Superfolio

PRIVACY POLICY

Last Updated: June 2, 2026

This Privacy Policy explains how SUPERFOLIO collects, uses, stores, discloses, protects, and otherwise processes information in connection with the SUPERFOLIO websites, applications, dashboards, public portfolio pages, portfolio-hosting tools, review and testimonial tools, forms, embeds, integrations, webhooks, APIs, scripts, analytics tools, verification-badge features, account tools, paid plans, free plans, and related products and services.

For limited legal identification purposes only, SUPERFOLIO is operated by Scalith, LLC. Except where the context requires otherwise, “SUPERFOLIO,” “we,” “us,” and “our” refer to the SUPERFOLIO service, platform, website, products, and their operator, personnel, vendors, licensors, service providers, contractors, affiliates, successors, and assigns.

By accessing, browsing, registering for, creating, publishing, viewing, embedding, integrating with, subscribing to, submitting information through, or otherwise using SUPERFOLIO, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy is incorporated into and forms part of the SUPERFOLIO Terms and Conditions. Capitalized terms not defined in this Privacy Policy have the meanings given to them in the Terms and Conditions.

1. Scope of This Privacy Policy

This Privacy Policy applies to information processed by SUPERFOLIO in connection with the Service.

This Privacy Policy does not apply to the privacy practices of Portfolio Owners, Viewers, customers, clients, prospects, reviewers, external calendar tools, payment processors, video platforms, booking tools, identity-verification vendors, analytics providers, embedded services, APIs, webhook recipients, or any other third party except to the limited extent that such third party processes information on behalf of SUPERFOLIO.

SUPERFOLIO allows Users to create publicly available portfolios and to publish, collect, display, embed, transmit, and organize Content. Portfolio Owners are solely responsible for their own privacy practices, their own legal compliance, their own notices and consents, and their own handling of information they collect from Viewers, reviewers, customers, clients, prospects, or other third parties.

If you interact with a Portfolio, submit a form, submit a review, click a booking link, use an embedded calendar, watch an embedded video, interact with a third-party widget, or communicate with a Portfolio Owner, the Portfolio Owner and/or the applicable Third-Party Service may process your information independently from SUPERFOLIO.

2. Important Public Portfolio Notice

SUPERFOLIO is designed to help Users create, host, organize, publish, and share portfolios and related materials. Unless a feature expressly indicates otherwise, Portfolios and Portfolio Content may be public.

Public Content may be viewed, copied, indexed, cached, screenshotted, downloaded, archived, shared, saved, embedded, linked, or otherwise retained by search engines, Viewers, artificial intelligence crawlers, social platforms, browser tools, third-party services, and other persons or systems outside SUPERFOLIO’s control.

You should not upload, publish, display, submit, or disclose any information through SUPERFOLIO unless you are authorized to do so and are comfortable with the applicable visibility, disclosure, and processing risks.

SUPERFOLIO does not fact-check, verify, validate, audit, investigate, warrant, guarantee, or certify User Content. This includes, without limitation, portfolio claims, project claims, case studies, service descriptions, reviews, testimonials, customer logos, results, credentials, business information, identity claims, or other Content submitted by Users.

3. Our Role

Depending on the context, SUPERFOLIO may act in different privacy roles.

When SUPERFOLIO processes information for its own Account administration, billing, security, analytics, support, legal compliance, fraud prevention, product improvement, communications, and platform operations, SUPERFOLIO generally acts as an independent business, controller, or equivalent role under applicable law.

When a Portfolio Owner uses SUPERFOLIO to host Portfolio Content, collect forms, receive review submissions, display testimonials, transmit webhook events, use APIs, or otherwise process information relating to that Portfolio Owner’s own Viewers, customers, prospects, reviewers, clients, or business contacts, SUPERFOLIO may process such information on behalf of the Portfolio Owner as a service provider, processor, or equivalent role, subject to the applicable plan, settings, agreement, data-processing terms, and legal requirements.

Portfolio Owners are solely responsible for determining whether they need a separate privacy policy, cookie notice, consent banner, data-processing agreement, customer notice, reviewer consent, marketing consent, testimonial release, logo permission, client permission, or other legal basis for collecting, publishing, using, or disclosing information through SUPERFOLIO.

4. Information We Collect

SUPERFOLIO may collect and process the categories of information described below.

4.1 Account and Registration Information

We may collect information you provide when creating, accessing, administering, or updating an Account, including:

  • name;
  • email address;
  • password or authentication information;
  • username;
  • profile image or display picture;
  • business name;
  • role or title;
  • workspace information;
  • team-member details;
  • account preferences;
  • plan information;
  • login information;
  • support information;
  • communications with us;
  • verification status;
  • security settings; and
  • other information you provide in connection with your Account.

