Privacy Policy

Last Modified & Posted: June 3, 2024

Introduction

This privacy policy ("Privacy Policy") explains how Morax Inc., doing business as Superbloom ("Superbloom," "Company," "we," "us," or "our"), collects, uses, and discloses information about you when you visit our website, use our document sharing and tracking services, and interact with our platform (collectively, the "Services").

At Superbloom, we are committed to transparency and accountability in our data practices, as well as protecting your privacy and ensuring your information is handled securely. We strive to provide Viewers and Users with clear and accessible information about how their data is collected, used, and protected, and we are dedicated to upholding the highest standards of privacy and security. If you have any questions or concerns about your privacy or data security, please don't hesitate to contact us at privacy@superbloom.one

Scope of Policy

This Privacy Policy governs your access of Superbloom Services and applies to all visitors to our website located at https://www.superbloom.one (the "Site"), users who have Superbloom accounts ("Users"), Viewers who access Content through our platform (“Viewer”), and those who access our Services through the Site, applications on various devices, APIs, third-party services, or anywhere else, regardless of how you access it.

As part of our Services, we gather information about Viewers on behalf of our Users. Our handling of this information on behalf of Users is regulated by our contractual agreements with them and by their respective privacy policies. Please note that we are not liable for the privacy policies or practices of Users or other third parties.

Your use of our Site or Services implies your consent to the collection, transfer, processing, storage, disclosure, and other utilization outlined in this Privacy Policy, as well as our Terms of Service.

Our Services

Superbloom provides a web-based platform designed to assist Users in sharing their information, content, materials, files, and folders (collectively, "Content") and in analyzing how their Content is viewed and interacted with by their customers, prospective customers, and other third parties who may or may not be registered Users of the Service ("Viewers").

Disclosure to Content Viewers

When Viewers access Content shared through our platform, it's important for them to understand how their interactions with the content are tracked and analyzed. As a part of our Services, we collect information about Viewer interactions to provide detailed analytics to the Content owner and to enhance the overall user experience. This includes details about how Viewers engage with the shared content, such as views, clicks, downloads, and other relevant information such as information about the Viewer's device type, operating system, browser type, IP address, and other activity data to better understand user behavior and preferences.

This information is crucial for Content owners to understand how their content is being received and to make informed decisions about their communication strategies. By viewing the Content, you consent to this tracking.

Purpose of Data Collection

The primary purpose of collecting Viewer interaction data is to provide valuable insights to Content owners, allowing them to optimize their content and communication strategies. By analyzing Viewer engagement metrics, Content owners can gain valuable insights into audience preferences, identify areas for improvement, and tailor their content to better meet the needs of their target audience.

Viewer Consent

By accessing Content shared through our platform, Viewers consent to the collection and analysis of their interaction data as described in this Privacy Policy. This tracking is essential for Content owners to understand the effectiveness of their content and improve their communication strategies.

Information We Collect

From Users:

  • Personal Information:Information you provide directly to us, such as your name, email address, and payment information when you register for an account, fill out a form, or contact us. The information we collect may include your name, email address, mailing address, phone number. We use this information to process transactions, improve our website and customer service, and send periodic emails. We do not sell, trade, or otherwise transfer your personal information to outside parties.
  • Content: Any information, files, or materials you upload, share, or manage using our Services.
  • Usage Data: Information about how you use our Services, including IP address, browser type, operating system, referral source, pages visited, and other activity data including the actions you take within your account, preferences, and settings.
  • Payment Information: We use our payment provider, Stripe, to process payments on our platform. We do NOT collect or store any payment information on our servers.

From Viewers:

  • Interaction Data: Information about how Viewers interact with the Content shared by Users, including the date and time, views, length of time viewed, which portion was viewed, clicks, and other engagement and viewer metrics including IP address, browser type, operating system, referral source, pages visited, and other activity data.

