Types of personal and non-personal data we gather
We collect different categories of information depending on how you interact with Super Graphic. We are committed to collecting only what is necessary to provide, improve, and secure our Service.
1.1 Information You Provide Directly
| Data Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, password, profile photo | Essential |
| Billing Information | Payment method, billing address, transaction history | Essential |
| User Content | Designs, uploads, templates, text, images, videos | Service Delivery |
| Communications | Support tickets, feedback, survey responses, chat messages | Service Delivery |
| Preferences | Language, theme, notification settings, workspace config | Personalization |
1.2 Information Collected Automatically
1.3 Information from Third Parties
If you sign in using a third-party service (e.g., Google, Apple, GitHub), we receive your name, email, and profile picture from that provider. We may also receive business contact information from partners or publicly available sources for enterprise outreach.
We follow the principle of data minimization. We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, biometric data, or health information unless explicitly required and consented to.
Purposes for processing your information
We use the information we collect for the following purposes:
We will only send you promotional emails if you have opted in. You can unsubscribe at any time by clicking the "Unsubscribe" link in any marketing email or by updating your notification preferences in Account Settings.
The lawful grounds under which we process data
Under the GDPR and applicable Indian data protection laws, we rely on the following legal bases to process your personal data:
| Legal Basis | Description | Examples |
|---|---|---|
| Contract Performance | Processing necessary to fulfill our agreement with you | Account creation, design rendering, file storage, billing |
| Consent | You have given explicit consent for specific processing | Marketing emails, optional analytics, AI training opt-in |
| Legitimate Interests | Processing necessary for our legitimate business interests | Product improvement, fraud prevention, platform security |
| Legal Obligation | Processing required to comply with the law | Tax reporting, responding to court orders, data breach notifications |
Where we rely on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Where we rely on legitimate interests, you may object to such processing, and we will cease unless we have compelling legitimate grounds.
When and with whom we share your information
We do not sell your personal data. We share information only in the limited circumstances described below, and always with appropriate safeguards in place.
We may share your data with:
We do NOT share data with:
How we use cookies and similar technologies
We use cookies and similar tracking technologies (local storage, session storage, pixels) to enhance your experience, analyze usage, and ensure security.
| Cookie Type | Purpose | Duration | Required? |
|---|---|---|---|
| Essential | Authentication, security, CSRF protection, session management | Session / 30 days | Yes |
| Functional | Theme preference, language, workspace settings | 1 year | Yes |
| Analytics | Page views, feature usage, performance metrics, error tracking | 1 year | Optional |
| Marketing | Campaign attribution, referral tracking (no third-party ad cookies) | 90 days | Optional |
When you first visit our site, you will see a cookie consent banner that allows you to accept or reject optional cookies. You can change your preferences at any time from Settings > Privacy > Cookie Preferences. You can also manage cookies through your browser settings, though this may affect some functionality.
How and where we store and protect your data
We take the security of your data seriously and implement comprehensive technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction.
Security measures include:
Data Location: Your data is primarily stored on servers located in India (Mumbai region) and Singapore. For users in the European Economic Area, data may be processed in the EU or under appropriate transfer mechanisms (see Section 10).
How long we keep your data
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:
| Data Type | Retention Period | After Deletion |
|---|---|---|
| Account Data | Until account deletion + 30-day grace period | Permanently deleted |
| Designs & Content | Until deleted by user or account deletion | Purged from servers within 90 days |
| Billing Records | 7 years (legal/tax requirement) | Archived securely, then deleted |
| Usage Logs | 12 months | Auto-purged |
| Support Tickets | 3 years after resolution | Anonymized or deleted |
| Inactive Free Accounts | 24 months of inactivity | Account and data deleted with 30-day notice |
Backups containing your data may persist for up to 90 additional days after deletion before being fully purged from all systems. During this period, data is not accessible and exists only in encrypted backup archives.
Your data protection rights and how to exercise them
Depending on your location and applicable laws, you have the following rights regarding your personal data:
Right to Access
Request a copy of all personal data we hold about you in a portable format.
Right to Rectification
Request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request permanent deletion of your personal data ("right to be forgotten").
Right to Restrict
Request that we limit how we process your data in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format (JSON/CSV) and transfer it.
Right to Object
Object to processing based on legitimate interests, including profiling and direct marketing.
You can exercise most of these rights directly from Account Settings > Privacy > Data Controls. Alternatively, email our Data Protection Officer at dpo@supergraphic.com. We will respond to all requests within 30 days as required by law. Identity verification may be required to process your request.
Our commitment to protecting minors
Super Graphic is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16 without verified parental or guardian consent.
If we become aware that we have inadvertently collected personal data from a child under 16 without appropriate consent, we will take immediate steps to delete that information from our servers.
If you are a parent or guardian and believe your child has provided personal information to Super Graphic without your consent, please contact us immediately at privacy@supergraphic.com. We will promptly investigate and remove the information.
Super Graphic for Education: If your school or educational institution uses Super Graphic as part of its curriculum, the institution is responsible for obtaining necessary parental consents. Our Education plan includes additional privacy safeguards for student accounts.
How we handle cross-border data transfers
Super Graphic operates globally, and your data may be processed in countries other than your country of residence. We ensure that any international data transfer is protected by appropriate safeguards:
Our primary data centers are located in India (Mumbai) and Singapore, with CDN edge locations distributed globally for performance optimization. Content delivery through CDN nodes does not involve permanent storage of personal data.
How AI features interact with your data
Super Graphic uses AI and machine learning technologies to power features such as smart design suggestions, background removal, image generation, auto-layout, and text assistance. Here's how your data interacts with these features:
For full details on AI content ownership and usage rights, please refer to Section 6 of our Terms & Conditions.
How we update this privacy policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.
When we make changes:
We encourage you to review this page periodically for the latest information on our privacy practices. Your continued use of Super Graphic after changes become effective constitutes your acceptance of the revised policy.
Previous versions of this Privacy Policy are available upon request. Contact privacy@supergraphic.com to request a copy of any prior version.
Get in touch about privacy matters
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the following channels:
dpo@supergraphic.com
[Your Street Address]
[City, State, PIN Code]
India
We aim to respond to all privacy-related inquiries within 2 business days and to fulfill data subject requests within 30 days as required by applicable law.