4.2 Portfolio and User Content

We may collect and process Content that Users submit, upload, import, publish, display, link, embed, transmit, or otherwise make available through SUPERFOLIO, including:

  • portfolio names and URLs;
  • profile descriptions;
  • business descriptions;
  • professional information;
  • project descriptions;
  • work history;
  • case studies;
  • service offerings;
  • screenshots;
  • images;
  • videos;
  • files;
  • logos;
  • marks;
  • testimonials;
  • reviews;
  • ratings;
  • customer references;
  • links;
  • embedded content;
  • calendar embeds;
  • booking embeds;
  • form fields;
  • form submissions;
  • review requests;
  • reviewer information;
  • customer names;
  • client names;
  • external links;
  • metadata;
  • and other materials submitted by or on behalf of Users.

User Content may include personal information about the User or about third parties. The User submitting such Content is solely responsible for having all rights, consents, permissions, notices, releases, and lawful bases required to submit, publish, display, or otherwise process that Content.

4.3 Viewer, Visitor, and Usage Information

When a person visits or interacts with SUPERFOLIO, a Portfolio, a tracked link, an embedded feature, a form, or related functionality, we may collect information such as:

  • IP address;
  • device type;
  • browser type;
  • operating system;
  • user agent;
  • referring URL;
  • pages viewed;
  • Portfolio viewed;
  • links clicked;
  • timestamps;
  • approximate location derived from IP address;
  • session data;
  • page-load events;
  • interaction events;
  • form events;
  • review-submission events;
  • time-on-page estimates;
  • portfolio-activity signals;
  • lead or engagement signals;
  • error logs;
  • diagnostic logs;
  • cookie identifiers;
  • and similar technical, analytics, and usage information.

Some analytics, tracking, and activity signals may be incomplete, approximate, delayed, blocked, duplicated, or affected by privacy tools, ad blockers, browser settings, network configurations, bots, caching, VPNs, proxies, device sharing, or third-party systems.

4.4 Form, Review, and Testimonial Information

If you submit a form, review, testimonial, rating, endorsement, feedback item, or similar communication through SUPERFOLIO, we may collect the information you submit and associated metadata.

Such information may be provided to the relevant Portfolio Owner and may be displayed publicly if the Portfolio Owner publishes or enables publication of that information. SUPERFOLIO does not control how a Portfolio Owner uses information after receiving it, except to the limited extent required by SUPERFOLIO’s own policies, technical controls, or applicable agreements.

4.5 Payment and Billing Information

If you purchase a paid plan, add-on, subscription, or other paid feature, payment information may be processed by our payment processors. We may receive and store limited billing-related information, such as:

  • billing name;
  • billing email;
  • billing address;
  • plan type;
  • subscription status;
  • invoice history;
  • transaction identifiers;
  • payment status;
  • tax information;
  • card brand;
  • last four digits of a payment card;
  • expiration month and year;
  • chargeback or dispute information;
  • and other payment-related metadata.

We generally do not intend to store full payment-card numbers where a payment processor is used to process payments.

4.6 Optional Identity Verification Information

SUPERFOLIO may offer optional identity-verification or verification-badge features through external verification providers.

If you choose to participate in an identity-verification workflow, we and/or our verification providers may collect, receive, generate, process, or store information such as:

  • legal name;
  • date of birth;
  • address;
  • country or region;
  • government-issued identification document information;
  • images of identification documents;
  • document numbers or partial document numbers;
  • document validity information;
  • selfie images;
  • face images;
  • liveness-check signals;
  • face-match results;
  • biometric identifiers or biometric information, where applicable;
  • verification status;
  • verification score or result;
  • fraud-risk signals;
  • device and network signals;
  • timestamps;
  • audit logs;
  • vendor reference identifiers;
  • and other information reasonably necessary for identity verification, fraud prevention, security, compliance, or badge administration.

A Verification Badge means only that the applicable Account satisfied the then-applicable technical, automated, third-party, or internal conditions for displaying that badge. A Verification Badge does not mean that SUPERFOLIO has independently guaranteed, certified, audited, or verified a person’s identity, business status, company existence, credentials, trustworthiness, projects, reviews, results, services, or future conduct.

Identity-verification workflows may be performed by Third-Party Services that have their own privacy notices, terms, security practices, retention practices, and legal obligations. You should review those third-party terms and policies before submitting verification information.

4.7 Information From Third-Party Services and Integrations

If you connect, authorize, embed, import from, export to, or otherwise use a Third-Party Service with SUPERFOLIO, we may collect or receive information from or about that Third-Party Service, including:

  • integration configuration;
  • connected account identifiers;
  • access tokens;
  • API keys or secrets;
  • webhook configuration;
  • calendar or booking metadata;
  • external content;
  • imported files;
  • imported reviews;
  • imported testimonials;
  • imported profile information;
  • event data;
  • logs;
  • permissions;
  • and other information made available through the integration.

You are solely responsible for ensuring that your use of Third-Party Services complies with their terms, privacy policies, permissions, and applicable law.

4.8 Communications and Support Information

If you contact SUPERFOLIO, respond to emails, submit support requests, participate in surveys, report abuse, send legal notices, or communicate with us, we may collect:

  • your contact information;
  • message contents;
  • attachments;
  • metadata;
  • issue details;
  • support history;
  • and related communications.

