Privacy Policy

1. Who This Service Is For

SuperDuper is designed for adults—parents, guardians, and caregivers—who manage family schedules. While the app processes information about children (names, activities, schedules), the app is not intended for use by children.

We do not knowingly allow children under 13 to create accounts or use our service. If you believe a child has created an account, please contact us immediately and we will delete it.

2. Information We Collect

Account Information

• Your name and email address
• Authentication credentials (we use industry-standard OAuth; we never see your email password)
• Payment information (processed by our payment provider; we don't store card numbers)

Family Information

To provide our service, we process information about your family members, which may include:

• Names of family members, including children
• Schedules, appointments, and activities
• Schools, sports teams, and extracurricular organizations
• Contact information for coaches, teachers, and other caregivers
• Relationships between people (e.g., "Coach Mike" is associated with "soccer practice")

Connected Account Data

When you connect your email or calendar, we access data from those services to extract relevant family logistics information. See Section 3 for detailed information about email handling.

Usage Information

• How you interact with the app (features used, corrections made)
• Device information (browser type, operating system)
• Error logs and performance data

3. Email Access and Handling

Email access is core to how SuperDuper works—we extract family logistics information from school newsletters, activity schedules, and appointment confirmations. Given the sensitivity of email, we want to be explicit about our practices.

How We Filter Your Email

We don't process all your email. Most of your inbox never reaches our AI systems at all. We use a multi-stage filtering process:

• Automatically discarded: Shipping notifications, login codes, password resets, social media alerts, and payment receipts are filtered out immediately based on sender patterns—they never touch any AI system.
• Fast-tracked as relevant: Emails from .edu domains and known kid-logistics platforms (e.g., TeamSnap, ClassDojo, Konstella) proceed directly to processing.
• Evaluated for relevance: Remaining emails are assessed using sender and subject line. For uncertain cases, we may examine a preview of the email content to determine if it's family-related.

For most users, only a small fraction of their inbox is actually processed by our AI systems.

What We Store vs. What We Discard

For the small percentage of emails that are relevant, here's exactly what we keep and what we don't:

Think of it like a friend reading your email and telling you "soccer practice moved to Wednesday at 5pm." We remember the takeaway, not the entire message.

Human Access to Your Email

Our team does not have access to read your raw email content. If you report a bug or issue that requires us to examine your email data to diagnose the problem, we will require your explicit permission first. Any such access is logged, limited to the specific issue, and revoked once the problem is resolved.

Revoking Email Access

You can disconnect your email at any time through your account settings. When you do:

• We immediately stop accessing your email
• Previously extracted information remains in your account (you can delete this too)
• You can also revoke access directly through your email provider's security settings

4. Other Connected Accounts

Beyond email, SuperDuper may connect to other data sources you authorize, such as calendars, to provide a more complete picture of your family's schedule.

For all connected accounts:

• We access only data relevant to family logistics
• We extract useful information and do not retain raw data long-term
• We never share your data with advertisers or use it to train AI models
• You can disconnect any account at any time through your settings

As we add support for new data sources, this policy will be updated to reflect any source-specific practices but the core principles outlined above will always apply.

5. AI Processing and Model Training

SuperDuper uses artificial intelligence to understand your family's information and generate personalized applications. We want to be completely transparent about how this works.

How We Use AI

• Interpretation: We use AI to extract meaningful information from your emails and calendars (identifying people, events, and relationships)
• Generation: We use AI to create and customize your family's application interface
• Adaptation: We use AI to suggest improvements based on how you use the app

Third-Party AI Providers

We use third-party AI models to power our service. Here's what you need to know:

• Data Processing Agreements: We have contractual agreements with all AI providers that explicitly prohibit them from using your data to train their models
• API-Only Access: We use these services through their commercial APIs, which have stronger privacy protections than consumer products
• No Data Retention: Our agreements specify that AI providers do not retain your data beyond the immediate processing request

What "No Training" Means Specifically

To be precise: when your data passes through an AI model, it is processed and a response is returned. Your data does not get added to any training dataset, influence model weights, or get used for reinforcement learning. It is not retained for any purpose beyond completing your request.

Operational Tools and Service Providers

Like virtually all modern software, we use trusted operational tools for error monitoring, performance tracking, and system reliability. These tools may process limited data as part of normal operations. All such providers:

• Operate under Data Processing Agreements (DPAs) that restrict how they handle your data
• Are prohibited from using your data for their own purposes
• Are required to maintain appropriate security standards
• May only retain data for operational purposes (debugging, reliability) for limited periods

This is standard industry practice for maintaining a reliable, secure service. These operational tools do not use your data for training AI models or for any purpose beyond supporting our service to you.

6. How We Use Your Information

We use your information for these purposes:

• Providing the Service: Processing your data to create and maintain your family logistics application
• Improving Your Experience: Learning from your corrections and feedback to make the app more accurate for you. This may include re-processing information from your connected accounts to improve accuracy and surface more relevant insights for you.
• Communication: Sending you important updates about the service (you can opt out of non-essential communications)
• Security: Protecting your account and detecting fraudulent activity
• Legal Compliance: Meeting our legal obligations

7. When We Share Your Information

We share your information only in these limited circumstances:

• Service Providers: With companies that help us provide our service (cloud hosting, AI processing, payment processing), under strict contractual protections
• With Your Consent: When you explicitly ask us to share information
• Legal Requirements: When required by law, subpoena, or court order
• Safety: If we believe disclosure is necessary to prevent harm to you, us, or others
• Business Transfer: In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change and your options regarding your data.

8. How We Protect Your Information

We implement industry-standard security measures to protect your data:

• SOC 2 Compliance: We maintain SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality through independent audit
• Encryption in Transit: All data transmitted to and from our service uses TLS encryption
• Encryption at Rest: Your data is encrypted when stored in our databases
• Access Controls: Strict internal policies limit who can access user data, and all access is logged
• Regular Audits: We regularly review our security practices and update them as needed
• Vendor Security: We vet all service providers for appropriate security practices

No system is perfectly secure. If we discover a security breach affecting your personal information, we will notify you as required by applicable law.

9. Your Rights and Choices

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate information
• Deletion: Request that we delete your personal information
• Portability: Request your data in a portable format
• Withdraw Consent: Disconnect data sources or close your account at any time
• Object: Object to certain processing of your information

To exercise these rights, contact us at privacy@superduper.app. We will respond within 30 days.

Shared Family Accounts

SuperDuper allows multiple parents or guardians to be part of the same family account. Here's how data sharing works in shared accounts:

• Consent to Share: By participating in a shared family account and connecting your email, you consent to other family members seeing the extracted summaries from your email (e.g., event details, schedules, activities)
• Dashboard Visibility: All members of a family account can see all items on the shared dashboard, including information extracted from any connected email account
• Raw Email Remains Private: Other family members never have access to your raw email content—only the extracted logistics summaries appear on the dashboard
• Optional Connection: Each parent can choose whether to connect their own email for extraction. You can participate in a family account without connecting your email.

If you're uncomfortable with other family members seeing your extracted email summaries, you can disconnect your email at any time while remaining a member of the family account.

10. Information About Children

Our service processes information about children as part of family logistics management. We want to be clear about our approach:

• Parental Control: All information about children is provided and controlled by their parents or guardians
• Limited Collection: We collect information about children relevant to scheduling and activities (names, schedules, teams, activities)—not academic records, grades, or sensitive educational data
• No Marketing: We never use information about children for marketing or advertising purposes
• Parental Access: Parents can access, modify, or delete any information about their children at any time

Future Integrations

We may add integrations with youth sports platforms, activity management tools, and similar services to improve our ability to track your children's schedules. Any such integrations will require your explicit authorization and will be limited to scheduling and logistics information—not academic performance or grades.

If you have questions about our handling of children's information, please contact us at privacy@superduper.app.

11. Data Retention

We retain your information for as long as you maintain an active account. After account deletion:

• Personal information is deleted from active systems within 30 days
• Legal and billing records are retained as required by law

12. California Privacy Rights

If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information
• Right to Non-Discrimination: We won't discriminate against you for exercising your rights

As stated above, we do not sell personal information or share it for cross-context behavioral advertising.

13. International Users

SuperDuper is designed for and operated in the United States. We do not specifically target or market to users outside the United States.

If you access our service from outside the United States, you do so at your own initiative and are responsible for compliance with local laws. By using SuperDuper, you consent to the transfer of your information to the United States, where data protection laws may differ from those in your country.

14. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you by email or through the app
• For material changes, request your acknowledgment before continued use

15. Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

We aim to respond to all privacy inquiries within 30 days.