Last updated: May 7, 2026
This Privacy Policy describes how SuperHR Inc. (“Company,” “we,” “us,” or “our”), operating the SuperCXO platform, collects, uses, stores, and protects information when you and your team use the Service. We are committed to handling personal data responsibly and in compliance with applicable laws, including India’s Digital Personal Data Protection Act (DPDPA), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), where they apply.
We collect data to provide and improve the Service. The data we collect falls into three categories.
We process data for the following purposes:
When you connect business communication channels, we may process data from your team’s communications with third parties, including your vendors, clients, and other contacts. This data is part of your Customer Operational Data.
You are responsible for ensuring that your use of the Service complies with applicable laws regarding the processing of third-party data, including notice and consent requirements where applicable. We provide tools and configuration options to help you manage this responsibility.
If a third party contacts us with concerns about how their data is being processed through the Service, we will work cooperatively with you to address those concerns in a manner consistent with applicable data protection law.
Customer Data is stored in encrypted databases hosted on industry-standard cloud infrastructure. Data may be stored in data centers located in India, the United States, or other regions, depending on the customer’s deployment configuration.
For Indian customers, we will support data residency in India where technically feasible and where the customer requests it.
Within our company, only authorized personnel with a business need can access Customer Data. Access is governed by role-based access controls and is logged.
We use the following categories of sub-processors to operate the Service:
A current list of sub-processors is available on request. We will provide reasonable advance notice before adding new sub-processors with access to Customer Data.
A core part of our Service is processing Customer Data through artificial intelligence models. We use third-party AI providers under contractual arrangements that protect Customer Data and restrict the providers from using your data to train their general-purpose models.
We may switch or add AI providers over time as the AI ecosystem evolves. Any AI provider we use will be subject to similar contractual protections.
We may use aggregated, anonymized, and de-identified data derived from Customer Data to improve the Service, refine our AI models, develop industry benchmarks, and enhance our offerings.
Aggregated data is processed in a way that does not allow you, your business, your team members, or your contacts to be identified. We do not sell Customer Data. We do not share Customer Data in identifiable form with third parties except as necessary to provide the Service or as required by law.
We retain Customer Data for as long as your subscription is active, plus a 30-day grace period after termination during which you can export your data.
After the grace period, we may delete Customer Data from our active systems. Some data may be retained for longer periods where required by law (such as financial records for tax compliance), where reasonably necessary to defend or prosecute legal claims, or in a backup form for a limited additional period as part of our standard backup retention.
Depending on the applicable law in your jurisdiction, you may have the following rights regarding personal data:
You can exercise these rights by contacting us. We will respond within the timeframes required by applicable law.
For Indian users under DPDPA, our designated Grievance Officer for data protection inquiries is reachable at the contact information below.
We implement reasonable technical and organizational measures to protect Customer Data, including:
No system can guarantee absolute security. We will notify affected customers of any data breach affecting their Customer Data within the timeframes required by applicable law.
We may disclose Customer Data when required by law, valid legal process (such as a court order or subpoena), or in response to lawful requests from public authorities.
We will notify the affected customer of such requests where legally permitted, so that the customer has an opportunity to respond, unless prohibited from doing so by law or court order.
We will resist requests that we believe to be overbroad, unlawful, or otherwise improper.
If your data is processed in a country different from where it was collected, we apply appropriate safeguards as required by applicable law.
The Service is intended for use by businesses and is not directed at children under 18. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, contact us and we will take appropriate steps to delete it.
The Service uses cookies and similar technologies for authentication, session management, and analytics. You can manage cookie preferences through your browser settings.
We may update this Privacy Policy as the Service evolves and as laws change. We will notify you of material changes through the Service or by email. The “Last updated” date at the top reflects when this policy was last revised.
For privacy questions, requests to exercise your rights, or to raise grievances, contact:
SuperHR Inc.
Privacy Inquiries: privacy@supercxo.ai
General Contact: hello@supercxo.ai
Grievance Officer (DPDPA, India): privacy@supercxo.ai
We aim to respond to all inquiries within 7 business days.
Limited deployment slots per quarter.
Book a 30-Minute CallOr write to us at hello@supercxo.ai