Privacy Policy
Our Privacy Policy
Our Privacy Policy outlines how we collect, use, and protect your personal information. Your privacy and security are our priorities.
Our Privacy Policy outlines how we collect, use, and protect your personal information. Your privacy and security are our priorities.
Last Updated on March, 10, 2026
1. Introduction
Superciso ("we", "us", or "our") is committed to protecting the privacy of its users. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our SaaS web application (the "Service").
This policy is compliant with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).
2. Data Controller
Superciso acts as the data controller for the personal data collected through the Service. For any privacy-related questions, you can contact us at:
Email: privacy@superciso.com
Address: Molenstraat 87, Belgium
3. Personal Data We Collect
When you register for or use the Service, we may collect the following personal data:
• First name
• Last name
• Email address
• Professional function / job title
• Telephone number (where voluntarily provided)
We do not collect any special categories of personal data (such as health, biometric, or political data) and we do not knowingly collect data from children under the age of 16.
4. Legal Basis for Processing
We process your personal data on the following legal grounds under Article 6 GDPR:
• Contract performance (Art. 6(1)(b)): to create and manage your account, provide and improve the Service, and respond to your support requests.
• Legitimate interests (Art. 6(1)(f)): to ensure the security of the Service, prevent fraud, and communicate relevant product updates.
• Consent (Art. 6(1)(a)): where you have explicitly opted in to receive marketing communications. You may withdraw your consent at any time.
• Legal obligation (Art. 6(1)(c)): where we are required by applicable EU or Belgian law to retain or disclose certain data.
5. Purposes of Processing
We use your personal data for the following purposes:
• Creating and managing your user account
• Providing access to the Service and its features
• Communicating with you about your account, updates, or support requests
• Sending service-related notifications (e.g., invoices, security alerts)
• Improving and developing the Service
• Complying with legal obligations
6. Data Storage & Security
All personal data is stored exclusively within the European Economic Area (EEA). We use Google Cloud Platform infrastructure located in Belgium (europe-west1 region) to host and process your data.
We implement appropriate technical and organisational security measures to protect your data against unauthorised access, accidental loss, alteration, or disclosure, including:
• Encryption of data at rest and in transit (TLS/SSL)
• Access controls and role-based permissions
• Regular security reviews and monitoring
• Secure software development practices
No transfer of your personal data to third countries outside the EEA takes place without appropriate safeguards in accordance with Chapter V of the GDPR.
7. Data Retention
We retain your personal data for as long as your account is active or as necessary to provide the Service. Upon account termination:
• Account data is deleted within 30 days of the termination request.
• Backup copies may be retained for up to 90 days before permanent deletion.
• Data required for legal, audit, or tax purposes may be retained for up to 7 years, as required under Belgian law.
8. Third-Party Processors
We may share your personal data with trusted third-party service providers who act as data processors on our behalf, strictly to support the delivery of the Service. These include:
• Google Cloud Platform — cloud infrastructure and data hosting (Belgium)
• Payment processors — for billing purposes (where applicable)
• Email delivery providers — for transactional notifications
All third-party processors are bound by Data Processing Agreements (DPAs) in compliance with GDPR Art. 28. We do not sell, rent, or trade your personal data to any third party for marketing purposes.
9. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR:
• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction (Art. 18): Request that we limit how we use your data in certain circumstances.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing.
To exercise any of these rights, please contact us at privacy@superciso.io. We will respond within 30 days, in accordance with GDPR requirements.
10. Cookies & Tracking
Our Service uses essential cookies required for authentication and security. We may also use analytics cookies to understand how the Service is used and to improve it. You can manage cookie preferences through your browser settings or our cookie consent tool.
For detailed information on the cookies we use, please refer to our Cookie Policy [link].
