Customer Privacy Notice

Your privacy is and will always be enormously important to us. Our Privacy Notice is designed to provide transparency into our data practices in a format that is easy to read and navigate. Please read the sections below to understand how we collect, use, share, and safeguard your information in order to offer you the most seamless AI-powered social media management experience imaginable.

Last Updated: January 7, 2026

Privacy From Day One

Your SupaTeam platform generates social media content, business research data, customer feedback insights, and email outreach analytics. To protect your privacy from the moment you start using our service, SupaTeam does not associate the platform data generated by your usage with your identity or account by default. As a result, no one but you would have knowledge of your activities, content creation history, or business insights. Your in-platform experiences are also protected.

From features such as AI-generated content, to social media posting on your behalf, your information is kept private and secure, ensuring the usage data collected is not linked to your identity or account.

SupaTeam's AI agents are equipped with advanced decision-making capabilities designed from the ground up to protect your privacy while providing intelligent automation features such as content creation, audience research, and campaign optimization. To support these features, AI analytics data from the agents is processed directly without leaving your organization by default. In order for AI insights to be shared with SupaTeam for service improvement, your consent is required and can be controlled through your account settings at any time.

Additionally, from social media integrations to email outreach tools, your connected services are designed to protect your privacy. SupaTeam aims to collect a minimum amount of personal data necessary for operating your campaigns, providing services to you, and for improving your platform experience. We are also committed to only share your personal data when needed to operate or service your account, or we will ask for your permission.

Information We May Collect

We may collect three main types of information related to you or your use of our products and services:

Information from or about you
Information from or about your platform usage
Information from or about your connected services

Depending on the SupaTeam products and services you request, own, or use, not all of these types of information may be applicable to you.

Gmail API Usage

SupaTeam's Luna agent uses Gmail API to track email responses from business prospects. This section explains exactly what Gmail data we access and how we use it.

Scopes Requested

gmail.readonly

Purpose: Read incoming email responses from prospects who reply to Luna's outreach campaigns.

What we access:

Unread emails in your Gmail inbox
Only emails that are replies to Luna campaigns
Email headers and body content for AI analysis

What we DO NOT access:

Emails unrelated to our campaigns
Email attachments
Your entire inbox history
Emails in other folders

gmail.modify

Purpose: Mark processed emails as "read" to prevent duplicate processing.

We only remove the UNREAD label after processing. We do NOT delete emails, modify content, move emails, or add other labels.

Your Control: You can revoke SupaTeam's Gmail access at any time through your Google Account Settings (Security → Third-party apps with account access). You can also pause the Luna agent or delete your organization account.

Security Measures

Thread Validation:Every email is validated against existing campaign threads to prevent unauthorized access
Sender Verification:Validates sender domains to prevent email spoofing
Rate Limiting:Maximum 3 responses per hour and 15 per day per prospect
Encryption:OAuth tokens encrypted using AES-256
Audit Logging:All interactions logged with timestamps and validation results

Service Providers and Data Processing

To deliver, maintain, and improve our Services, we engage carefully vetted third-party service providers who process data on our behalf. These providers are contractually bound to use your information only for the purposes we specify and in accordance with this Privacy Notice. We conduct due diligence on all service providers to ensure they maintain appropriate security measures and data protection standards.

Infrastructure and Operations

We utilize industry-leading cloud infrastructure and operational service providers to ensure the security, reliability, and performance of our platform:

Cloud Infrastructure:Encrypted cloud database services for secure storage of account data, organizational information, and platform content with enterprise-grade security controls and geographic redundancy.
AI Processing:Large language model providers for powering our AI agents' decision-making, content generation, and analytical capabilities. Data is processed in accordance with strict data processing agreements.
Media Services:Content delivery and media management providers for secure storage and optimized delivery of images, videos, and other media assets you upload.
Email Delivery:Transactional email service providers for sending campaign emails, system notifications, and other communications on your behalf.
Payment Processing:PCI-DSS compliant payment processors for secure handling of subscription billing and payment transactions. Payment credentials are stored exclusively by the payment processor.

