Skip to main content

Data Protection Policy

Last updated: October 2025

Updated over 3 months ago

At SuperRise, we believe trust isn’t earned with slogans - it’s earned by how we handle your data.

This policy explains exactly how we protect, store, and manage your business information.

No smoke. No mirrors. Just straight-up security and respect for your data.

1. Purpose

This policy sets out how SuperRise Ltd (“we”, “our”, “us”) handles personal and business data in line with:

  • The UK GDPR and Data Protection Act 2018

  • CCPA (California Consumer Privacy Act)

  • Relevant North American privacy frameworks

In plain English: we take data protection seriously, wherever you’re based.

2. Scope

This policy covers all data we collect, process, or store through:

  • The SuperRise platform

  • Our website and marketing systems

  • Customer communications (emails, support, analytics)

It applies to:

  • All users and registered businesses on SuperRise

  • Our employees, contractors, and partners with access to data

3. Our Data Principles

We run a tight ship guided by six golden rules:

  1. Lawfulness, fairness, transparency - we’ll tell you what we collect and why.

  2. Purpose limitation - we only use data to improve your SuperRise experience.

  3. Data minimisation - if we don’t need it, we don’t take it.

  4. Accuracy - we keep your information up to date and fix errors fast.

  5. Storage limitation - we don’t hoard. When it’s no longer needed, it’s deleted.

  6. Integrity and confidentiality - your data is encrypted, locked, and monitored.

4. What We Collect

Depending on how you use SuperRise, we may collect:

a. Business Data

Company name, industry, size, and project details to personalise your outputs.

b. Account Information

Email, username, and payment info (securely handled via third-party providers like Stripe).

c. Platform Usage Data

Interactions, module completions, and anonymised analytics to improve platform performance.

d. Communications

Emails, chat logs, or support messages when you contact us — because we like to fix things fast.

We do not collect sensitive personal data (e.g. health, biometrics, religion, or politics).

5. Lawful Basis for Processing

We process your data based on

  • Contractual necessity — to deliver the SuperRise service you signed up for.

  • Legitimate interest — to improve performance, usability, and security.

  • Consent — for cookies, analytics, and marketing preferences.

  • Legal obligation — to comply with laws and tax regulations.

6. Data Storage and Security

Your data is stored securely in encrypted databases on Tier-1 cloud providers (AWS EU-West and US-East).

Encryption standards:

  • Data in transit: TLS 1.3

  • Data at rest: AES-256

  • Access control: MFA and role-based permissions

We back up data daily, monitor for anomalies 24/7, and audit systems quarterly.

7. Data Retention

We keep your business data for as long as your account is active — and for up to 90 days after cancellation in case you decide to come back.

After that, your data is permanently deleted from live systems and backups.

Anonymised metadata (like usage stats) may be retained for product improvement — but it contains no identifiable business or personal information.

8. Data Sharing

We only share your data with trusted third-party providers essential to running the platform, such as:

  • Hosting: AWS

  • Payments: Stripe and Paypal

  • Analytics: Google (in anonymised mode) and PostHog for user behaviour on the platform

  • Email/CRM: Mailchimp, Apollo, HubSpot, or equivalent

All providers comply with GDPR, CCPA, and standard contractual clauses (SCCs).

We never sell, rent, or trade your data. Ever.

9. AI and Data Ethics

Our AI modules use your inputs to generate outputs for your business only.

We do not:

  • Train public or third-party LLMs on your content

  • Share chat data externally

  • Use your strategies or outputs for model improvement

We may analyse aggregate usage patterns to improve prompt performance - but this data is anonymised and stripped of identifiers.

10. Your Rights

Under data protection laws, you have the right to:

  • Access your data

  • Correct inaccurate information

  • Request deletion (“Right to be forgotten”)

  • Restrict processing

  • Object to data use for specific purposes

  • Request data portability

To exercise these rights, email hello@superrise.com. We’ll respond within 30 days.

11. International Data Transfers

If and when the data is transferred outside the UK or EU, we ensure equivalent protection through:

  • Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Agreements

  • Certified privacy frameworks (where applicable)

12. Data Breach Response

If a breach ever occurs, we’ll:

  1. Contain and investigate immediately

  2. Notify affected users and regulators within 72 hours (as required)

  3. Document the event and strengthen controls

We’ve never had a breach - and we plan to keep it that way.

13. Roles and Responsibilities

  • Data Protection Lead: Oversees compliance and audits.

  • Security Lead: Manages encryption, monitoring, and infrastructure.

  • All Staff: Trained annually on GDPR, privacy, and data ethics.

14. Policy Updates

We review and update this policy at least once a year or whenever regulations change.

You’ll always find the latest version here - and we’ll notify you if something significant changes.

15. Contact Us

Questions, requests, or caffeine-fuelled debates about data privacy?

Email us at hello@superrise.com or write to:

SuperRise Ltd

Data Protection Team

124 City Road
London EC1V 2NX
United Kingdom

In Short

We protect your data like it’s our own - encrypted, locked, and off-limits to prying eyes.

No shady data deals. No hidden AI training.

Just clean, transparent, founder-first data protection that helps you rise, safely.

Did this answer your question?