Privacy Policy

Updated on 11th January, 2026..

INTRODUCTION

Superstellar Media Labs Private Limited ("Company", "we", "us", or "our") is committed to protecting your privacy and Personal Data. This Privacy Policy explains how we collect, use, disclose, store, and protect your Personal Data when you access or use our platforms superteams.ai and nextneural.superteams.ai (collectively, the "Platform" or "Services").

This Privacy Policy is issued in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Digital Personal Data Protection Rules, 2025 ("DPDP Rules"), along with other applicable laws of India, including the Information Technology Act, 2000.

By using our Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your Personal Data as described in this Privacy Policy.

IMPORTANT: This Privacy Policy is available in all 22 languages specified in the Eighth Schedule of the Constitution of India. You may access translations through our website or by contacting us at the details provided below.

1. KEY DEFINITIONS

For the purposes of this Privacy Policy, the following terms shall have the meanings assigned to them:

1.1. "Data Fiduciary" means the Company, as we determine the purpose and means of processing your Personal Data.

1.2. "Data Principal" means you, the individual to whom the Personal Data relates.

1.3. "Data Processor" means any person who processes Personal Data on behalf of a Data Fiduciary.

1.4. "Personal Data" means any data about an individual who is identifiable by or in relation to such data, including name, email address, phone number, identification documents, and other information that can identify you.

1.5. "Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure by transmission, dissemination, erasure, or destruction.

1.6. "Sensitive Personal Data" includes financial information, health data, biometric data, genetic data, transgender status, caste or tribe, religious or political belief, or any other category of data notified by the Government.

1.7. "Consent" means a free, specific, informed, unconditional, and unambiguous indication of your wishes by which you signify agreement to the Processing of your Personal Data.

2. DATA FIDUCIARY INFORMATION

2.1. The Company acts as a Data Fiduciary under the DPDP Act in relation to the Personal Data collected and processed through the Platform.

2.2. Our contact details for data protection matters:

Data Protection Officer/Contact:
Email: support@superteams.ai
Postal Address: 55 Lane 2 Saidullajab Westend Marg, Saket, Delhi 110030, India

2.3. For general inquiries: legal@superteams.ai

3. PERSONAL DATA WE COLLECT

3.1. We collect Personal Data that you provide directly to us and data that is automatically collected when you use our Services. The categories of Personal Data we collect include:

3.2. Information You Provide to Us

  • Account Registration Information: Name, email address, phone number, password, organization name, job title, business address
  • Profile Information: Professional details, preferences, settings, profile photo
  • Payment Information: Billing address, payment method details (processed by third-party payment processors), GST identification number, PAN (if applicable)
  • Communication Data: Information you provide when you contact us, including support requests, feedback, inquiries, and correspondence
  • User Content: Data, files, code, documents, and other content you upload, submit, or create using our Services
  • Survey and Research Data: Responses to surveys, questionnaires, or research studies you choose to participate in

3.3. Information Collected Automatically

  • Usage Information: Details about how you use our Services, including features accessed, actions taken, time and frequency of use, interaction with content
  • Device Information: Device type, operating system, browser type and version, unique device identifiers, mobile network information
  • Log Data: IP address, access times, pages viewed, links clicked, the page you visited before navigating to our Services
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies (see Section 11)
  • Location Data: General geographic location based on IP address (we do not collect precise GPS location)

3.4. Information from Third Parties

We may receive Personal Data about you from third parties, including:

  • Authentication services (Google, LinkedIn, Microsoft) if you choose to sign in through these services
  • Business partners and affiliates who refer you to our Services
  • Third-party integrations you connect to our Platform
  • Publicly available sources and data providers for business verification purposes
  • Analytics and service providers who help us understand Platform usage

3.5. Sensitive Personal Data

3.5.1. We generally do not collect Sensitive Personal Data as defined under the DPDP Act. However, in limited circumstances, we may process:

  • Financial information (bank account details, payment card information) for billing purposes - processed securely through compliant payment processors
  • Any Sensitive Personal Data you voluntarily include in User Content

3.5.2. Where we collect Sensitive Personal Data, we will obtain your explicit consent and implement additional security measures as required by law.

