Privacy Policy
Superspatial, Inc.
Effective Date: April 28, 2026
1. Introduction
This Privacy Policy describes how Superspatial, Inc. (“Superspatial,” “we,” “us,” or “our”) collects, uses, discloses, and protects information about you when you visit superspatial.io (the “Site”), create an account, communicate with us, or otherwise interact with our services (collectively, the “Services”).
Superspatial builds augmented reality experiences that bring history and storytelling to life. We are committed to handling your information responsibly and being transparent about our practices.
By using our Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services.
2. Scope
This Policy applies to information we collect through our Site, marketing pages, customer accounts, email communications, and related online interactions. It does not apply to third-party websites, products, or services that we do not own or control, even if they link to or from our Services.
3. Information We Collect
3.1 Information You Provide to Us
We collect information you voluntarily provide, including:
• Contact information — your name, email address, company name, and any details you submit through contact forms, demo requests, newsletter signups, or partnership inquiries.
• Account information — credentials and profile details you create when registering for an account, beta program, or paid service.
• Customer and billing information — billing contact, payment method details (processed by our payment processor — we do not store full card numbers), and transaction records.
• Communications — the content of messages, support requests, survey responses, and feedback you send to us.
3.2 Information Collected Automatically
When you visit the Site, we and our analytics providers may automatically collect:
• Device and browser data — IP address, browser type, operating system, device identifiers, and referring URLs.
• Usage data — pages viewed, links clicked, time on site, navigation patterns, and approximate location derived from IP address.
• Cookies and similar technologies — see Section 8 for details on how we use cookies and your choices.
3.3 Information from Third Parties
We may receive information from service providers, business partners, and publicly available sources — for example, analytics platforms, marketing tools, or social media platforms when you engage with our content.
4. AI and Machine Learning Processing
Some features of our Services use artificial intelligence and machine learning systems, including third-party AI providers, to generate content, personalize experiences, and improve our products.
Where AI processing occurs, we want you to know:
• Inputs may be processed by third-party AI providers under contractual confidentiality and data protection terms.
• We do not use your account content to train public AI models without your explicit consent.
• Outputs from AI systems may be imperfect — you should review them before relying on them for important decisions.
If you have questions about how AI is used in a specific feature, contact us at the address below.
5. How We Use Your Information
We use the information we collect for the following purposes:
• Provide and operate the Services — including authenticating accounts, processing transactions, and delivering features you request.
• Communicate with you — respond to inquiries, send service updates, and (with your consent where required) marketing messages.
• Improve and develop our Services — analyze usage, debug issues, conduct research, and build new features.
• Personalize your experience — tailor content and recommendations.
• Security and fraud prevention — detect, investigate, and prevent abuse, fraud, or illegal activity.
• Legal compliance — comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
6. Legal Bases for Processing (EU/UK Users)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under one or more of the following legal bases under the GDPR / UK GDPR:
• Contract — to provide Services you have requested or to take steps before entering a contract.
• Legitimate interests — to operate, secure, and improve our Services, provided your rights do not override those interests.
• Consent — for marketing communications, certain cookies, and other purposes where consent is required (you can withdraw consent at any time).
• Legal obligation — to comply with applicable law.
7. How We Share Information
We do not sell your personal information. We share information only as described below:
• Service providers — vendors that help us operate the Services (e.g., cloud hosting, email delivery, analytics, payment processing, customer support tools), bound by contractual confidentiality and data protection obligations.
• Business transfers — in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to standard confidentiality protections.
• Legal and safety — when we believe in good faith that disclosure is necessary to comply with law, enforce our terms, or protect the rights, property, or safety of Superspatial, our users, or others.
• With your consent — when you ask or authorize us to share information.
• Aggregated or de-identified data — which cannot reasonably be used to identify you.
8. Cookies and Third-Party Services
We use cookies and similar technologies to operate the Site, remember preferences, and measure performance. Categories include:
• Strictly necessary — required for core Site functionality.
• Analytics — to understand how visitors use the Site (e.g., Google Analytics or similar).
• Functional — to remember your preferences.
• Marketing — where applicable, to measure campaign performance.
You can control cookies through your browser settings and, where available, our cookie banner. Blocking some cookies may impact your experience.
We work with trusted third-party service providers — for example, cloud hosting (such as AWS or Vercel), email and CRM tools, payment processors (such as Stripe), analytics platforms, and AI providers. Each provider is contractually obligated to protect your information and use it only for the purposes we authorize.
9. Data Retention
We retain personal information for as long as needed to provide the Services and for legitimate business purposes — including compliance with legal obligations, dispute resolution, and enforcement of our agreements. When information is no longer needed, we delete or anonymize it.
10. Security
We use reasonable administrative, technical, and physical safeguards to protect personal information — including encryption in transit, access controls, and vendor due diligence. No system is completely secure, however, and we cannot guarantee the absolute security of information transmitted to or stored by us.
11. Children's Privacy
Our Services are not directed to children under the age of 13 (or the equivalent minimum age in the relevant jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.
12. International Data Transfers
We are based in the United States and process information there. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries that may have different data protection laws than your jurisdiction.
Where required by law (including for transfers from the EEA, UK, or Switzerland), we use appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.
13. Your Privacy Rights
13.1 Rights for All Users
Subject to applicable law, you may request to:
• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your personal information.
• Object to or restrict certain processing.
• Receive a copy of your information in a portable format.
• Withdraw consent where processing is based on consent.
To exercise these rights, contact us at the email below. We may need to verify your identity before responding. You also have the right to lodge a complaint with your local data protection authority.
13.2 California Residents (CCPA / CPRA)
California residents have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
• Right to know what personal information we collect, use, disclose, and (if applicable) sell or share, including categories and specific pieces.
• Right to delete personal information we have collected, subject to certain exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of the “sale” or “sharing” of personal information. We do not sell personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under California law.
• Right to limit the use and disclosure of sensitive personal information. We do not use sensitive personal information for purposes that trigger this right.
• Right to non-discrimination for exercising your privacy rights.
To exercise these rights, email us at privacy@superspatial.io. You may use an authorized agent to submit a request on your behalf, subject to verification.
13.3 European Economic Area, UK, and Swiss Residents
In addition to the rights described in Section 13.1, you have the right to lodge a complaint with the supervisory authority in your country of residence.
14. Do Not Track
Some browsers transmit “do not track” signals. Because there is no industry consensus on how to interpret these signals, our Site does not currently respond to them. We do honor opt-out requests submitted through the mechanisms described in this Policy.
15. Third-Party Links
Our Services may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.
16. Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will notify you by updating the “Effective Date” above and, where appropriate, by additional notice (such as email or a prominent notice on the Site). Your continued use of the Services after changes become effective constitutes acceptance of the revised Policy.
17. Contact Us
If you have questions or concerns about this Policy or our privacy practices, please contact us:
Email: privacy@superspatial.io
Company: Superspatial, Inc.
Website: superspatial.io