11. Complaints & Supervisory Authority
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autoriteit Persoonsgegevens / Autorité de protection des données):
Website: www.dataprotectionauthority.be
Email: contact@apd-gba.be
Telephone: +32 (0)2 274 48 00
12. Updates to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via a notice within the Service, and update the "Last updated" date at the top of this document. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy or how SuperCISO handles your data, you can contact us at:
1. Introduction
Superciso ("we", "us", or "our") is committed to protecting the privacy of its users. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our SaaS web application (the "Service").
This policy is compliant with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).
2. Data Controller
Superciso acts as the data controller for the personal data collected through the Service. For any privacy-related questions, you can contact us at:
Email: privacy@superciso.com
Address: Molenstraat 87, Belgium
3. Personal Data We Collect
When you register for or use the Service, we may collect the following personal data:
• First name
• Last name
• Email address
• Professional function / job title
• Telephone number (where voluntarily provided)
We do not collect any special categories of personal data (such as health, biometric, or political data) and we do not knowingly collect data from children under the age of 16.
4. Legal Basis for Processing
We process your personal data on the following legal grounds under Article 6 GDPR:
• Contract performance (Art. 6(1)(b)): to create and manage your account, provide and improve the Service, and respond to your support requests.
• Legitimate interests (Art. 6(1)(f)): to ensure the security of the Service, prevent fraud, and communicate relevant product updates.
• Consent (Art. 6(1)(a)): where you have explicitly opted in to receive marketing communications. You may withdraw your consent at any time.
• Legal obligation (Art. 6(1)(c)): where we are required by applicable EU or Belgian law to retain or disclose certain data.
5. Purposes of Processing
We use your personal data for the following purposes:
• Creating and managing your user account
• Providing access to the Service and its features
• Communicating with you about your account, updates, or support requests
• Sending service-related notifications (e.g., invoices, security alerts)
• Improving and developing the Service
• Complying with legal obligations
6. Data Storage & Security
All personal data is stored exclusively within the European Economic Area (EEA). We use Google Cloud Platform infrastructure located in Belgium (europe-west1 region) to host and process your data.
We implement appropriate technical and organisational security measures to protect your data against unauthorised access, accidental loss, alteration, or disclosure, including:
• Encryption of data at rest and in transit (TLS/SSL)
• Access controls and role-based permissions
• Regular security reviews and monitoring
• Secure software development practices
No transfer of your personal data to third countries outside the EEA takes place without appropriate safeguards in accordance with Chapter V of the GDPR.
7. Data Retention
We retain your personal data for as long as your account is active or as necessary to provide the Service. Upon account termination:
• Account data is deleted within 30 days of the termination request.
• Backup copies may be retained for up to 90 days before permanent deletion.
• Data required for legal, audit, or tax purposes may be retained for up to 7 years, as required under Belgian law.
8. Third-Party Processors
We may share your personal data with trusted third-party service providers who act as data processors on our behalf, strictly to support the delivery of the Service. These include:
• Google Cloud Platform — cloud infrastructure and data hosting (Belgium)
• Payment processors — for billing purposes (where applicable)
• Email delivery providers — for transactional notifications
All third-party processors are bound by Data Processing Agreements (DPAs) in compliance with GDPR Art. 28. We do not sell, rent, or trade your personal data to any third party for marketing purposes.
9. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR:
• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction (Art. 18): Request that we limit how we use your data in certain circumstances.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing.
To exercise any of these rights, please contact us at privacy@superciso.io. We will respond within 30 days, in accordance with GDPR requirements.
10. Cookies & Tracking
Our Service uses essential cookies required for authentication and security. We may also use analytics cookies to understand how the Service is used and to improve it. You can manage cookie preferences through your browser settings or our cookie consent tool.
For detailed information on the cookies we use, please refer to our Cookie Policy [link].
11. Complaints & Supervisory Authority
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autoriteit Persoonsgegevens / Autorité de protection des données):
Website: www.dataprotectionauthority.be
Email: contact@apd-gba.be
Telephone: +32 (0)2 274 48 00
12. Updates to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via a notice within the Service, and update the "Last updated" date at the top of this document. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy or how SuperCISO handles your data, you can contact us at:
1. Introduction
Superciso ("we", "us", or "our") is committed to protecting the privacy of its users. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our SaaS web application (the "Service").