3.5.3. We do not knowingly collect Personal Data from children (individuals under 18 years of age) without verifiable parental consent. Our Services are not directed to children. If you believe we have collected data from a child, please contact us immediately.

4. HOW WE USE YOUR PERSONAL DATA

4.1. We process your Personal Data for specific, explicit, and legitimate purposes. The lawful bases for processing under the DPDP Act include your consent, contract performance, legal obligations, and legitimate business interests.

4.2. We use your Personal Data for the following purposes:

4.2.1. Service Provision: To provide, maintain, and improve our AI and ML Services; to process your requests; to manage your account and authenticate your access

4.2.2. Platform Functionality: To enable features such as team collaboration, project management, API access, and integration with third-party services

4.2.3. Payment Processing: To process payments, manage subscriptions (service retainer model), calculate usage-based charges (pay-per-use model), issue invoices, and handle billing inquiries

4.2.4. Communication: To send you service-related notifications, updates, security alerts, support messages, and respond to your inquiries

4.2.5. Customer Support: To provide technical support, troubleshoot issues, and respond to your requests

4.2.6. Personalization: To customize your experience, provide relevant content, and make recommendations based on your usage patterns

4.2.7. Analytics and Improvement: To analyze Platform usage, understand user behavior, identify trends, improve our Services, develop new features, and enhance user experience

4.2.8. Security and Fraud Prevention: To protect against, identify, and prevent fraud, unauthorized access, and other illegal activities; to ensure Platform security and integrity

4.2.9. Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests; to enforce our Terms of Service and other agreements

4.2.10. Business Operations: To conduct internal business operations, audits, data analysis, and research; to manage corporate transactions (mergers, acquisitions)

4.2.11. Marketing (with consent): To send you promotional materials, newsletters, and information about new features (you may opt out at any time)

4.2.12. AI Model Training: To train, test, and improve our AI and ML models using anonymized and aggregated data

4.3. We process your Personal Data only to the extent necessary for the purposes specified and in a manner compatible with those purposes.

4.4. Where we rely on your consent as the legal basis for processing, you have the right to withdraw consent at any time by contacting us or adjusting your account settings.

5. LEGAL BASIS FOR PROCESSING

5.1. Under the DPDP Act, we process your Personal Data based on the following legal grounds:

5.1. Consent: You have given clear consent for us to process your Personal Data for specific purposes (e.g., marketing communications, certain third-party integrations)

5.2. Contract Performance: Processing is necessary to perform our contract with you (i.e., to provide the Services you have signed up for)

5.3. Legal Obligation: Processing is necessary to comply with our legal obligations under Indian law (e.g., tax compliance, responding to law enforcement requests)

5.4. Legitimate Interests: Processing is necessary for our legitimate business interests, provided such interests do not override your rights (e.g., fraud prevention, service improvement, security)

5.2. Where we process Personal Data based on legitimate interests, we have conducted a balancing test to ensure that your rights and freedoms are not overridden by our interests.

6. HOW WE SHARE YOUR PERSONAL DATA

6.1. We do not sell your Personal Data to third parties. We may share your Personal Data with the following categories of recipients:

6.1. Service Providers and Data Processors: Third-party vendors who provide services on our behalf, including cloud hosting, payment processing, analytics, customer support, email services, and security services. These providers are contractually obligated to protect your data and use it only for specified purposes.

6.2. Third-Party Integrations: When you choose to integrate third-party services (e.g., productivity tools, communication platforms) with our Platform, we share necessary data to enable the integration. Such sharing requires your explicit consent.

6.3. Business Partners: Companies we partner with to offer joint services or promotions, with your consent.

6.4. Corporate Transactions: In connection with or during negotiations of any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. We will notify you of any such transaction.

6.5. Legal and Regulatory Authorities: When required by law, legal process, litigation, or requests from government authorities; to enforce our Terms of Service or other agreements; to protect our rights, property, or safety, or that of others; to prevent fraud or security threats.

6.6. With Your Consent: We may share Personal Data with other parties when you specifically consent to such sharing.

6.7. Aggregated and Anonymized Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for any purpose.

6.2. All third parties with whom we share Personal Data are required to maintain appropriate security measures and use the data only for the purposes for which it was shared.

6.3. We enter into data processing agreements with Data Processors to ensure compliance with the DPDP Act and to protect your Personal Data.