Automatically Collected Information:

  • Device Information: Details about the devices you use to access our Services, including device type, operating system, browser type, and IP address.
  • Log Data: Server logs that may include information such as the date and time of visits, pages viewed, and time spent on the Site.
How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing Services: To operate, maintain, and improve our Services.
  • Personalization: To personalize your experience and deliver content and product offerings relevant to your interests.
  • Communication: To communicate with you about your account, transactions, and other Services-related matters.
  • Analytics: To analyze usage trends and improve the functionality and performance of our Services.
  • Compliance: To comply with legal obligations and enforce our terms and conditions.
Sharing Your Information

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service. We may share your information with the following third parties in the following circumstances:

  • Service Providers: Third-party vendors who perform services on our behalf, such as payment processing, data analysis, and customer support.
  • Business Partners: Partners with whom we collaborate to offer additional products or services.
  • Legal Authorities: If required by law or to protect our rights, we may disclose your information to governmental authorities or other third parties.
  • Aggregated Data: Non-identifiable information may be shared for research, marketing, or other business purposes.
  • Violation of Terms: If we believe your actions are inconsistent with our Terms or to protect the rights, property, and safety of Superbloom or others.
Data Security

We implement robust technical and organizational security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. However, please note that no method of security measures, data transmission over the internet, or electronic storage is completely foolproof and secure, and we cannot guarantee the security of your information.

Data Encryption

Superbloom safeguards data both in transit and at rest. Files are stored behind a firewall and authenticated against the sender's session with each request. We enforce industry best practices for data transmission, utilizing Transport Layer Security (TLS). Our data is stored in Google Cloud's SOC 1 Type II, SOC 2 Type II, and ISO 27001 certified data centers. Files and data are encrypted at rest using AES 256-bit encryption, ensuring that your information is protected during storage. Files are transferred using a pre-signed, expiring URL to upload content. These measures ensure the confidentiality and integrity of your data throughout its lifecycle.

Cookies

We use cookies to help us understand and save your preferences for future visits and for authentication purposes. You can control cookies through your browser settings, but note that disabling cookies may affect your ability to use certain features of the Services.

Authentication

At Superbloom, we prioritize the security and ease of access for our users by providing robust authentication methods.

  • Password Authentication: Passwords are stored securely using industry-standard hashing algorithms to ensure they are not accessible even if our database is compromised. In case a user forgets their password, we provide a secure password recovery process. Users can reset their password by receiving a password reset link via their registered email address.
  • Google Single Sign-In (SSO): We offer Google SSO to streamline the login process, allowing users to sign in using their existing Google account credentials. Google SSO leverages OAuth 2.0, a secure authorization protocol, to authenticate users without requiring them to share their Google password with Superbloom. During the Google SSO process, users are informed about the specific data that will be accessed from their Google account, and their consent is obtained before any data is shared. By using Google's authentication system, users benefit from Google's advanced security measures, including detection of suspicious login activity and protection against account hijacking.

All authentication data, including login credentials and tokens, is transmitted over secure, encrypted channels (HTTPS) to prevent interception by unauthorized parties. We use secure session management practices to protect user sessions, including secure cookies, session timeouts, and protection against session fixation attacks. Our system continuously monitors for suspicious login activities. In case of detected anomalies, users are immediately notified and prompted to verify their identity or change their password.

Google Data

Superbloom use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Upon connecting your Gmail account to our platform, we request access to your Google profile data. This data is utilized to display your connected Gmail account within the platform. Please be assured that this information is exclusively visible to you within the platform and will not be disclosed to the public. In addition to the aforementioned access to your Google profile data, we also request permission to view your Gmail labels, read your emails, and send emails on your behalf. This access is primarily required to ensure the full functionality of our platform and will not be utilized outside of this context. Upon disconnection of the account, all associated information will be promptly erased.

Infrastructure
Google Cloud

Superbloom leverages Google Cloud for hosting and data storage. Google Cloud is renowned for its robust security infrastructure and compliance with global data protection standards. Here are some key security features:

  • Encryption: Google Cloud encrypts data at rest using AES 256-bit encryption and data in transit using Transport Layer Security (TLS).
  • Access Controls: Google Cloud provides fine-grained access control policies to manage permissions and ensure that only authorized personnel can access sensitive data.
  • Compliance: Google Cloud complies with major international standards and regulations, including SOC 1, SOC 2, SOC 3, ISO 27001, and GDPR. This ensures that our data handling practices meet stringent security and privacy requirements.
  • Regular Audits: Google Cloud undergoes regular third-party audits to verify its security practices and compliance with industry standards.
PostgreSQL

Our database of choice is PostgreSQL, known for its advanced security features and reliability. Here are some of the security measures we implement:

  • Encryption: PostgreSQL supports encryption for data at rest using pgcrypto and ensures secure data transmission with TLS.
  • Authentication: PostgreSQL uses robust authentication methods, including MD5, SCRAM-SHA-256, and certificate-based authentication.
  • Access Control: PostgreSQL provides granular role-based access control (RBAC) to manage database permissions and restrict access to sensitive data.
  • Regular Backups: We perform regular database backups and employ disaster recovery plans to ensure data integrity and availability.
Firebase

Superbloom uses Firebase for authentication and real-time data synchronization. Firebase is a secure platform provided by Google, offering the following security features:

  • Authentication: Firebase Authentication supports various authentication methods, including email/password, OAuth providers (Google, Facebook, etc.), and phone authentication. It ensures secure user authentication and management.
  • Realtime Database and Firestore: Both Firebase Realtime Database and Firestore use SSL/TLS for secure data transmission. Data is stored in encrypted form, ensuring protection at rest.
  • Security Rules: Firebase provides security rules for its database services, allowing us to enforce access controls and validation logic directly within the database.
  • Compliance: Firebase complies with major standards and regulations, including GDPR, ensuring that our data handling practices align with legal requirements.
Fullstory and Hotjar
Fullstory

We use Fullstory on our app to better understand our users' needs and to optimize our Service. Fullstory is a technology service that helps us understand our users' experience, and this enables us to build and maintain our service with user feedback. Fullstory uses cookies and other technologies to collect data on our users' behavior and their devices, including a device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Fullstory stores this information on our behalf in a pseudonymized user profile. Fullstory is contractually forbidden to sell any of the data collected on our behalf.

For more information on Fullstory's privacy practices, please visit Fullstory Privacy Policy.

Hotjar

We use Hotjar on our marketing website to better understand our visitors' needs and to optimize the experience. Hotjar is a technology service that helps us better understand our users' experience, and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users' behavior and their devices, including a device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location, and the preferred language used to display our website. Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user.

For more information on Hotjar's privacy practices, please visit Hotjar Privacy Policy.

How We Use the Data Collected by Fullstory and Hotjar

The data collected by Fullstory and Hotjar is used to:

  • Improve the functionality and user experience of our app and marketing website.
  • Diagnose technical issues and analyze usage trends.
  • Understand what features are most popular and which parts of our Services may need improvement.
  • Develop new features and services based on user interactions and feedback.
Data Security and Privacy

Both Fullstory and Hotjar are GDPR-compliant, and they use various technologies and procedures to help protect user data from unauthorized access, use, or disclosure. This includes encryption of data during transmission and storage, as well as strict access controls to ensure that only authorized personnel can access user data.

By using our app and website, you consent to the collection and use of your information by Fullstory and Hotjar as outlined in this Privacy Policy. If you do not agree with this policy, please discontinue use of our Services, app, and website.

Compliance with Data Laws

Superbloom is committed to complying with all applicable data protection laws and regulations, including GDPR, CCPA, and others. Our privacy policy outlines our data handling practices, and we regularly review and update our policies to ensure compliance. Specific measures include:

  • Data Minimization: We collect and process only the data necessary for providing our services.
  • User Rights: We respect user rights to access, rectify, and delete their personal data. Users can exercise these rights by contacting us at privacy@superbloom.one.

By utilizing these technologies and implementing rigorous security measures, Superbloom ensures that your data is protected and your privacy is maintained. Our commitment to security and compliance provides peace of mind for our customers, knowing that their information is in safe hands.

Your Rights

Subject to applicable law, you have several options regarding your information:

  • Account Settings: You can access and update your personal information and preferences through your account settings.
  • Communications: You can opt-out of receiving promotional emails from us by following the instructions in those emails. If you opt-out, we may still send you non-promotional communications.
  • Data Access and Deletion: You may request access to or deletion of your personal information by contacting us at privacy@superbloom.one. We will respond to your request in accordance with applicable laws.
Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated policy on our Site and update the policy's effective date. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@superbloom.one.