Data retention policy
At Supermanage, we take data retention and privacy seriously. This policy outlines how long we retain different types of data, and our compliance with the retention policies of our AI providers Anthropic and OpenAI.
The default retention period for customer data such as conversations and support interactions is to retain it until the customer decides to delete their data from our systems. Customers can request deletion of their data at any time by contacting our support team.
We may retain certain data as required by law or to enforce our Acceptable Use Policy and prevent abuse of our services. For example, we may retain records of prohibited activities or policy violations for legal compliance purposes.
AI Provider Retention Policies
As we utilize Anthropic's and OpenAI's AI services, we adhere to their respective data retention policies.
OpenAI's policy states they may retain API inputs and outputs for up to 30 days to monitor for abuse. We comply and delete OpenAI data within 30 days.
Anthropic's policy states they retain prompts and outputs for 30 days, except in cases where a prompt may violate their Acceptable Use Policy, in which case they retain for 90 days. We comply with these retention periods for any Anthropic data.
Anthropic also states they only use customer data for training if explicitly permitted. We obtain opt-in consent before providing Anthropic any customer data for training.
Data archiving and removal policy
The default retention period for customer data such as conversations and support interactions is to retain it until the customer decides to delete their data from our systems.
Customers can request deletion of their data at any time by contacting our support team at support@supermanage.ai.
Data storage policy
Data Storage Locations
- Customer data is stored in our primary US-based cloud infrastructure provided by Supabase. This ensures data resides within the United States.
- Metadata needed for service functionality may be stored by our AI providers Anthropic and OpenAI in the US or Europe. We ensure compliance with cross-border data transfer regulations.
Data Security
- Encryption: Data is encrypted in transit and at rest using industry standard encryption methods.
- AI Provider Security: We vet Anthropic's and OpenAI's security provisions to ensure they meet our standards for data protection.
Data center location(s)
United States
App/service has sub-processors
yes
Guidelines for sub-processors