This policy is compliant with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).
2. Data Controller
Superciso acts as the data controller for the personal data collected through the Service. For any privacy-related questions, you can contact us at:
Email: privacy@superciso.com
Address: Molenstraat 87, Belgium
3. Personal Data We Collect
When you register for or use the Service, we may collect the following personal data:
• First name
• Last name
• Email address
• Professional function / job title
• Telephone number (where voluntarily provided)
We do not collect any special categories of personal data (such as health, biometric, or political data) and we do not knowingly collect data from children under the age of 16.
4. Legal Basis for Processing
We process your personal data on the following legal grounds under Article 6 GDPR:
• Contract performance (Art. 6(1)(b)): to create and manage your account, provide and improve the Service, and respond to your support requests.
• Legitimate interests (Art. 6(1)(f)): to ensure the security of the Service, prevent fraud, and communicate relevant product updates.
• Consent (Art. 6(1)(a)): where you have explicitly opted in to receive marketing communications. You may withdraw your consent at any time.
• Legal obligation (Art. 6(1)(c)): where we are required by applicable EU or Belgian law to retain or disclose certain data.
5. Purposes of Processing
We use your personal data for the following purposes:
• Creating and managing your user account
• Providing access to the Service and its features
• Communicating with you about your account, updates, or support requests
• Sending service-related notifications (e.g., invoices, security alerts)
• Improving and developing the Service
• Complying with legal obligations
6. Data Storage & Security
All personal data is stored exclusively within the European Economic Area (EEA). We use Google Cloud Platform infrastructure located in Belgium (europe-west1 region) to host and process your data.
We implement appropriate technical and organisational security measures to protect your data against unauthorised access, accidental loss, alteration, or disclosure, including:
• Encryption of data at rest and in transit (TLS/SSL)
• Access controls and role-based permissions
• Regular security reviews and monitoring
• Secure software development practices
No transfer of your personal data to third countries outside the EEA takes place without appropriate safeguards in accordance with Chapter V of the GDPR.
7. Data Retention
We retain your personal data for as long as your account is active or as necessary to provide the Service. Upon account termination:
• Account data is deleted within 30 days of the termination request.
• Backup copies may be retained for up to 90 days before permanent deletion.
• Data required for legal, audit, or tax purposes may be retained for up to 7 years, as required under Belgian law.
8. Third-Party Processors
We may share your personal data with trusted third-party service providers who act as data processors on our behalf, strictly to support the delivery of the Service. These include:
• Google Cloud Platform — cloud infrastructure and data hosting (Belgium)
• Payment processors — for billing purposes (where applicable)
• Email delivery providers — for transactional notifications
All third-party processors are bound by Data Processing Agreements (DPAs) in compliance with GDPR Art. 28. We do not sell, rent, or trade your personal data to any third party for marketing purposes.
9. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR:
• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction (Art. 18): Request that we limit how we use your data in certain circumstances.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing.
To exercise any of these rights, please contact us at privacy@superciso.io. We will respond within 30 days, in accordance with GDPR requirements.
10. Cookies & Tracking
Our Service uses essential cookies required for authentication and security. We may also use analytics cookies to understand how the Service is used and to improve it. You can manage cookie preferences through your browser settings or our cookie consent tool.
For detailed information on the cookies we use, please refer to our Cookie Policy [link].
11. Complaints & Supervisory Authority
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autoriteit Persoonsgegevens / Autorité de protection des données):
Website: www.dataprotectionauthority.be
Email: contact@apd-gba.be
Telephone: +32 (0)2 274 48 00
12. Updates to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via a notice within the Service, and update the "Last updated" date at the top of this document. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy or how SuperCISO handles your data, you can contact us at: