Last updated: May 11, 2026

This policy explains what data Superscout collects, how it is used, who it is shared with, and the rights you have over it. It governs the Superscout website at superscout.co, the Superscout Chrome extension, and any related Superscout services. If you use any of these services, you agree to the terms below.

Operator: Superscout Inc., 2443 Fillmore Street, San Francisco, CA 94115, United States of America. Contact: support@superscout.co.

Summary

We collect the minimum data needed to operate Superscout. We do not sell your data, do not use it to train AI models, and do not share it with advertisers. You can view, edit, export, or delete your data at any time by contacting us.

1. Information we collect

1.1 Account information

When you sign up, we collect your email address. If you sign in with Google or Apple, we receive your email and basic profile data (name and profile picture) from those providers. If you create an account with email and password, we store the email and a salted hash of the password.

1.2 Profile data you choose to add

In the Superscout extension or app, you may optionally provide a first name, last name, username, bio, profile photo URL, and links to your public profiles (Twitter/X, LinkedIn, AngelList, blog, Substack, Medium). All of these are optional and visible only to you unless you explicitly enable a public scout profile.

1.3 Capture and deal data you create

When you use the Superscout Chrome extension to save a startup page (a capture), we record:

• The URL of the page you are saving
• The page title and Open Graph metadata (description, image URL, canonical URL)
• The favicon URL
• The metadata Superscout's resolver extracts about the underlying company (canonical domain, business blurb)
• The conviction level, notes, sourcing context, relationship type, conflict level, pipeline status, round details, and any other fields you fill in on the capture form

We only collect this data on pages where you explicitly click the Superscout extension icon. We do not read pages you visit without saving them.

1.4 Usage telemetry

We log when capture and save operations occur, when sessions begin and end, and when account-level events happen (sign in, sign out, password reset). This data is used to detect abuse, prevent rate-limit violations, and improve the service. We do not log mouse movements, keystrokes outside the Superscout form, or page contents beyond what is required to identify a captured company.

1.5 Web analytics

The Superscout website at superscout.co uses standard web analytics to measure aggregate traffic patterns. We do not use Superscout-installed tracking technologies inside the Chrome extension itself.

2. Information we do not collect

We want to be explicit about what we do not collect:

• Browsing history, including pages you visit but do not capture
• Form inputs from any website other than the Superscout extension popup
• Page contents from sites you visit, beyond the page metadata we use to identify a captured company
• Cookies from third-party sites
• Bank account, credit card, or payment information (payment is processed by Stripe; we receive only the resulting subscription status)
• Health, financial, government identification, or biometric data
• Personally identifiable information about anyone other than you, the signed-in Superscout user

3. How we use your data

We use the data we collect to:

• Authenticate you and maintain your session across the extension and any future Superscout surfaces
• Save and retrieve the deals and notes you create
• Identify the organization on a captured page (we may send the captured URL to a server-side function that fetches and parses the page, using OpenAI's GPT-4o-mini model for parsing)
• Enable the features of the Superscout product, including activity timelines, profile pages, and (in future versions) matched-investor surfaces
• Communicate with you about your account, product updates, and security
• Operate, maintain, debug, and improve the service
• Detect and prevent abuse, fraud, and policy violations
• Comply with applicable law

We do not sell your data. We do not use your data to train AI models for our own benefit or for any third party. We do not display third-party advertising inside the Superscout extension or surfaces.

4. Future features and data use

Superscout is under active development. Future versions may add features that, with your explicit consent, access additional data. These features and their data uses are not currently active. If you choose to enable them in the future, additional consent will be requested at that time. Anticipated future features include:

• Gmail metadata access. With your explicit consent, Superscout may read the metadata (sender, recipient, subject, date) of emails between you and investors whose domains appear in our funder directory. We will not read the bodies of your emails. We will not read or store metadata for any contact whose domain is not in our funder directory. This feature, when activated, will request the Google gmail.metadata scope.
• Calendar event metadata. With your explicit consent, Superscout may read calendar event titles, times, and attendees for meetings with investors whose domains appear in our funder directory. This feature, when activated, will request the Google calendar.events.readonly scope.
• Sending emails on your behalf. With your explicit consent, Superscout may compose and send emails from your Google account, when you initiate a send deal action inside the product. This feature, when activated, will request the Google gmail.send scope.

For all of the above features, Superscout's use of data obtained via Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We will not transfer Google user data to third parties except as necessary to provide or improve the user-facing features of Superscout, only as permitted by the Limited Use requirements. We will not use Google user data for serving advertisements and will not allow humans to read user data unless we have obtained your explicit consent for specific messages, the data is required for security purposes, or the use is required by law.

5. Where data is stored and processed

Superscout data is stored in:

• Supabase, a hosted Postgres provider located in the United States, for all account, capture, and deal data
• Stripe, for subscription billing data
• Postmark, for transactional email delivery

When the Superscout resolver parses a captured page, the page URL is sent to OpenAI for one-time processing using the GPT-4o-mini model. Per OpenAI's API data policy, OpenAI does not retain this data and does not use it to train its models.

All data in transit is encrypted with TLS. Data at rest is encrypted using the encryption-at-rest features of the underlying providers.

If you are located outside the United States, please be aware that your data may be transferred to and processed in the United States, which may have data protection laws different from those of your country.

6. Who we share data with

We share data only as needed to operate the service, and only with the following categories of providers:

• Infrastructure providers that host or process data on our behalf (Supabase, Stripe, Postmark, OpenAI, hosting providers)
• Authentication providers when you choose to sign in with them (Google, Apple)
• Law enforcement or government authorities, only when required by valid legal process

We do not sell data to third parties. We do not share data with advertisers. We do not share data with data brokers.

7. Your rights

You can, at any time:

• View all your saved deals and profile data inside the Superscout extension or app
• Edit any deal, conviction level, note, or profile field
• Delete any deal or your entire account
• Export your data in a portable format by emailing support@superscout.co
• Withdraw consent for any feature that requires explicit consent (Gmail integration, calendar integration, sending emails)

If you are a resident of the European Union, the United Kingdom, or California, you have additional rights granted by GDPR, UK-GDPR, and the California Consumer Privacy Act (CCPA), including the rights of access, rectification, erasure, restriction of processing, data portability, objection to processing, and the right not to be subject to automated decision-making. To exercise any of these rights, email support@superscout.co. We will respond within 30 days.

You can revoke Superscout's access to your Google or Apple account at any time through your account settings on those services. After revocation, Superscout will not retain Google API tokens.

8. Data retention

We retain your account and product data for as long as your account is active. If you delete your account, we will delete all associated data within 7 days, except:

• Backup snapshots, which roll off within 30 days
• Records required for legal, regulatory, or anti-fraud purposes, which are retained for the legally required period

If you want to permanently delete your account, email support@superscout.co with the subject Delete my account. We will confirm by email before proceeding.

9. Security

We use the following security measures:

• TLS encryption for all data in transit
• Encryption at rest for all stored data
• Row-level security in the database to ensure users can only access their own data
• Short-lived JWT tokens for authentication
• Salted password hashes (we never store plaintext passwords)
• Audit logging of sensitive operations

No system is perfectly secure. If you believe your account has been compromised, contact support@superscout.co immediately. If we discover a security breach affecting your data, we will notify you within 72 hours of discovery, in line with applicable breach-notification laws.

10. Children's privacy

Superscout is intended for users aged 18 and older. We do not knowingly collect data from anyone under the age of 13. If we learn that we have inadvertently collected data from a child under 13, we will delete it. If you believe a child has provided us with data, contact support@superscout.co.

11. Changes to this policy

We will update this page when we materially change our data practices. The Last updated date at the top of this policy reflects the most recent change. We will notify active users by email of any material change to this policy at least 30 days before it takes effect.

12. Contact us

For privacy questions, data requests, or any other privacy-related concerns, email support@superscout.co.

Postal address: Superscout Inc., 2443 Fillmore Street, San Francisco, CA 94115, United States of America.