4.9 Cookies and Similar Technologies

We and Third-Party Services may use cookies, pixels, local storage, SDKs, tags, scripts, device identifiers, and similar technologies to operate, secure, authenticate, remember preferences, provide analytics, measure usage, improve performance, detect abuse, support embeds, and, where applicable, support marketing or advertising.

Cookies and similar technologies may be set by SUPERFOLIO or by third parties, including embedded calendar tools, video platforms, analytics providers, payment processors, identity-verification providers, hosting providers, customer-support tools, and other services.

5. Information We Do Not Intentionally Seek

Unless expressly permitted by SUPERFOLIO in writing or required for an approved feature, you must not use SUPERFOLIO to collect, upload, publish, or transmit:

  • payment-card numbers;
  • bank-account numbers;
  • passwords;
  • authentication credentials;
  • Social Security numbers;
  • government identifiers not required for an approved verification workflow;
  • health information;
  • medical records;
  • insurance information;
  • children’s personal information;
  • precise geolocation;
  • financial account credentials;
  • biometric information outside an approved verification workflow;
  • sensitive employment records;
  • criminal-history information;
  • legally privileged information;
  • highly confidential client information;
  • regulated personal information;
  • or any other high-risk information.

SUPERFOLIO is not intended to be used as a HIPAA-covered health platform, PCI payment-card storage system, financial-record system, children’s service, regulated identity vault, or repository for highly sensitive information.

6. How We Use Information

SUPERFOLIO may use information for the following purposes:

6.1 To Provide and Operate the Service

We may use information to:

  • create and manage Accounts;
  • authenticate Users;
  • host Portfolios;
  • display public Portfolio Content;
  • generate portfolio pages;
  • process forms;
  • process reviews and testimonials;
  • provide dashboards;
  • provide tracking links;
  • provide analytics and activity signals;
  • provide embeds;
  • provide APIs;
  • deliver webhook events;
  • maintain subscriptions;
  • process payments;
  • provide customer support;
  • send service notices;
  • operate integrations;
  • and perform other functions requested by Users.

6.2 To Display Public Content

We may use User Content to publish, display, host, transmit, format, index, preview, cache, render, resize, process, and otherwise make available Portfolios and related Content.

If you make Content public, we may display that Content to Viewers and make it available through links, previews, embeds, search engines, social platforms, and other systems that interact with public web content.

6.3 To Provide Portfolio Analytics and Activity Signals

We may use Viewer, visitor, device, interaction, and usage information to generate analytics, tracking-link activity, engagement signals, click signals, page-view signals, form-submission notifications, review notifications, and related portfolio-performance information.

Portfolio Owners may receive information about interactions with their Portfolios, forms, links, and public pages.

6.4 To Provide Optional Verification Features

We may use verification information to:

  • facilitate identity-verification workflows;
  • submit information to external verification providers;
  • receive verification results;
  • determine whether to display, maintain, suspend, or remove a Verification Badge;
  • prevent fraud;
  • protect Account integrity;
  • detect abuse;
  • investigate suspected misuse;
  • comply with law;
  • and maintain verification-related records.

6.5 To Communicate With You

We may use information to send:

  • account notices;
  • transactional emails;
  • security alerts;
  • support responses;
  • billing notices;
  • product updates;
  • administrative messages;
  • legal notices;
  • policy updates;
  • marketing communications;
  • and other communications relating to SUPERFOLIO.

You may opt out of non-transactional marketing emails by using the unsubscribe mechanism provided in such emails or by contacting us. You may not opt out of necessary service, legal, billing, or security communications.

6.6 To Improve, Secure, and Maintain SUPERFOLIO

We may use information to:

  • debug errors;
  • improve features;
  • monitor system performance;
  • conduct analytics;
  • prevent fraud;
  • detect abuse;
  • investigate suspicious activity;
  • enforce the Terms and Conditions;
  • protect Users;
  • protect SUPERFOLIO;
  • maintain backups;
  • train personnel;
  • develop new features;
  • and improve reliability, usability, and security.

6.7 For Legal, Compliance, and Business Purposes

We may use information to:

  • comply with applicable law;
  • respond to legal process;
  • enforce agreements;
  • protect rights and property;
  • prevent harm;
  • investigate disputes;
  • resolve chargebacks;
  • preserve evidence;
  • respond to regulators;
  • process rights requests;
  • conduct audits;
  • maintain corporate records;
  • support business transactions;
  • and exercise or defend legal claims.

6.8 For Aggregated, De-Identified, or Anonymized Uses

We may create aggregated, anonymized, or de-identified information that does not reasonably identify you. We may use and disclose such information for analytics, benchmarking, product improvement, research, business intelligence, marketing, reporting, and other lawful purposes.

We will not attempt to re-identify de-identified information except as permitted by applicable law.

7. How We Disclose Information

SUPERFOLIO may disclose information as described below.

7.1 Public Disclosure Through Portfolios

Information included in public Portfolios, public reviews, public testimonials, public forms, public embeds, public links, or other public Content may be disclosed publicly.

Public disclosure may include disclosure to Viewers, search engines, browsers, crawlers, social platforms, link-preview services, artificial intelligence systems, archiving services, and other third parties.

7.2 Disclosure to Portfolio Owners

If you interact with a Portfolio, submit a form, submit a review, click a tracked link, use a booking embed, or otherwise communicate through a Portfolio, we may disclose your information to the relevant Portfolio Owner.

Portfolio Owners may receive information such as your name, email address, submitted message, review content, form responses, link activity, page activity, timestamps, and other information associated with your interaction.

SUPERFOLIO is not responsible for the privacy, security, or legal compliance practices of Portfolio Owners.

7.3 Service Providers

We may disclose information to service providers that help us operate SUPERFOLIO, including providers of:

  • hosting;
  • cloud infrastructure;
  • databases;
  • storage;
  • content delivery networks;
  • analytics;
  • monitoring;
  • security;
  • fraud prevention;
  • payment processing;
  • billing;
  • email delivery;
  • customer support;
  • error logging;
  • identity verification;
  • communications;
  • automation;
  • development tools;
  • and other operational services.

Service providers may process information only as reasonably necessary to provide services to us or as otherwise permitted by applicable law and agreement.

7.4 Identity-Verification Providers

If you participate in optional identity verification, we may disclose verification information to external identity-verification providers. Those providers may process identification documents, images, face-match data, liveness signals, fraud-risk signals, and related information.

SUPERFOLIO may receive verification results, metadata, audit logs, and related information from such providers. SUPERFOLIO may use that information to determine whether to display, maintain, suspend, or remove a Verification Badge.

7.5 Payment Processors

Payment information may be disclosed to payment processors, card networks, banks, fraud-prevention providers, tax providers, and other entities involved in billing, payment authorization, subscription management, fraud prevention, chargeback handling, and financial compliance.

7.6 Third-Party Services Selected by Users

If you connect, embed, authorize, configure, or use a Third-Party Service, information may be disclosed to that Third-Party Service according to your settings, instructions, and use of the Service.

For example, if you configure a webhook endpoint, SUPERFOLIO may send event data to that endpoint. If you embed a calendar, video, booking tool, form tool, or other external service, that service may collect information directly from Viewers.

You are solely responsible for Third-Party Services you select, authorize, or embed.

7.7 Team Members and Account Administrators

If your Account is part of a workspace, team, organization, agency, company, or shared Account, information may be visible to Account owners, administrators, team members, and other authorized users based on permissions and settings.

7.8 Legal and Safety Disclosures

We may disclose information if we believe disclosure is necessary or appropriate to:

  • comply with law;
  • respond to subpoenas, court orders, warrants, regulatory requests, or legal process;
  • enforce the Terms and Conditions;
  • investigate abuse;
  • prevent fraud;
  • protect security;
  • protect rights, property, or safety;
  • respond to user complaints;
  • process copyright or intellectual-property notices;
  • prevent harm;
  • or cooperate with law enforcement, regulators, courts, rights holders, payment processors, infrastructure providers, or other relevant parties.

7.9 Business Transfers

We may disclose, transfer, or assign information in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, change of control, due diligence process, corporate transaction, or similar event.

7.10 With Consent or Direction

We may disclose information with your consent, at your direction, or as otherwise disclosed at the time of collection.

8. No Sale of Personal Information for Money

SUPERFOLIO does not intend to sell personal information for money.

However, some privacy laws define “sale,” “sharing,” “targeted advertising,” or similar terms broadly. Certain analytics, advertising, retargeting, tracking, embedded content, or cookie-based activities may be considered a “sale,” “sharing,” or use for targeted advertising under some laws.

Where required by applicable law, SUPERFOLIO will provide a method to opt out of such activities. If SUPERFOLIO provides a “Do Not Sell or Share My Personal Information,” “Privacy Choices,” “Cookie Settings,” or similar mechanism, you may use that mechanism to exercise applicable opt-out rights.

9. Cookies, Tracking, Analytics, and Opt-Outs

SUPERFOLIO may use cookies and similar technologies for the following purposes:

  • essential operation;
  • authentication;
  • security;
  • fraud prevention;
  • preference storage;
  • page rendering;
  • analytics;
  • performance measurement;
  • feature improvement;
  • form functionality;
  • embedded content;
  • payment functionality;
  • verification functionality;
  • customer support;
  • and, where applicable, marketing or advertising.

You may be able to control cookies through your browser settings, device settings, cookie banner, privacy controls, or other tools made available by SUPERFOLIO or third parties.

Blocking cookies may affect the availability or functionality of SUPERFOLIO.

Some browsers transmit “Do Not Track” signals. Because there is no uniform industry standard for responding to such signals, SUPERFOLIO may not respond to “Do Not Track” signals unless required by applicable law.

Where legally required, SUPERFOLIO will honor valid opt-out preference signals, such as Global Privacy Control, in accordance with applicable law and technical feasibility.

Third-party embeds may place their own cookies or similar technologies. SUPERFOLIO does not control all cookies or tracking technologies used by Third-Party Services embedded or linked by Portfolio Owners.

10. Legal Bases for Processing

Where laws such as the GDPR, UK GDPR, or similar laws apply, SUPERFOLIO may process personal information based on one or more legal bases, including:

10.1 Contract

We may process information as necessary to provide SUPERFOLIO, administer Accounts, process payments, provide subscriptions, host Portfolios, provide features, respond to support requests, and perform our agreements.

