SS
SuperSmart

Privacy Policy

Last updated: December 2025

1. Introduction

KONSOLE LABS GmbH ("we", "us", or "our") operates the SuperSmart Cloud platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679.

2. Data Controller

The data controller responsible for your personal data is:

KONSOLE LABS GmbH

Gritznerstraße 42

12163 Berlin, Germany

Email: privacy@supersmart.cloud

3. Data We Collect

3.1 Account Information

  • Email address
  • Name
  • Company name
  • Password (encrypted)
  • Billing information

3.2 Content Data

  • Text content you create or upload
  • Audio files and recordings
  • Voice samples for voice cloning
  • Images and media files
  • Transcriptions and translations

3.3 Usage Data

  • IP address
  • Browser type and version
  • Pages visited and features used
  • Time and date of access
  • Device information

3.4 Cookies and Tracking

We use essential cookies for authentication and session management. Analytics cookies are only set with your consent. See our Cookie Policy for details.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide our services to you
  • Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent, such as for marketing communications
  • Legitimate Interests (Art. 6(1)(f) GDPR): For fraud prevention, security, and service improvement
  • Legal Obligation (Art. 6(1)(c) GDPR): To comply with legal requirements such as tax and accounting obligations

5. How We Use Your Data

We use your personal data to:

  • Provide and maintain our Service
  • Process your content through AI services (text generation, transcription, TTS, etc.)
  • Manage your account and subscription
  • Process payments
  • Send you important service updates
  • Provide customer support
  • Improve and develop our Service
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

6. Data Sharing and Sub-Processors

We share your data with the following categories of recipients. For business customers (B2B), we offer a Data Processing Agreement (DPA) that includes the complete list of sub-processors.

6.1 Hosting & Infrastructure (EU)

  • Hetzner Online GmbH (Germany) - Server hosting, databases, self-hosted services

6.2 AI Service Providers

Depending on features used, data may be processed by:

  • OpenAI Inc. (USA) - Text generation, TTS, image generation
  • Anthropic Inc. (USA) - Text generation (Claude)
  • Google LLC (USA) - Text generation, translation, image/video generation
  • ElevenLabs Inc. (USA) - Text-to-speech, voice cloning
  • DeepL SE (Germany) - Translation services
  • Mistral AI (France) - Text generation
  • And others as listed in our DPA

6.3 Social Media Platforms

If you use social media distribution features:

  • Meta Platforms (Facebook, Instagram) - Content distribution
  • TikTok - Content distribution
  • YouTube/Google - Content distribution, streaming
  • Twitch (Amazon) - Streaming

International Data Transfers

Some of our sub-processors are located outside the EU/EEA. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) and/or the EU-U.S. Data Privacy Framework.

7. Data Retention

We retain your data for as long as necessary to provide our services:

  • Account data: Until account deletion plus legal retention periods
  • Content data: Until you delete it or close your account
  • Billing data: 10 years (German tax law)
  • Usage logs: 90 days
  • Backups: 30 days after deletion

8. Your Rights Under GDPR

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your data
  • Right to Restriction (Art. 18): Limit how we use your data
  • Right to Data Portability (Art. 20): Receive your data in a structured format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Art. 7): Withdraw consent at any time

To exercise these rights, contact us at privacy@supersmart.cloud

9. Data Security

We implement appropriate technical and organizational measures including:

  • Encryption in transit (TLS 1.3) and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures
  • Regular backups with encryption

10. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our Service. Your continued use of the Service after such modifications constitutes your acknowledgment of the modified policy.

12. Complaints

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with a supervisory authority.

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin, Germany

www.datenschutz-berlin.de

13. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Email: privacy@supersmart.cloud

Postal Address:
KONSOLE LABS GmbH
Attn: Data Protection
Gritznerstraße 42
12163 Berlin, Germany

→ Terms of Service→ Data Processing Agreement→ Imprint