Last updated: June 01, 2021
Interpretation and Definitions
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Account means a unique account created for You to access our Service or parts of our Service.
Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Application means the software program provided by the Company downloaded by You on any electronic device, named Super Agent
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Super Agent, Inc., 651 N Broad St Suite 206.
Country refers to: Delaware, United States
Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
Service refers to the Application.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Collecting and Using Your Personal Data
Types of Data Collected
Super Agent collects the following data through AWS Kinesis Firehose, a data streaming service:
A unique and random ID with the only purpose of counting active users at any given time.
Super Agent also uses AWS Cognito for authentication/authorization purposes. Cognito uses SSRP for secure authentication, so no passwords are ever sent to our servers.
Cognito does not collect any data - it gives you temporary credentials so you can access other AWS services. This ID is always the same if you are logged in, and can occasionally change if you are not logged in. We do not store any data from Cognito. If you are logged in, we store only your e-mail address which we need to send you confirmation codes and codes to reset your password.
All of your other data is stored in AWS DynamoDB, fully encrypted at rest. This data includes:
Your Cookie Preferences
Your usage metrics include the number of websites Super Agent worked on, how many clicks it saved you and an estimate of how much time Super Agent has saved you.
We do not use this data in any way other than to aggregate it so we have global usage metrics.
In case you enable your Consent Trail, Super Agent locally generates an encryption key randomly, together with an Initialization Vector (IV) and a salt.
We store the IV and salt, and we store an encrypted version of your encryption key, which only you can decrypt with your password.
We use PBKDF2, an industry standard, with 100 000 iterations, to derive a key from your password. All of our encryption uses AES256-GCM.
If you enable your Consent Trail, you have access to a log of websites where Super Agent worked along with what actions it took in the specific website.
This data is stored in our servers encrypted end 2 end using your encryption material. This means we cannot decrypt it and can never know what websites you have visited.
Our model is similar to what industry standard Password Managers use to ensure your privacy is protected.
Data we do not collect
We never collect information on what websites you visit. Instead, the extension has a set of rules locally that it uses on websites and it never sends website information to our servers.
We do not store IP Addresses or other information that can be tied back to you directly.
Retention of Your Personal Data
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Disclosure of Your Personal Data
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.
Links to Other Websites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.