10.2 Legitimate Interests

We may process information based on legitimate interests, including operating and improving SUPERFOLIO, securing the Service, preventing fraud, enforcing terms, conducting analytics, providing customer support, communicating with Users, protecting rights, and maintaining business records.

10.3 Consent

We may process information based on consent, including where you consent to optional identity verification, certain cookies, marketing communications, optional integrations, or other consent-based processing.

You may withdraw consent where applicable, but withdrawal may not affect processing that occurred before withdrawal and may limit your ability to use certain features.

10.4 Legal Obligations

We may process information as necessary to comply with applicable law, legal process, tax obligations, accounting obligations, regulatory obligations, sanctions obligations, consumer-rights obligations, privacy-rights obligations, and other legal requirements.

10.5 Protection of Rights and Safety

We may process information where necessary to protect the rights, property, safety, security, or integrity of SUPERFOLIO, Users, Viewers, the public, or third parties.

11. Portfolio Owners’ Privacy Responsibilities

Portfolio Owners are solely responsible for:

  • ensuring they have a lawful basis to collect, publish, display, transmit, or otherwise process personal information;
  • obtaining all necessary consents;
  • providing their own privacy notices where required;
  • obtaining permission to display client names, customer names, logos, screenshots, testimonials, reviews, case studies, and other third-party materials;
  • complying with marketing, consumer-protection, endorsement, privacy, data-protection, and communications laws;
  • responding to rights requests from their own Viewers, customers, prospects, reviewers, and clients where legally required;
  • ensuring external embeds and Third-Party Services are lawful and properly disclosed;
  • securing webhook endpoints, API keys, integrations, exports, and downloaded data;
  • and ensuring that information they submit to SUPERFOLIO is accurate, lawful, non-infringing, and authorized.

SUPERFOLIO does not assume responsibility for a Portfolio Owner’s compliance with privacy, data-protection, consumer-protection, marketing, advertising, testimonial, employment, professional, or industry-specific laws.

12. Viewer and Reviewer Notice

If you are a Viewer, reviewer, prospect, customer, or other person interacting with a Portfolio, you should understand that:

  • the Portfolio Owner may receive information you submit or generate through your interaction;
  • information you submit may be used by the Portfolio Owner outside SUPERFOLIO;
  • reviews, testimonials, ratings, and feedback may be displayed publicly if published by the Portfolio Owner;
  • external embeds may collect information directly from you;
  • SUPERFOLIO does not control the privacy practices of Portfolio Owners;
  • SUPERFOLIO does not guarantee the truthfulness, legality, reliability, quality, or safety of any Portfolio Owner;
  • and you should conduct your own diligence before sharing information, making purchases, hiring, contracting, paying, or otherwise engaging with any Portfolio Owner.

13. Optional Identity Verification and Biometric Information

SUPERFOLIO may make identity-verification features available on an optional basis.

Identity verification may involve the collection and processing of government-issued identification documents, selfie images, facial images, liveness signals, face-match signals, fraud-risk signals, device information, and related information by SUPERFOLIO and/or external verification providers.

To the extent a verification workflow involves biometric identifiers or biometric information, such information may be used for purposes including:

  • verifying that the person completing the workflow is a real person;
  • comparing a live or submitted image to an identification document;
  • performing passive or active liveness checks;
  • preventing fraud;
  • securing Accounts;
  • determining whether to display a Verification Badge;
  • investigating misuse;
  • complying with law;
  • and maintaining audit, security, and fraud-prevention records.

SUPERFOLIO does not sell, lease, trade, or otherwise intentionally profit from biometric identifiers or biometric information.

To the extent SUPERFOLIO possesses biometric identifiers or biometric information, SUPERFOLIO will use reasonable safeguards designed to protect such information and will retain it only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law, legal process, fraud-prevention needs, dispute-resolution needs, security needs, or contractual obligations.

Where applicable law requires a specific written biometric consent, release, retention schedule, or destruction policy, the verification workflow may include additional disclosures and consent mechanisms. You should not begin optional verification unless you understand and agree to the applicable verification disclosures.

If you withdraw from, fail, abandon, or do not complete identity verification, SUPERFOLIO may decline to display a Verification Badge.

If you request deletion of verification information, SUPERFOLIO may remove or suspend any associated Verification Badge and may retain limited records where necessary for fraud prevention, security, legal compliance, dispute resolution, abuse prevention, or audit purposes.

External verification providers may have their own retention, deletion, and security practices. SUPERFOLIO is not responsible for independent processing by such providers except to the extent required by applicable law or contract.

14. Verification Badge Privacy Notice

A Verification Badge is a limited platform signal. It is not a general trust score, creditworthiness score, background check, criminal-record check, business-verification certificate, license-verification certificate, project-verification certificate, customer-verification certificate, review-verification certificate, financial-verification certificate, or guarantee of any person’s integrity, competence, reliability, legality, safety, or future conduct.

