Data retention policy
Superside will retain personal information collected from customers, where we have a justifiable business need to collect the information, for as long as is needed to fulfil the purposes outlined in this Privacy Policy. This is not applicable where Superside is required or permitted by law (such as tax, legal, accounting or other purposes) to retain personal information for an extended period of time. When Superside no longer has a justifiable business need to process Customer personal information, we will either delete or anonymize it or, if this is not possible (for example, because Customer personal information has been stored in backup archives), Superside will securely store Customer personal information and isolate it from any further processing until deletion is possible.
Customer data is retained for as long as the account is in active status. Data enters an “expired” state when the account is voluntarily closed. Expired account data will be retained for 10 years. After this period, the account and related data will be removed, except for files and information stored permanently for legal purposes. Customers that wish to voluntarily close their account should download their data manually prior to closing the account if they wish to maintain access to their data.
Data archiving and removal policy
To have data deleted before it expires a customer must explicitly request the deletion by sending a request to their designated Customer Success Manager or by specifically requesting complete data deletion during Superside's offboarding process. A certificate of deletion can be provided by Superside once the data is deleted if it is requested by the customer.
If a customer account is involuntarily suspended, then there is a 90 days grace period during which the account can be reopened if the customer meets their payment obligations and resolves any terms of service violations.
You should be aware that any information that you post in an Interactive Area might be read, collected, and used by others who access it, in particular to Users who initiated the particular Interactive Area. To request the removal of your personal information from an Interactive Area, contact us at dataprivacy@superside.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Data storage policy
Customer data is retained for as long as the account is in active status. Data enters an “expired” state when the account is voluntarily closed. Expired account data will be retained for 10 years. After this period, the account and related data will be removed, except for files and information stored permanently for legal purposes. Customers that wish to voluntarily close their account should download their data manually prior to closing the account if they wish to maintain access to their data.
- All customer personal data is stored in an encrypted database, and access to personal data is only available to relevant personnel based on the function they serve in Superside.
- Superside has encrypted backups of all customer data stored in multiple AWS regions to allow us to rapidly restore access in the case of an incident.
- Data is encrypted during storage.
- Superside uses Amazon AWS for our infrastructure hosting and reviews Amazon AWS’ most recent SOC2 report yearly to ensure their physical security measures meet Superside’s requirements.
- Superside uses AWS services for service event logging and Datadog for application logging.
- Superside only requests and stores personal data required to deliver our Services.
- Superside has data deletion policies in place to ensure data is only stored as long as it is needed.
- Customers can request data portability or erasure through dataprivacy@superside.com.
- Superside’s Security Officer performs an annual review of access control to our internal system and all personnel sign an NDA when joining Superside.
- Superside has measures in place to prevent breaches from happening. As part of our SOC2 audit process we are committed to undergoing a yearly penetration test from an external third party and our development processes, change management and infrastructure are audited to ensure they comply with industry standards.
Data center location(s)
United States, United Kingdom
Data hosting details
All Data storages are hosted and managed by AWS cloud provider in encrypted way.
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
no