7. INTERNATIONAL DATA TRANSFERS

7.1. Your Personal Data is primarily stored and processed within India. However, in certain circumstances, we may transfer your Personal Data outside India to:

  • Cloud service providers with data centers in other countries
  • Third-party service providers located outside India
  • Business partners or affiliates in other jurisdictions

7.2. When we transfer Personal Data outside India, we ensure that:

  • The recipient country is notified by the Central Government as providing an adequate level of protection
  • We have implemented appropriate safeguards such as Standard Contractual Clauses or binding corporate rules
  • The transfer is necessary for the performance of our contract with you
  • You have explicitly consented to the transfer after being informed of possible risks

7.3. We take all reasonable steps to ensure that your Personal Data remains protected in accordance with this Privacy Policy and applicable laws when transferred internationally.

8. DATA SECURITY

8.1. We implement and maintain appropriate technical and organizational security measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction.

8.2. Our security measures include:

  • Encryption of data in transit using industry-standard TLS/SSL protocols
  • Encryption of sensitive data at rest
  • Multi-factor authentication for account access
  • Access controls and role-based permissions to limit data access
  • Regular security assessments, vulnerability testing, and penetration testing
  • Security monitoring and intrusion detection systems
  • Employee training on data protection and security best practices
  • Incident response procedures and data breach protocols
  • Regular backups and disaster recovery procedures
  • Physical security measures for servers and infrastructure
  • Vendor security assessments for third-party service providers
  • Compliance with ISO 27001 and other security standards

8.3. While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your Personal Data.

8.4. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately if you suspect any unauthorized access to your account.

8.5. We conduct regular reviews and updates of our security practices to address evolving threats and maintain compliance with security standards.

9. DATA BREACH NOTIFICATION

9.1. In accordance with the DPDP Rules, 2025, if we become aware of a data breach that is likely to cause harm to Data Principals, we will:

  • Notify the Data Protection Board of India within 72 hours of becoming aware of the breach
  • Notify affected Data Principals (you) as soon as reasonably possible

9.2. Our breach notification to you will include:

  • Description of the nature and extent of the data breach
  • Categories and approximate number of affected Data Principals
  • Categories and approximate number of Personal Data records concerned
  • Timing and location of the breach occurrence
  • Likely consequences of the breach
  • Measures taken or proposed to mitigate potential harm
  • Contact information for further inquiries and assistance
  • Guidance on steps you can take to protect yourself

9.3. We maintain an incident response plan and have procedures in place to promptly contain, investigate, and remediate any data breach.

9.4. We will cooperate fully with the Data Protection Board and other authorities in investigating and responding to any data breach.

10. DATA RETENTION

10.1. We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

10.2. Specific retention periods:

10.2.1. Account Data: Retained for the duration of your active account, plus 90 days after account closure (unless longer retention is required by law)

10.2.2. Payment and Billing Data: Retained for 7 years to comply with tax and accounting regulations

10.2.3. Usage and Log Data: Retained for up to 2 years for security, analytics, and service improvement purposes

10.2.4. Support Communications: Retained for 3 years for quality assurance and dispute resolution

10.2.5. Marketing Communications: Retained until you withdraw consent or opt out, plus 90 days

10.2.6. Legal and Compliance Data: Retained for the period required by applicable laws or until the conclusion of legal proceedings

10.3. After the retention period expires, we will securely delete, destroy, or anonymize your Personal Data in accordance with applicable laws and our data retention policy.

10.4. Anonymized or aggregated data that cannot be used to identify you may be retained indefinitely for analytics, research, and service improvement purposes.

10.5. If you request deletion of your Personal Data (see Section 11), we will delete it within the timeframes specified by the DPDP Act, subject to legal retention requirements.

11. YOUR RIGHTS AS A DATA PRINCIPAL

11.1. Under the DPDP Act, 2023, you have the following rights with respect to your Personal Data:

11.1.1. Right to Access (Section 11(1)): You have the right to obtain from us:
 • Confirmation of whether we are processing your Personal Data
 • A summary of Personal Data being processed and processing activities
 • Identity of Data Processors and third parties with whom data has been shared
 • Any other information related to your Personal Data as prescribed

11.1.2. Right to Correction (Section 11(2)): You have the right to correct, complete, update, or amend your Personal Data if it is inaccurate, incomplete, misleading, or outdated. We will take reasonable steps to update the information.