SUPERFOLIO may grant, deny, withhold, revoke, suspend, remove, modify, or refuse to display a Verification Badge at any time, with or without notice, for any reason or no reason, including suspected fraud, verification error, technical issue, user request, legal risk, vendor result, platform integrity, or security concern.

15. Data Retention

SUPERFOLIO retains information for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may vary depending on:

  • Account status;
  • subscription status;
  • type of information;
  • public or private nature of Content;
  • legal requirements;
  • tax and accounting requirements;
  • payment records;
  • security needs;
  • fraud-prevention needs;
  • backup cycles;
  • dispute-resolution needs;
  • support needs;
  • audit needs;
  • contractual obligations;
  • and operational requirements.

Examples include:

  • Account information may be retained while your Account is active and for a reasonable period thereafter.
  • Billing and transaction records may be retained as needed for tax, accounting, chargeback, fraud-prevention, and legal purposes.
  • Public Portfolio Content may remain available until removed by the Portfolio Owner or SUPERFOLIO, subject to backups, caches, search engines, third-party copies, logs, and legal retention.
  • Logs and security records may be retained for fraud prevention, abuse detection, security, debugging, and legal purposes.
  • Verification records may be retained as needed for badge administration, fraud prevention, legal compliance, security, dispute resolution, and vendor audit purposes.
  • Form submissions, reviews, testimonials, and Viewer interactions may be retained according to Account settings, Portfolio Owner instructions, operational needs, and legal requirements.

Deletion of information from active systems may not immediately delete copies from backups, logs, archives, legal holds, third-party systems, search engines, browser caches, external embeds, webhook recipients, Portfolio Owner exports, or systems outside SUPERFOLIO’s control.

16. Data Security

SUPERFOLIO uses reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure.

However, no website, application, network, database, cloud service, transmission, storage system, authentication system, identity-verification system, analytics system, payment system, webhook, API, or integration can be guaranteed to be completely secure.

You are responsible for securing your Account credentials, devices, API keys, webhook secrets, integrations, exports, connected services, and team-member access.

You must promptly notify SUPERFOLIO if you believe your Account, credentials, API keys, webhook endpoints, integrations, or information have been compromised.

17. International Processing and Transfers

SUPERFOLIO is operated from the United States. Your information may be processed in the United States and in other countries where SUPERFOLIO, its service providers, infrastructure providers, payment processors, verification providers, or other partners operate.

These countries may have data-protection laws that differ from those in your jurisdiction.

Where required by applicable law, SUPERFOLIO will use appropriate safeguards for international transfers, such as contractual protections, standard contractual clauses, data-processing agreements, or other legally recognized mechanisms.

SUPERFOLIO does not represent that the Service is appropriate, available, or compliant in every jurisdiction.

18. Children’s Privacy

SUPERFOLIO is not directed to children under thirteen years of age and is not intended for use by children.

SUPERFOLIO’s Terms and Conditions require Users to be at least eighteen years of age unless otherwise expressly permitted by SUPERFOLIO in writing.

We do not knowingly collect personal information from children under thirteen. If you believe that a child under thirteen has provided personal information to SUPERFOLIO, contact us at support@superfolio.app.

If we become aware that we have collected personal information from a child under thirteen in a manner requiring deletion, we will take reasonable steps to delete such information, subject to applicable law and technical limitations.

19. Your Choices

Depending on your location, relationship with SUPERFOLIO, Account settings, and applicable law, you may have choices regarding your information.

19.1 Account Information

You may be able to access, correct, update, export, or delete certain Account information through your Account settings.

19.2 Portfolio Content

Portfolio Owners may be able to edit, unpublish, delete, or modify Portfolio Content through their dashboard, subject to plan limitations, technical limitations, legal retention, backups, caches, logs, and third-party copies.

19.3 Marketing Communications

You may opt out of non-transactional marketing emails by using the unsubscribe link in the email or by contacting us.

19.4 Cookies

You may control some cookies through browser settings, device settings, cookie banners, privacy controls, or other tools.

19.5 Integrations

You may be able to disconnect integrations through your Account settings or through the applicable Third-Party Service.

Disconnecting an integration may not delete information already transmitted to or from that Third-Party Service.

19.6 Verification

You may choose not to complete optional identity verification. If you do not complete verification, SUPERFOLIO may decline to display a Verification Badge.

You may request deletion of verification information, subject to legal, security, fraud-prevention, dispute-resolution, and technical limitations. Deletion may result in removal of any associated Verification Badge.

20. Privacy Rights

Depending on your jurisdiction and applicable law, you may have the right to:

  • request access to personal information;
  • request correction of inaccurate personal information;
  • request deletion of personal information;
  • request portability of personal information;
  • request restriction of processing;
  • object to processing;
  • withdraw consent;
  • opt out of sale, sharing, targeted advertising, or certain profiling;
  • limit the use or disclosure of sensitive personal information;
  • appeal a denied privacy request;
  • file a complaint with a regulator;
  • and not be discriminated against for exercising privacy rights.

These rights may be subject to exceptions, limitations, verification requirements, legal obligations, technical limitations, and the rights of other persons.

