Skip to main content

Privacy Policy

Last updated: January 29, 2026

Overview

SuperTrained ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at supertrained.ai and our services, including the Automation Blueprint generator.

By using our services, you consent to the data practices described in this policy. If you do not agree, please do not use our services.

Information We Collect

We collect the following categories of information:

Information You Provide

  • Email address: To deliver your Automation Blueprint and, with your explicit consent, send marketing communications
  • Input text: Your description of the bottleneck or workflow you want to solve
  • Marketing consent preference: Whether you opted in to marketing communications

Information Collected Automatically

  • IP address hash: A one-way SHA-256 hash of your IP address used solely for rate limiting. We do not store your actual IP address.
  • Usage data: Page views, interactions, and performance metrics collected via Vercel Analytics
  • Device information: Browser type, operating system, and screen size (aggregated, not personally identifiable)

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Contractual necessity (Art. 6(1)(b)): Processing your input and email address to generate and deliver your Automation Blueprint
  • Legitimate interests (Art. 6(1)(f)): Rate limiting, fraud prevention, and improving our services
  • Consent (Art. 6(1)(a)): Marketing communications, only sent when you explicitly opt in via the consent checkbox. You may withdraw consent at any time.

How We Use Your Information

  • Generate personalized Automation Blueprints based on your input
  • Send your Automation Blueprint via email (one-time transactional email)
  • Send marketing communications about AI automation insights (only with your explicit consent)
  • Improve our AI models and service quality (aggregated, anonymized data)
  • Enforce rate limits and prevent abuse
  • Comply with legal obligations

Third-Party Services (Sub-Processors)

We use trusted third-party services to operate SuperTrained:

  • Anthropic (Claude): AI processing for Automation Blueprint generation. Your input text is sent to Anthropic's API for analysis. Data processed in the United States.
  • Resend: Transactional email delivery. Receives your email address and Automation Blueprint content. Data processed in the United States.
  • Supabase: Database hosting (PostgreSQL). Stores leads, blueprints, and consent records. Data hosted in US-East-1 (AWS).
  • Vercel: Website hosting and edge network. Processes requests globally via edge locations. Analytics data is aggregated and anonymized.

Each sub-processor maintains their own privacy policies and data processing agreements. We select processors that provide adequate safeguards for international data transfers.

International Data Transfers

Our services and sub-processors are primarily based in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and adequacy decisions where available.

Data Retention

  • Automation Blueprints: Retained for 90 days to allow access and follow-up, then permanently deleted
  • Email addresses: Retained until you request deletion or unsubscribe from marketing
  • Input text: Retained for 90 days alongside the Automation Blueprint
  • Rate limiting data: IP hashes are stored in memory and cleared within 24 hours
  • Consent records: Retained as long as necessary to demonstrate compliance

Your Rights

Rights Under GDPR (EEA/UK Residents)

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request limitation of processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw marketing consent at any time without affecting prior processing
  • Lodge a complaint: File a complaint with your local supervisory authority

Rights Under CCPA (California Residents)

California residents have the right to:

  • Know: Request disclosure of the categories and specific pieces of personal information we collect
  • Delete: Request deletion of personal information we have collected
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights
  • Opt-out of sale: We do not sell personal information to third parties

To exercise any of these rights, email us at privacy@supertrained.ai. We will respond within 30 days (GDPR) or 45 days (CCPA).

Cookies and Tracking

Our website uses minimal cookies and tracking:

  • Vercel Analytics: Privacy-focused, aggregated website analytics (no personal identifiers)
  • Calendly widget: Third-party cookies when the booking widget is loaded on our contact page

We do not use advertising cookies, retargeting pixels, or cross-site tracking.

Security

We implement industry-standard security measures to protect your data:

  • All data transmitted over HTTPS/TLS encryption
  • Database encryption at rest (Supabase/AWS)
  • IP addresses are never stored, only irreversible SHA-256 hashes
  • API keys and secrets stored in environment variables, never in source code
  • Rate limiting to prevent abuse

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. We'll notify you of any significant changes by email or by posting a notice on our website. The "Last updated" date at the top reflects the most recent revision.

Data Protection Contact

For privacy-related inquiries or to exercise your rights:

← Back to Home