PRIVACY POLICY
Last updated: 12 May 2026
Superlinked, Inc. (“Superlinked”, “we”, “us”, “our”) respects your privacy. This Privacy Policy applies to www.superlinked.com and any related subdomains and pages operated by Superlinked (collectively, the “Site”) and explains what personal data we collect, why we collect it, how we use it and your rights under the EU General Data Protection Regulation (GDPR), the UK GDPR and other applicable laws.
1. CONTROLLER AND REPRESENTATIVES
Controller Superlinked, Inc. 28 Geary Street, Suite 650 San Francisco, CA 94108, USA Email: privacy@superlinked.com
EU GDPR Article 27 Representative For individuals in the European Economic Area, our designated representative under Article 27 of the EU GDPR is: Superlinked Kft. 1054 Budapest, Honvéd utca 8. 1/2, Hungary Email: privacy.eu@superlinked.com
UK GDPR Article 27 Representative For individuals in the United Kingdom, our designated representative under Article 27 of the UK GDPR is: Meshprime Technologies Ltd 66 Paul Street, London, EC2A 4NA, United Kingdom Email: privacy.uk@superlinked.com
You may contact our EU or UK representative directly on any matter relating to the processing of your personal data under the EU GDPR or UK GDPR. Contacting our representative does not affect your right to contact the controller directly or to lodge a complaint with your supervisory authority.
2. PERSONAL DATA WE COLLECT
We collect personal data that you provide to us directly and limited technical data collected through cookies and analytics.
Data you provide:
- Newsletter sign-ups, demo requests and contact forms: name, company, email address, job title (where provided) and any information you include in your message.
Data collected automatically (with your consent where required):
- Analytics and tracking technologies: device and browser information, IP address (truncated where supported), approximate location (city or region level), pages viewed, time spent, scroll and click events, and usage patterns.
- Session replay (PostHog): recordings of your interactions with the Site, with masking applied to input fields containing personal data. We use session replay to diagnose usability issues and improve the Site.
- Event tracking and customer data platform (Rudderstack): we use Rudderstack to collect and route events about your interactions with the Site (such as page views, clicks, and form submissions) to our analytics and CRM tools. Rudderstack sets cookies that include unique anonymous and user identifiers (online identifiers within the meaning of Article 4(1) GDPR).
- Company-level visitation insights (rb2b): rb2b uses reverse-IP technology to infer the organization associated with visits to the Site. rb2b sets cookies on visitor browsers that include unique session and user identifiers (online identifiers within the meaning of Article 4(1) GDPR); the data that rb2b shares with us, however, is company-level only. We recognize that in certain cases (for example, sole traders, very small offices, or single-IP environments) inferred company identification may indirectly relate to an identifiable individual. We treat any such data as personal data and apply appropriate safeguards.
- Company-level visitor identification (Leadfeeder): in addition to rb2b, we use Leadfeeder to identify the organization associated with visits to the Site. Leadfeeder sets cookies that include unique identifiers; the data shared with us is company-level only.
- Conversion and attribution tracking (Google Ads): measurement of how you arrived at the Site and which campaigns or referrals are effective.
We do not intentionally collect payment data or special categories of personal data (such as health data, biometric data or data revealing racial or ethnic origin, political opinions or religious beliefs).
3. CATEGORIES OF DATA SUBJECTS
This Privacy Policy applies to:
- visitors to the Site;
- individuals who submit forms (demo, contact, newsletter);
- representatives of prospective customers and partners.
For information about how we process personal data of our employees, contractors and corporate customers, please refer to the relevant employment or commercial agreements.
4. HOW AND WHY WE USE YOUR DATA (LEGAL BASES)
We use personal data only for the purposes below.
1. Responding to demo requests and inquiries
- Purpose: to contact you and provide requested information.
- Legal basis: Article 6(1)(b) GDPR (steps prior to entering a contract) or Article 6(1)(a) GDPR (consent), as applicable.
2. Sending newsletters and product updates
- Purpose: to send you marketing communications you opted into.
- Legal basis: Article 6(1)(a) GDPR (consent).
- You can unsubscribe at any time via the link in each email.
3. Website analytics and improvement
- Purpose: to understand how the Site is used, improve content and marketing effectiveness, and measure campaign performance.
- Legal basis: Article 6(1)(a) GDPR (consent) for non-essential analytics and marketing cookies.
4. Internal administration and security
- Purpose: record-keeping, fraud prevention, protecting the Site and our systems.
- Legal basis: Article 6(1)(f) GDPR (legitimate interests). We have assessed that our interests in operating and securing the Site are not overridden by your rights and freedoms, given that we use minimal data for this purpose, apply standard security measures, and do not use the data for profiling or marketing.
We do not sell or rent your personal data.
5. SHARING AND PROCESSORS
We use trusted third-party service providers (processors) to operate the Site and run our business. These providers process data on our behalf under written contracts that protect it, including standard data processing terms required by Article 28 GDPR.
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Website hosting | United States |
| Zapier | Automation between systems | United States |
| HubSpot | CRM, marketing email and lead attribution | United States |
| PostHog | Product analytics, including session replay | United States |
| Rudderstack | Customer data platform (event collection and routing) | United States |
| rb2b | Company-level visitation insights | United States |
| Leadfeeder | Company-level visitor identification | United States |
| CookieYes | Cookie consent management | India / European Union |
| Google Analytics (GA4) | Website usage analytics | United States |
| Google Ads | Conversion and campaign attribution | United States |
| Slack | Internal notifications and lead routing | United States |
| Google Sheets | Internal lead management | United States |
We do not sell or rent your personal data to third parties for their own marketing purposes.
6. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred to and processed outside the EEA or the UK, including in the United States. Where we transfer personal data outside the EEA or UK, we rely on the following safeguards:
- the EU-US Data Privacy Framework (DPF) and the UK Extension to the DPF, where the recipient is certified under those frameworks (this includes, where applicable, providers such as HubSpot, Google and Vercel - please refer to the U.S. Department of Commerce DPF list at dataprivacyframework.gov for current certification status); and
- the European Commission’s Standard Contractual Clauses (SCCs) and, for UK transfers, the UK International Data Transfer Addendum, for recipients not certified under the DPF.
We have conducted transfer impact assessments where required and apply supplementary measures where appropriate.
You may request a copy of the relevant transfer mechanism by contacting us at privacy@superlinked.com.
7. COOKIES
We use cookies and similar technologies on the Site for essential functionality, analytics, and marketing purposes. Strictly necessary cookies do not require consent. With your consent, we also use analytics and marketing cookies from third-party providers including PostHog (with session replay), Google Analytics (GA4), Google Ads, HubSpot, Rudderstack, rb2b, and Leadfeeder.
You can manage or withdraw your consent at any time using the cookie banner.
For the full list of cookies, their providers, categories, purposes and durations, please see our Cookie Policy.
8. DATA RETENTION
We retain personal data only as long as necessary for the purposes described in this Policy. Retention periods depend on the type of data, the purpose of processing, our legitimate business needs, and applicable legal obligations.
Typical retention periods:
| Category | Period |
|---|---|
| Marketing contacts (newsletter, demo, contact forms, CRM) | Until unsubscribe, or up to 36 months from last interaction |
| Website analytics and tracking | Up to 14 months |
| Session recordings | 12 months |
| Server access logs | 90 days |
| Records subject to legal retention obligations | As required by applicable law |
You can request deletion at any time as described in Section 11.
9. AUTOMATED DECISION-MAKING
We do not make decisions based solely on automated processing - including profiling - that produce legal effects concerning you or similarly significantly affect you, within the meaning of Article 22 GDPR.
10. DATA SECURITY AND BREACH NOTIFICATION
We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction or damage. These measures include encryption in transit and at rest where appropriate, role-based access controls, security monitoring, vendor risk management, and regular reviews of our security posture.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR and Article 33 UK GDPR. Where a personal data breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay, in accordance with Article 34 GDPR and Article 34 UK GDPR. Notifications to affected individuals will be made by email where we have a current email address on file, or by another appropriate means where email is not available.
11. YOUR RIGHTS
If you are in the EEA or UK, you have the right to:
- Access: request a copy of your personal data we process;
- Rectification: request correction of inaccurate or incomplete data;
- Erasure: request deletion of your data in certain circumstances;
- Withdraw consent: at any time, where processing is based on consent (withdrawal does not affect the lawfulness of processing carried out before withdrawal);
- Object: to processing based on legitimate interests, including for direct marketing or analytics;
- Restriction: request that we restrict processing in certain cases;
- Data portability: receive your data in a structured, commonly used and machine-readable format and transmit it to another controller, where processing is based on consent or contract and is carried out by automated means;
- Lodge a complaint with your local data protection authority.
To exercise your rights, contact us at privacy@superlinked.com, or contact our EU or UK representative as listed in Section 1. We will respond within one month of receipt of your request, extendable by a further two months for complex requests in accordance with Article 12(3) GDPR.
The relevant supervisory authorities are:
- EU lead supervisory authority: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH), Hungary - www.naih.hu
- United Kingdom: Information Commissioner’s Office (ICO) - www.ico.org.uk
- Other EEA Member States: you may also lodge a complaint with the supervisory authority in your country of residence or place of the alleged infringement.
12. CHILDREN
The Site is not intended for children and we do not knowingly collect personal data from children under the age of digital consent in their jurisdiction. Under the UK GDPR and in some EU Member States this age is 13; in others (including Germany, France, Hungary, the Netherlands and Italy) it is 16. If you believe a child has provided us with personal data, please contact us at privacy@superlinked.com and we will delete the data promptly.
13. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Material changes will be notified by email to subscribers and through a prominent notice on the Site.
This Privacy Policy is published in English. In case of inconsistency between this version and any translation, the English version prevails.