To exercise privacy rights, contact support@superfolio.app with the subject line “Privacy Request.”

We may need to verify your identity before responding to a request. Verification may require information sufficient to confirm that you are the person about whom we collected information or that you are authorized to act on that person’s behalf.

If you are making a request relating to information controlled by a Portfolio Owner, we may direct you to the relevant Portfolio Owner or process the request in accordance with the Portfolio Owner’s instructions.

21. Authorized Agents

Where permitted by law, you may designate an authorized agent to submit a privacy request on your behalf.

We may require the agent to provide proof of authorization. We may also require you to verify your identity directly with us unless prohibited by law.

SUPERFOLIO may deny requests from agents who fail to provide adequate proof of authorization.

22. U.S. State Privacy Notice

This section applies where U.S. state privacy laws require additional disclosures.

The categories of personal information SUPERFOLIO may collect, the purposes for which SUPERFOLIO may use such information, and the categories of recipients to whom such information may be disclosed are described below.

CategoryExamplesPurposesCategories of Recipients
IdentifiersName, email address, username, Account ID, IP address, billing address, device identifiersAccount creation, authentication, billing, support, security, communications, analytics, legal complianceService providers, payment processors, verification providers, Portfolio Owners where applicable, legal recipients
Account and customer recordsBilling information, subscription records, support history, transaction IDs, payment metadataBilling, tax, accounting, support, dispute resolution, fraud preventionPayment processors, service providers, tax/accounting providers, legal recipients
Commercial informationPlan type, subscription history, purchases, payment status, invoices, usage limitsSubscription administration, billing, analytics, customer supportPayment processors, service providers, internal personnel, legal recipients
Internet or network activityIP address, browser type, device type, pages viewed, clicks, timestamps, referring pages, session events, Portfolio activityService operation, analytics, tracking links, security, fraud prevention, debugging, feature improvementService providers, analytics providers, Portfolio Owners where applicable, security providers
Approximate geolocationApproximate location inferred from IP addressSecurity, analytics, fraud prevention, localization, complianceService providers, analytics providers, security providers
Professional or business informationBusiness name, title, services, portfolio information, work history, case studies, project informationPortfolio hosting, public display, Account operation, user-selected publicationPublic Viewers where published, service providers, search engines, Portfolio Owner-selected recipients
Audio, electronic, visual, or similar informationProfile photos, display pictures, images, videos, screenshots, support attachments, selfie or ID images in verification workflowsPortfolio hosting, support, verification, security, public display where publishedPublic Viewers where published, service providers, verification providers, legal recipients
Sensitive personal informationAccount credentials, government ID information, verification images, facial/liveness data where applicable, precise data submitted voluntarily by UsersAuthentication, security, optional verification, fraud prevention, legal compliance, service provisionVerification providers, security providers, service providers, legal recipients
Inferences and analyticsActivity signals, engagement indicators, portfolio-performance signals, fraud-risk signals, verification-status signalsAnalytics, security, fraud prevention, feature improvement, badge administrationService providers, Portfolio Owners where applicable, verification providers where applicable
User ContentPortfolio Content, reviews, testimonials, form submissions, logos, case studies, messages, embedsHosting, publishing, processing, transmitting, displaying, supporting user-selected functionalityPublic Viewers where published, Portfolio Owners, service providers, third-party integrations selected by Users

SUPERFOLIO may have collected the above categories during the preceding twelve months, depending on your interaction with the Service.

SUPERFOLIO may disclose each category of information for business or commercial purposes described in this Privacy Policy.

SUPERFOLIO does not intend to sell personal information for money. If SUPERFOLIO’s use of analytics, cookies, advertising technologies, embedded content, or similar technologies is considered a “sale,” “sharing,” or targeted advertising under applicable law, you may exercise applicable opt-out rights.

SUPERFOLIO does not knowingly sell or share personal information of children under sixteen.

SUPERFOLIO uses sensitive personal information only for purposes reasonably necessary to provide the Service, secure the Service, verify identity where requested, prevent fraud, comply with law, or as otherwise permitted by applicable law.

23. California Privacy Notice

This section applies to California residents to the extent the California Consumer Privacy Act, as amended, applies to SUPERFOLIO.

California residents may have the right to:

  • know what personal information we collect, use, disclose, sell, or share;
  • access personal information;
  • delete personal information;
  • correct inaccurate personal information;
  • opt out of sale or sharing of personal information;
  • limit the use or disclosure of sensitive personal information where applicable;
  • and not be discriminated against for exercising CCPA rights.

To exercise California privacy rights, contact support@superfolio.app with the subject line “California Privacy Request.”

If SUPERFOLIO makes a “Do Not Sell or Share My Personal Information,” “Privacy Choices,” or similar link available, California residents may use that link to exercise applicable opt-out rights.

We will verify requests as required or permitted by law. We may deny requests where an exception applies, including where information is needed to provide the Service, complete transactions, detect security incidents, prevent fraud, comply with law, exercise legal rights, or protect the rights of others.

