GDPR Compliance

This page describes how Superproxy approaches data protection and privacy in line with principles of the General Data Protection Regulation ("GDPR") for users and organizations operating in the European Union (EU) and European Economic Area (EEA).

This overview is provided for informational purposes only and does not constitute legal advice. Your organization remains responsible for its own compliance with GDPR and other applicable data protection laws.

GDPR at a Glance
  • You remain the controller of your Customer Data stored in Superproxy; we act as a processor for that data in most use cases.
  • We process personal data to provide, secure, and improve the Service and to meet our legal and contractual obligations.
  • We implement technical and organizational measures to help protect personal data handled by Superproxy and its sub-processors.
  • We support data subject rights, such as access, rectification, and erasure, through product capabilities and operational processes.
  • Telephony, AI, and voice features must be configured and used by you in a GDPR-compliant way, especially around consent and transparency.

1. Roles & Responsibilities

When you use Superproxy to manage contacts, companies, quotations, calls, and AI-powered workflows, your organization typically acts as the controller of the personal data contained in that Customer Data. In this role, you determine what information is collected, how long it is retained, and which individuals have access.

Superproxy acts as a processor for Customer Data, processing it only as necessary to deliver, maintain, secure, and improve the Service, and in accordance with the instructions and configuration you provide, subject to our contractual commitments and applicable law.

2. Categories of Personal Data Processed

The specific personal data processed in Superproxy depends on how you configure and use the platform. Typical categories can include:

  • Identification and contact details of your users, customers, and prospects (such as name, email address, phone number, company).
  • Business context data, including quotations, deals, transaction records, and communication history.
  • Telephony and communication metadata, such as call timestamps, duration, dialed numbers, delivery status, and engagement metrics.
  • Call recordings, transcripts, and AI-generated summaries, where enabled and lawfully configured by you.
  • Technical usage data such as IP address, device information, and log data related to access and use of the Service.

3. Legal Bases & Purposes of Processing

We process personal data associated with your account and workspace in order to:

  • Provide and operate the CRM, AI, and telephony features.
  • Authenticate users, manage sessions, and secure access to workspaces.
  • Monitor performance, reliability, and security of the platform.
  • Communicate with you about service updates, support, and billing.
  • Comply with legal obligations and enforce our agreements.

For Customer Data, the legal basis is determined by you as controller, and you are responsible for ensuring that appropriate consent, contract, or legitimate interest assessments have been performed where required.

4. Data Subject Rights Support

Under GDPR, data subjects may have rights to access, rectify, erase, restrict processing of, or port their personal data, as well as the right to object to certain processing and to lodge complaints with supervisory authorities.

As controller, you are responsible for handling and assessing these requests. Superproxy supports you by:

  • Providing workspace features to search, update, and delete records that may contain personal data.
  • Offering export and reporting capabilities relevant to customer and activity data.
  • Implementing processes to handle requests that relate to data we control as a service provider (for example, account-level information).

5. International Transfers & Sub-Processors

Superproxy may use infrastructure and service providers located in different jurisdictions, including outside the EU/EEA. Where personal data is transferred internationally, we aim to implement appropriate safeguards, such as contractual protections, to help ensure a level of protection consistent with GDPR requirements.

We engage sub-processors for services such as hosting, telephony, email, and AI processing. These providers are bound by agreements that limit their use of personal data and require appropriate technical and organizational measures.

6. Security & Data Protection by Design

We implement technical and organizational measures designed to protect personal data processed through Superproxy and to support data protection by design and by default. Examples include:

  • Access controls and role-based permissions for workspace members.
  • Encryption in transit and secure configurations at the infrastructure layer.
  • Logging and monitoring of key events to support incident detection and response.
  • Separation of environments and limitations on access to production data.

7. Telephony, AI & Consent Responsibilities

Superproxy provides AI-powered outbound calls, voice cloning, and automated communication features. These tools can involve processing personal data, including voice data and call transcripts. You are responsible for:

  • Ensuring appropriate transparency and consent mechanisms are in place for individuals contacted via AI agents or automated workflows.
  • Configuring recording, transcription, and retention settings in line with local laws and your internal policies.
  • Ensuring that AI outputs are reviewed where necessary and not used in a way that violates data protection or consumer protection rules.

8. Documentation & Contractual Terms

Your relationship with Superproxy, including data processing commitments, is governed by the Terms of Service, Privacy Policy, and any applicable data processing agreements or enterprise contracts. These documents describe roles, responsibilities, and relevant data protection provisions.

9. Contact & GDPR Inquiries

If you have questions about Superproxy's GDPR-related practices or require additional information for your organization's compliance assessments, you can contact our team using the contact details provided within the application or on our website.