
Updated: February 9th, 2023
1. Scope of this Data Processing Addendum (“DPA”)
1.1 This DPA forms part of the Terms between you and Supernormal with regard to the processing of personal data that is subject to the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"). Terms used herein that are not otherwise defined have the meanings given in the Terms.
1.2 The parties agree that Supernormal acts as a data processor for you in providing the Service.
3. "Personal data" has the meaning given in the GDPR.
2. Processing of personal data
2.1 The parties agree that Supernormal will process the personal data only for the purposes of providing the Service.
2.2 You acknowledge that Supernormal is a U.S. company and will process the personal data in the United States. To the extent that any personal data will be transferred from the European Economic Area to the United States, Supernormal agrees to enter into standard contractual clauses based on the European Commission Decision C(2010)593 or any such clauses amending, replacing or superseding the standard contractual clauses by a European Commission decision or by a decision made by any other authorized body.
3. Supernormal general obligations
3.1 Supernormal must ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3.2 Supernormal shall implement appropriate technical and organizational measures to prevent the personal data from being:
(i) accidentally or unlawfully destroyed, lost or altered,
(ii) disclosed or made available without authorization, or
(iii) otherwise processed in violation of applicable laws.
3.3 The appropriate technical and organizational security measures must be determined with due regard for:
(i) the current state of the art,
(ii) the cost of their implementation, and
(iii) the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
3.4 Supernormal shall upon request provide you with sufficient information to enable you to ensure that Supernormal complies with its obligations under this DPA, including ensuring that the appropriate technical and organizational security measures have been implemented.
3.5 You are entitled at your own cost to appoint an independent expert who shall have access to Supernormal's premises and receive the necessary information in order to be able to audit whether Supernormal complies with its obligations under this DPA, including ensuring that the appropriate technical and organizational security measures have been implemented. You shall provide Supernormal with 14 days prior written notice and you are obligated to ensure that the expert signs a customary non-disclosure agreement, and treats all information obtained or received from Supernormal confidentially, and may only share the information with you. Any findings or reports created on the basis of such an inspection must be shared with Supernormal and shall be regarded as confidential information.
3.6 Supernormal must without undue delay after becoming aware of the facts in writing notify you about:
(i) any request for disclosure of personal data processed under this DPA by authorities, unless expressly prohibited under European Union or member state law,
(ii) any finding of (a) breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed by Supernormal in connection with the Service, or (b) other failure to comply with Supernormal's obligations under this DPA, or
(iii) any request for access to the personal data received directly from the data subjects or from third parties relating to the processing of personal data on your behalf.
3.7 Supernormal must promptly assist you with the handling of any requests from data subjects under Chapter III of the GDPR, including requests for access, rectification, blocking or deletion, which relates to the processing of personal data in connection with the Service.
3.8 Supernormal must assist you with meeting the other obligations that may be incumbent on you according to European Union or member state law related to data processing where the assistance of Supernormal is implied, and where the assistance of Supernormal is necessary for you to comply with your data protection obligations.
4. Subprocessors
4.1 You hereby grant Supernormal a general authorization to engage subprocessors
4.2 Prior to the engagement of a subprocessor, Supernormal shall conclude a written agreement with the subprocessor, in which at least the same data protection obligations as set out in this DPA shall be imposed on the subprocessor, including an obligation to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR.
5. Term and consequences of the termination of this DPA
5.1 The term of this DPA shall correspond to the term of the Terms.
5.2. On your request, Supernormal shall immediately transfer or delete (including anonymize) personal data which Supernormal is processing for you, unless European Union or member state law requires storage of the personal data.
6. Priority
6.1 If any of the provisions of this DPA conflict with the provisions of the Terms, the provisions of this DPA shall prevail.
That is a fancy name for some service that we use that may have access to information about your account on Supernormal.
We use Google for producing transcriptions for the video content created on Supernormal.
Amazon Web Services
We use Amazon Web Services (AWS) for storing the videos, transcriptions, summaries and other application data. You can think of them as our giant database and video streaming provider.
Amplitude
Amplitude helps us understand how people use Supernormal. We use it to count things like clicks, video views, how much time people spend using Supernormal and other important product metrics. Our product leads are busy trying to figure out what these numbers mean and how they can measure improvements in Supernormal.
Mixpanel
Like Amplitude, Supernormal uses Mixpanel to better understand how people use Supernormal. Our product leads are busy trying to figure out what these numbers mean and how they can measure improvements in Supernormal.
Snowflake
We use Snowflake to store data related to Supernormal usage.
Stripe
We use Stripe as a payments processor. Relevant user data is associated to facilitate payments.
Heroku
Heroku manages our AWS servers for us, so we can focus on building the best things for you.
Intercom
We use Intercom to respond to messages you send to our feedback@ and team@ email addresses.
Scout
Supernormal should feel super fast. Scout warns us when there are slow parts of our app so we can fix them.
Datadog
Datadog helps us maintain a reliable service and alerts us when there are issues for us to solve on our end.
Sendgrid
You've got mail! We use Sendgrid to send emails related to Supernormal.
Sentry
When something goes wrong in Supernormal, we use Sentry to write logs on what happened. We use it to give our engineers clues on how to fix what went wrong.
OpenAI
We work with OpenAI to give you the best automated notes.