24. EEA, UK, and Similar International Privacy Rights

If you are located in the European Economic Area, United Kingdom, Switzerland, or another jurisdiction with similar data-protection laws, you may have rights subject to applicable law, including rights to:

  • access your personal data;
  • correct inaccurate personal data;
  • erase personal data;
  • restrict processing;
  • object to processing;
  • receive data portability;
  • withdraw consent;
  • lodge a complaint with a supervisory authority;
  • and object to certain automated decision-making or profiling.

SUPERFOLIO does not use personal information to make decisions that produce legal or similarly significant effects about Viewers by solely automated means. Optional verification workflows may involve automated or third-party-assisted checks for limited verification, badge, fraud-prevention, security, or account-integrity purposes.

Where SUPERFOLIO processes information on behalf of a Portfolio Owner, the Portfolio Owner may be the appropriate party to respond to certain privacy requests.

25. Data Processing Agreements

If you are a Portfolio Owner and applicable law requires a data-processing agreement, data-protection addendum, standard contractual clauses, or similar agreement, contact support@superfolio.app.

SUPERFOLIO is not obligated to enter into custom data-processing terms unless expressly agreed in writing.

26. Third-Party Services

SUPERFOLIO may allow Users to embed, connect, use, or display Third-Party Services. Third-Party Services may collect information directly from Users or Viewers.

Third-Party Services may include:

  • calendar tools;
  • booking tools;
  • payment tools;
  • video platforms;
  • analytics tools;
  • form tools;
  • customer relationship management tools;
  • automation tools;
  • review tools;
  • identity-verification providers;
  • cloud providers;
  • email providers;
  • support tools;
  • API services;
  • webhook endpoints;
  • and other external services.

SUPERFOLIO is not responsible for Third-Party Services’ privacy policies, security practices, cookie practices, data-processing practices, content, availability, or legal compliance.

Your use of Third-Party Services is governed by the applicable third party’s terms and privacy policies.

27. Webhooks, APIs, Exports, and External Destinations

SUPERFOLIO may allow Users to transmit information through APIs, webhooks, exports, embeds, or integrations.

Once information is transmitted to a webhook endpoint, API recipient, export file, integration, third-party account, or external system selected or controlled by a User, SUPERFOLIO may no longer control that information.

Users are solely responsible for securing external systems, endpoints, tokens, secrets, API keys, downloaded files, exported records, and third-party accounts.

Users must not configure APIs, webhooks, integrations, or exports in a way that violates privacy law, data-protection law, confidentiality obligations, contractual obligations, or third-party rights.

28. Abuse Reports and Privacy Complaints

If you believe a Portfolio, User, review, testimonial, form, embed, or other Content violates your privacy rights, exposes personal information unlawfully, infringes rights, or violates SUPERFOLIO policies, you may contact support@superfolio.app.

SUPERFOLIO may review, remove, restrict, suspend, preserve, or disclose Content as described in the Terms and Conditions and this Privacy Policy.

SUPERFOLIO does not guarantee that any report will result in removal or action.

29. Copyright, Publicity, and Third-Party Content

Users must not upload, publish, display, or submit personal information, images, names, likenesses, logos, testimonials, screenshots, case studies, communications, or other third-party materials unless they have all necessary rights, permissions, consents, releases, and lawful bases.

SUPERFOLIO may remove or restrict Content in response to privacy, publicity-right, copyright, trademark, confidentiality, or other legal complaints.

SUPERFOLIO does not independently verify that User Content has been authorized by the persons or entities referenced in that Content.

30. Automated Tools, Crawlers, Search Engines, and Archiving

Public Portfolios and public Content may be accessible to search engines, crawlers, bots, browsers, social platforms, artificial intelligence systems, archival tools, and other automated technologies.

SUPERFOLIO may use technical settings to influence indexing or crawling, but SUPERFOLIO does not guarantee that public Content will not be indexed, archived, copied, cached, or used by third parties.

Removing Content from SUPERFOLIO may not remove copies from third-party systems.

31. Changes to This Privacy Policy

SUPERFOLIO may update this Privacy Policy at any time.

When we update this Privacy Policy, we may change the “Last Updated” date above. Updated versions become effective when posted unless a later effective date is specified.

Your continued use of SUPERFOLIO after an updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy.

If a change materially affects your rights or our processing of personal information, we may provide additional notice where required by law.

32. Contact Information

For privacy requests, support requests, legal notices, abuse reports, verification-related privacy requests, and questions about this Privacy Policy, contact:

SUPERFOLIO Privacy Requests
Email: support@superfolio.app
Mail: 30 N Gould St Ste N, Sheridan, WY 82801, United States

33. Relationship to Terms and Conditions

This Privacy Policy is part of the SUPERFOLIO Terms and Conditions.

To the maximum extent permitted by law, your use of SUPERFOLIO is subject to the disclaimers, limitations of liability, indemnification obligations, arbitration provisions, class-action waiver, governing-law provision, and other terms set forth in the Terms and Conditions.

If there is a conflict between this Privacy Policy and the Terms and Conditions regarding how SUPERFOLIO processes personal information, this Privacy Policy will control solely with respect to that conflict. All other provisions of the Terms and Conditions remain fully effective.