11.1.3. Right to Erasure/Right to be Forgotten (Section 11(3)): You have the right to request erasure of your Personal Data when:
 • Consent is withdrawn and there is no other legal basis for processing
 • Personal Data is no longer necessary for the purposes for which it was collected
 • However, we may retain data if required by law or for legitimate purposes

11.1.4. Right to Grievance Redressal (Section 11(4)): You have the right to a readily available means of grievance redressal. You may contact our Data Protection Officer at privacy@superteams.ai

11.1.5. Right to Nominate (Section 11(5)): You have the right to nominate another individual who may exercise your rights in the event of your death or incapacity. You can set this up through your account settings or by contacting us.

11.1.6. Right to Withdraw Consent (Section 11(6)): Where processing is based on your consent, you have the right to withdraw such consent at any time. Withdrawal will not affect the lawfulness of processing based on consent before withdrawal.

11.1.7. Right to Complain to Data Protection Board: You have the right to file a complaint with the Data Protection Board of India if you believe your rights have been violated or if you are dissatisfied with our response to your request.

11.2. How to Exercise Your Rights:

11.2.1. To exercise any of your rights, you may:

  • Access your account settings on the Platform to view and update certain information
  • Submit a request via email to privacy@superteams.ai with subject line "Data Principal Rights Request"
  • Write to us at our registered address provided in Section 2
  • Use the dedicated data rights portal on our website (if available)

11.2.2. When submitting a request, please provide:

  • Your full name and email address associated with your account
  • Clear description of the request and the right you wish to exercise
  • Any relevant details to help us locate your Personal Data
  • Proof of identity (to prevent unauthorized disclosure)

11.3. Response Timeframe:

11.3.1. We will acknowledge your request within 7 days of receipt.

11.3.2. We will respond to your request within the timeframe prescribed under the DPDP Rules (generally within 30 days, extendable in complex cases).

11.3.3. If we need additional time, we will inform you of the reason and the extended timeframe.

11.4. We do not charge a fee for processing Data Principal rights requests, unless the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse to act on the request.

11.5. We may ask for additional information to verify your identity before processing your request, to ensure Personal Data is not disclosed to unauthorized parties.

11.6. If we refuse your request, we will provide reasons for the refusal and inform you of your right to complain to the Data Protection Board.

12. COOKIES AND TRACKING TECHNOLOGIES

12.1. We use cookies and similar tracking technologies to collect and track information about your use of our Platform and to improve your experience.

12.2. Types of cookies we use:

12.2.1. Essential/Strictly Necessary Cookies: Required for the Platform to function properly. These cannot be disabled and do not require consent.

12.2.2. Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.

12.2.3. Analytics/Performance Cookies: Help us understand how visitors interact with the Platform, which pages are visited most, and how users navigate. We use services like Google Analytics.

12.2.4. Advertising/Targeting Cookies: Used to deliver relevant advertisements and track advertising campaign effectiveness (only with your consent).

12.3. Other tracking technologies we use:

  • Web beacons/pixels to track email opens and clicks
  • Local storage objects for storing preferences
  • Session storage for temporary data during your session
  • SDKs and APIs from third-party services

12.4. Managing Cookies:

  • You can control cookie settings through our cookie consent banner when you first visit the Platform
  • You can modify your browser settings to refuse cookies or alert you when cookies are being sent
  • You can delete cookies already stored on your device
  • Note that disabling cookies may affect Platform functionality
  • To opt out of Google Analytics, visit: https://tools.google.com/dlpage/gaoptout

12.5. For detailed information about specific cookies we use, including names, purposes, and expiration periods, please visit our Cookie Policy page on the Platform or contact us.

13. THIRD-PARTY LINKS AND SERVICES

13.1. Our Platform may contain links to third-party websites, applications, or services that are not operated or controlled by us.

13.2. We are not responsible for the privacy practices or content of third-party websites or services. This Privacy Policy does not apply to third-party sites.

13.3. Before providing Personal Data to third-party sites or services, we encourage you to review their privacy policies and terms of service.