User-Authorized Platform Integrations

When you connect your accounts from the following platforms, we access and process data in accordance with your authorization and each platform's terms of service:

Platform	Integration Purpose	Data Accessed
Meta Platforms (Instagram, Facebook, Threads)	Automated content publishing and performance analytics	Account profile, published content, engagement metrics, audience insights
X (formerly Twitter)	Automated content publishing and engagement tracking	Account profile, published posts, engagement metrics
LinkedIn	Professional content publishing and analytics	Profile information, published articles and posts, engagement data
TikTok	Video content publishing and performance tracking	Account profile, published videos, view counts, engagement metrics
Google Workspace (Gmail)	Email campaign response tracking and thread management	Email headers, message content for campaign-related threads only
Microsoft 365 (Outlook)	Email integration and campaign response tracking	Email headers, message content for campaign-related threads only
Slack	Team notifications and agent activity alerts	Workspace and channel identifiers for message delivery

Analytics and Performance Monitoring

We use analytics and monitoring services to understand how our platform is used and to maintain optimal performance. These services may collect:

Aggregated usage patterns and feature adoption metrics
Page views, session duration, and navigation paths
Performance metrics including page load times and error rates
Device and browser information for compatibility optimization
Geographic region data (country/city level) for service optimization

Analytics data is processed in aggregate form and is used solely for improving our Services. You may opt out of certain analytics collection through your browser settings or by contacting us.

Business Intelligence Services

Our AI agents utilize business intelligence and location-based services to conduct market research and identify business opportunities on your behalf. This includes querying publicly available business directories, mapping services, and commercial databases. Research queries are conducted based on your configured parameters and the resulting data is stored within your organization's account.

Data Sales Prohibition: We do not sell, rent, lease, or otherwise trade your personal information to third parties for their marketing purposes. We do not participate in data broker networks or share your information for cross-context behavioral advertising without your explicit consent.

Data Security

We implement comprehensive security measures to protect your data:

Encryption

At Rest: AES-256 encryption for sensitive credentials
In Transit: All communications over HTTPS/TLS
Tokens: OAuth tokens encrypted in database

Authentication

Multi-Tenant: Row Level Security policies
Sessions: JWT-based authentication
Commands: WhatsApp authorization with audit trail

Monitoring

Audit Logs: All interactions logged with timestamps
Rate Limiting: Anti-abuse measures implemented
Anomaly Detection: Unusual patterns flagged

Access Control

Organization Isolation: Data segmented by tenant
Role-Based: Admin and member permissions
Webhook Security: HMAC-SHA256 verification

Your Rights and Controls

Data Access Rights

View Your Data: Access all agent activities via dashboard
Export Your Data: Export organization data and reports
Update Your Data: Edit settings and configurations
Delete Your Data: Delete account and all associated data

Agent Control

Pause/Resume: Control each agent individually
Configure Behavior: Set frequency, thresholds, schedules
Manual Triggers: Trigger agent runs via commands

Integration Control

Revoke Gmail: Disconnect via Google Account Settings
Disconnect Social Media: Remove Instagram, Threads, Facebook
Remove Databases: Disconnect external customer databases

Data Retention

We retain your data for different periods depending on the type:

Data Type	Retention Period
User Account Data	While account is active; deleted upon termination request
Agent Memory	Top 100 memories per agent; older automatically deleted
Social Media Posts	Indefinitely for analytics unless manually deleted
Email Campaigns	Indefinitely unless manually deleted
Security Audit Logs	Indefinitely for compliance and security

Privacy Questions

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us:

Privacy Inquiries: privacy@supateam.ai

General Support: support@supateam.ai

Address: Kampala, Uganda

This Privacy Policy was last updated on January 7, 2026. We may update this policy from time to time. Material changes will be communicated via email or dashboard notification.