Super Send Privacy Policy

Table of contents

Version: v2025-10
Last Updated: October 20, 2025

At Power Only Transit Inc. dba SuperSend ("SuperSend," "we," "our," or "us"), we are committed to protecting your privacy and ensuring transparency about how your data is collected, used, and shared. This Privacy Policy explains what information we collect, how we use it, your rights, and how we safeguard your information.

1. Information We Collect

a. Personal Information

  • Identifiers: Name, email address, company name, and phone number.
  • Account Details: Login credentials (encrypted) and access tokens from services like Google, LinkedIn, and Microsoft.

b. Usage Information

  • Log Data: IP address, browser type, and activity data such as pages visited and features used.
  • Device Information: Device type, operating system, and version.

c. Data from Third-Party Services

When you connect third-party accounts (e.g., Google, Microsoft, or LinkedIn), we may access limited data necessary to provide functionality—such as contact lists, profile details, and email metadata—with your explicit consent.

2. Why We Collect Data

We collect and process your data to:

  • Provide and improve our services.
  • Authenticate users and secure accounts.
  • Enable features such as email outreach, campaign management, and analytics.
  • Personalize and enhance the user experience.
  • Comply with legal obligations and prevent misuse or fraud.

3. Legal Bases for Processing

We rely on the following lawful bases under GDPR:

  • Contract necessity — to provide you with our services.
  • Consent — for specific features or marketing communications.
  • Legitimate interests — to improve the platform, ensure security, and prevent abuse.
  • Legal obligation — to comply with applicable laws and regulations.

4. How We Use Your Information

We use your data to:

  • Facilitate your account, campaigns, and communications.
  • Generate insights and reports for your use.
  • Maintain platform security and prevent unauthorized activity.
  • Provide support, send product updates, or deliver optional marketing messages (with opt-out options).

You can learn more about how we handle data processing, retention, and subprocessors in our Legal Center:

5. Google API and Platform Integrations

If you connect SuperSend with Google services, we adhere to Google’s Limited Use Requirements:

  • We only use your data to provide requested features.
  • We do not share Google data for advertising.
  • We do not allow human access without explicit consent.
  • All Google API data is encrypted at rest and in transit.

Email Warming Restrictions for Google Accounts: SuperSend does not provide or enable email warming for Gmail accounts. This restriction ensures compliance with Google’s Gmail API Services User Data Policy.

6. Data Sharing

a. Service Providers

We partner with trusted third parties to operate our service securely:

  • Google Cloud Platform (us-east1) – hosting and infrastructure.
  • Amazon S3 (us-east-1) – file and asset storage.
  • Cloudflare – CDN, DNS, and DDoS protection.
  • Mission Inbox – campaign email delivery.
  • SendGrid (Twilio) – transactional notifications.
  • DigitalOcean – proxy and compute services.
  • Stripe – payment processing.

Each provider maintains GDPR-compliant DPAs and security certifications (ISO 27001, SOC 2, or equivalent).

b. Legal Compliance

We may disclose data where required by law, regulation, or legal process, or to prevent fraud and enforce our Terms of Service.

c. International Data Transfers

All customer data is hosted in the United States. For EU/UK residents, international transfers rely on the EU Standard Contractual Clauses (SCCs 2021/914) and the UK Addendum to ensure adequate protection.

7. Data Retention

We retain data for as long as needed to provide services or meet legal obligations:

  • Active accounts: Retained while your subscription is active.
  • Inactive accounts: Up to 12 months after inactivity.
  • Deleted accounts: Fully deleted within 30 days of deletion request.

Detailed retention schedules are available in our Data Retention & Deletion Policy.

8. Security Measures

SuperSend implements strong technical and organizational safeguards:

  • Encryption: TLS 1.3 for data in transit; AES-256 for data at rest.
  • Access Control: Role-based permissions and multi-factor authentication.
  • Network Security: Redis and database connections secured via TLS.
  • Monitoring: Continuous vulnerability scanning and anomaly detection.
  • Incident Response: Data breaches are reported to affected users and regulators within 72 hours, where legally required.

More details can be found in our Technical & Organizational Measures (TOMs).

9. Cookies

Cookies and similar technologies are used for authentication, analytics, and performance.

  • Functional Cookies: Required for the site to operate.
  • Analytics Cookies: Used to measure engagement and improve features.
  • Advertising Cookies: Used only with consent.

You may manage or withdraw consent at any time through the “Manage Cookies” option in the site footer.

10. Your Rights

If you are located in the EEA, UK, or similar jurisdictions, you have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate information.
  • Erasure: Request deletion of your data.
  • Restriction: Request limits on processing.
  • Portability: Receive data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.

To exercise these rights, contact us at support@supersend.io or dpo@supersend.io. We will respond within 30 days.

11. Children’s Privacy

Our services are not directed at children under 16 in the EEA/UK or under 13 in the US. We do not knowingly collect personal data from minors. If we become aware that we have collected such data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted here with a revised “Last Updated” date. Significant changes will be communicated via email or in-product notice.

13. Contact Us

Power Only Transit Inc. dba SuperSend
2780 S. Jones Blvd #200-3432, Las Vegas, NV 89146, USA
Support: support@supersend.io
Data Protection Officer: dpo@supersend.io

Effective Date: October 20, 2025
Version: v2025-10

Ready to Build Your Outbound Engine?

Book a Demo
Schedule a Strategy Call