13.4. When you integrate third-party services with our Platform:

  • We will inform you about what data will be shared
  • We will obtain your explicit consent before sharing
  • The third party's privacy policy will govern their use of your data
  • You can revoke access through your account settings at any time

13.5. We select third-party service providers carefully and require them to maintain appropriate data protection standards, but we cannot control their data practices.

14. MARKETING COMMUNICATIONS

14.1. With your consent, we may send you marketing communications about our Services, new features, promotions, newsletters, and other information we think may interest you.

14.2. You have the right to opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Adjusting your communication preferences in your account settings
  • Contacting us at support@superteams.ai with your opt-out request

14.3. Even if you opt out of marketing communications, we may still send you non-promotional messages related to your account, transactions, and our Services (e.g., security alerts, service updates, billing notifications).

14.4. We do not sell or rent your Personal Data to third parties for their marketing purposes.

15. CHILDREN'S PRIVACY

15.1. Our Services are not intended for use by children under the age of 18 years.

15.2. We do not knowingly collect Personal Data from children under 18 without verifiable parental or guardian consent, as required by the DPDP Act.

15.3. If you are a parent or guardian and believe that your child under 18 has provided us with Personal Data without your consent, please contact us immediately at support@superteams.ai.

15.4. Upon verification, we will promptly delete such information from our systems, unless we are required by law to retain it.

15.5. If we discover that we have inadvertently collected Personal Data from a child under 18 without proper consent, we will take steps to delete such information as soon as possible.

16. RETROSPECTIVE DATA NOTICE (DPDP COMPLIANCE)

16.1. In accordance with the DPDP Rules, 2025, we provide this notice regarding Personal Data that was collected and processed before the effective date of the DPDP Act and Rules.

16.2. If you were an existing user before the DPDP Act came into effect:

  • This Privacy Policy serves as a retrospective notice for Personal Data previously collected
  • We have reviewed our historical data processing activities to ensure DPDP compliance
  • Your Personal Data collected prior to the Act is now subject to the protections and rights under the DPDP Act
  • You may exercise your Data Principal rights (Section 11) with respect to all Personal Data we hold, regardless of when it was collected
  • If you do not wish us to continue processing your historical Personal Data, you may exercise your right to erasure

16.3. We have obtained or will obtain necessary consents for continuing to process Personal Data collected before the Act, where required.

17. DATA PROTECTION BOARD OF INDIA

17.1. If you have concerns about our data protection practices or believe your rights under the DPDP Act have been violated, you have the right to file a complaint with the Data Protection Board of India.

17.2. We encourage you to contact us first so we can address your concerns. However, you may file a complaint with the Board at any time.

17.3. Information about the Data Protection Board:

Data Protection Board of India

17.4. The Board has powers to investigate complaints, conduct inquiries, and impose penalties for non-compliance with the DPDP Act.

18. CHANGES TO THIS PRIVACY POLICY

18.1. We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

18.2. When we make material changes, we will notify you by:

  • Posting the updated Privacy Policy on our Platform with a new "Last Updated" date
  • Sending you an email notification to the address associated with your account
  • Displaying a prominent notice on the Platform when you log in
  • For significant changes, requesting your renewed consent where required by law

18.3. We will provide notice at least 30 days before any material changes take effect, unless changes are required by law or necessary to address security issues.

18.4. Your continued use of the Services after the effective date of changes constitutes your acceptance of the updated Privacy Policy.

18.5. If you do not agree to the updated Privacy Policy, you should discontinue use of the Services and may delete your account.

18.6. We maintain an archive of previous versions of this Privacy Policy. You may request access to previous versions by contacting us.

19. CONTACT US

19.1. If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

For General Privacy Inquiries:
Email: support@superteams.ai
Email (Legal): legal@superteams.ai

For Data Principal Rights Requests:
Email: support@superteams.ai
Subject Line: "Data Principal Rights Request"

Postal Address:
Superstellar Media Labs Private Limited
Attn: Data Protection Officer
55 Lane 2 Saidullajab Westend Marg
Saket, Delhi 110030
India

19.2. We will respond to your inquiry as promptly as possible, typically within 7 business days for acknowledgment and within 30 days for substantive responses.

19.3. For data breach notifications or security concerns, please contact us immediately at support@superteams.ai

We use cookies to ensure the best experience on our website. Learn more