Privacy Policy

We collect only the data necessary to provide, protect, personalize, and improve Supernapse, subject to the purposes described in this Policy.

We process personal data for specific purposes and based on legal bases provided by the LGPD and, when applicable, the GDPR.

Supernapse uses its own or third-party artificial intelligence services, including providers such as OpenAI and other technology suppliers, to enable features such as generation of summaries, flashcards, quizzes, explanations, contextual tutoring, study organization, and analysis of content submitted by the user.

For these features to operate, content such as prompts, questions, PDFs, texts extracted from files, transcripts, answers, study context, and generated outputs may be processed by AI systems and contracted external providers. This processing may occur outside Brazil or outside the country where the user is located.

Supernapse does not sell users’ private content. It also does not use private content to train third-party public models by its own decision without consent, legal obligation, or another applicable legal basis. When we use AI APIs or enterprise services, we seek to contract and configure providers so that content is processed according to the purpose of the service and applicable terms.

Some AI providers may retain technical records, metadata, security logs, abuse monitoring data, or application state for the period and under the conditions provided in their policies, contracts, and configurations. Supernapse evaluates these providers and adopts contractual and technical measures proportional to the risk.

Supernapse may review content or interactions only when necessary for support, security, technical debugging, abuse investigation, legal compliance, controlled service improvement, or responding to user requests, always with access controls and operational need.

AI-generated results may contain errors, omissions, or inaccurate interpretations. The user should critically review responses, especially in academic, professional, legal, medical, financial, or high-impact contexts. This guidance does not change the user’s privacy rights.

Supernapse may use usage and interaction data to personalize the experience, organize materials, adjust study recommendations, and improve the platform.

Currently, Supernapse does not make exclusively automated decisions that produce legal effects or similarly significant effects on the user. If features of this kind are implemented, Supernapse will update this Policy and provide appropriate information about the logic involved, consequences, safeguards, and means of contestation, when required by law.

The user may request additional information, review, or objection to automated processing when applicable through suporte@supernapse.app.

We use cookies, localStorage, identifiers, and similar technologies to operate the platform, maintain sessions, remember preferences, improve performance, measure usage, and, when applicable, support marketing campaigns.

Supernapse does not sell personal data.

We share data only when necessary, proportionally, and for the purposes described in this Policy, with the following categories of recipients:

Whenever applicable, we require processors and providers to process personal data according to documented instructions, confidentiality obligations, security measures, and purposes compatible with this Policy.

Supernapse may transfer, store, or allow access to personal data in other countries, especially when it uses cloud, authentication, artificial intelligence, analytics, support, email, security, or infrastructure providers with global operations.

When there is an international data transfer, we will adopt mechanisms and safeguards compatible with applicable law, such as standard contractual clauses, standard contractual clauses approved by the ANPD when applicable, adequacy decisions, data processing agreements, provider assessments, technical security measures, encryption, and access controls.

Users located in the European Economic Area, United Kingdom, or other jurisdictions with specific rules may have additional safeguards according to applicable law.

We adopt technical, administrative, and organizational measures proportional to the risk and size of the operation to protect personal data against unauthorized access, loss, alteration, improper disclosure, destruction, fraud, and other incidents.

These measures may include encryption in transit and, when applicable, at rest; authentication; need-to-know access controls; environment segregation; audit logs; monitoring; backups; permission review; abuse protection; provider assessment; internal policies; and incident response procedures.

Despite these measures, no system is absolutely secure. The user must also protect credentials, use strong passwords, keep devices secure, and immediately report any suspicion of improper access to the account.

We retain personal data for the time necessary to fulfill the purposes described in this Policy, provide the service, maintain security, respond to requests, comply with legal obligations, and preserve rights.

Under the LGPD and, when applicable, other laws such as the GDPR, the user may request:

Account deletion may be performed directly in the application when that feature is available or requested by email at suporte@supernapse.app.

We will respond to requests within the periods provided by law. In some cases, we may deny, limit, or postpone requests when necessary to comply with legal obligations, preserve rights, protect trade or industrial secrets, prevent fraud, protect platform security, safeguard third-party rights, or when it is not possible to confirm the requester’s identity.

Supernapse is intended for users aged 13 or older. The service is not intended for children under 13.

Users under 18 must use Supernapse with the knowledge and authorization of their legal guardians when required by applicable law. If we identify use by a child under 13 without valid authorization, we may restrict, suspend, or delete the account and related data, except when retention is necessary for legal obligation or protection of rights.

The processing of personal data of children and adolescents will be carried out observing the best interest of the minor, the educational purpose of the platform, data minimization, transparency, security, and applicable legal bases.

We do not sell minors’ personal data. We also do not direct behavioral advertising to users we know are minors.

Legal guardians may contact suporte@supernapse.app to request information, exercise rights, or request deletion of data of minors under their responsibility.

The user is responsible for content they submit, import, type, or make available in Supernapse, including PDFs, videos, texts, prompts, notes, and third-party data that may be included in those materials.

The user should avoid entering sensitive personal data, third-party data, confidential information, restricted documents, or materials they are not authorized to use, unless this is necessary and appropriate for the study purpose and permitted by applicable law.

When the user enters third-party data, they must ensure that they have authorization or another valid legal basis to do so. Supernapse may remove, restrict, or block content when there are indications of legal violation, abuse, security risk, legitimate data subject request, or determination by a competent authority.

Supernapse may send electronic communications, including emails, related to platform operation and the user experience.

Communications are classified as:

The platform may contain links, integrations, authentication, content, APIs, or third-party services. Use of these services may be subject to their own privacy policies, terms, and practices.

Supernapse does not fully control the privacy practices of independent third parties. We recommend that the user read the policies of external services they use.

In the event of a security incident involving personal data, Supernapse will assess the nature, cause, extent, affected data, risks to data subjects, and containment measures.

When the incident may pose relevant risk or harm to data subjects, we will notify the ANPD, affected data subjects, and other competent authorities, as required by applicable law.

We will also maintain internal records of incidents, measures adopted, risk analyses, communications, and actions to prevent recurrence, when required by law or good governance practices.

Supernapse seeks to incorporate privacy and data protection from the design stage of its features, especially in artificial intelligence, study content, authentication, personalization, and usage analysis areas.

We may adopt measures such as records of processing activities, risk assessments, access controls, provider assessments, data minimization, pseudonymization or anonymization when possible, security testing, permission reviews, and internal procedures for responding to data subject requests.

Privacy governance will be updated as the product evolves, regulatory requirements change, technologies change, and user feedback is received.

This Policy may be updated at any time to reflect changes in the product, legislation, security practices, providers, legal bases, or Supernapse features.

When there are relevant changes, Supernapse may notify users by email, notice on the platform, or another appropriate means. The update date will always be indicated at the beginning of the document.

Continued use of Supernapse after publication of changes means acknowledgement of the updated version, without prejudice to data subject rights provided by law.

For questions about this Policy, rights requests, account deletion, withdrawal of consent, objection to processing, information about sharing, or any privacy-related matter, contact us: