a contract (to provide the Service); legitimate interests (to secure and improve the Service, and to communicate with customers); compliance with a legal obligation; or your consent (where required, for example for certain marketing communications).

We share personal data with vetted service providers that help us run the Service — including cloud hosting, database, email delivery, analytics, customer support, and security tooling. These sub-processors only process personal data on our behalf and under written agreements.

We may disclose personal data if required by law, in response to valid legal process, or to protect the rights, property, or safety of Superhack, our customers, or the public.

We retain personal data for as long as your account is active, as needed to provide the Service, and as required by law. You can request deletion of your account and associated data at any time — see Your rights below.

We apply technical and organisational measures appropriate to the risk, including encryption in transit, access controls, audit logging, isolated tenant data, and regular review of our security posture. No system can be guaranteed to be 100% secure, but we treat customer data as one of our most sensitive assets.

Depending on where you live, you may have the right to access, correct, delete, or export your personal data; to object to or restrict certain processing; to withdraw consent; and to lodge a complaint with a supervisory authority. To exercise any of these rights, email privacy@superhack.io.

We use a small number of cookies and similar technologies to keep you signed in, remember your preferences, and understand how the Service is used. You can control cookies through your browser settings.

We may transfer personal data outside your country (including to the United States) where our sub-processors operate. When we do, we rely on appropriate safeguards under applicable law — such as the European Commission’s Standard Contractual Clauses.

The Service is not directed to children under 16, and we do not knowingly collect personal data from them.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email. The “Last updated” date at the top of this page always reflects the current version.

Questions about this Privacy Policy, or about how we handle your personal data? Email privacy@superhack.io.