Privacy Policy

Effective date: September 5, 2025

TL;DR: Sup collects only the minimum information needed to operate and improve the app (primarily analytics and the reminder text you ask us to generate). We do not sell your data. We encrypt data in transit (HTTPS) and use industry-standard security controls.

Contents

1. Who We Are

2. Scope

3. What We Collect (Data Minimization)

4. How We Use Data & Legal Bases

5. AI Processing (OpenAI)

6. When We Share Data

7. Analytics, Cookies & Similar Tech

8. Data Retention

9. Security

10. Your Privacy Rights (GDPR/UK/CCPA)

11. International Transfers

12. Children’s Privacy

13. Changes to This Policy

14. Contact Us

15. Sub-Processors

1) Who We Are

“Sup”, “we”, “us”, or “our” refers to the Sup reminders application and website at supreminders.com operated by Sup (Legal Entity). We act as the data controller for personal data we collect and determine the purposes and means of processing.

2) Scope

This policy covers our mobile/desktop apps and our website. It explains the personal data we collect, why we collect it, how long we keep it, and your rights. If a feature links to a different policy, that policy governs for that feature.

3) What We Collect (Data Minimization)

We designed Sup to run on minimal data. We do not collect habit categories or health data by default unless you provide text in a reminder that incidentally includes such information.

Account/Basic (if you create an account): email address; password or authentication token (hashed/salted where applicable); basic device/app identifiers.

Reminder Content You Provide: text you enter for reminders, schedules, and settings. If you use our AI to generate or customize reminders, the relevant prompt/context you supply is processed to return the requested output (see AI Processing).

Analytics/Telemetry (aggregated where possible): app version, device type, performance events, crash logs, coarse usage events (e.g., feature toggles, reminder sent/delivered), and general engagement metrics. We do not use analytics to build marketing profiles across other companies’ sites/apps.

Support (if you contact us): email contents, screenshots/logs you choose to share.

We do not sell your personal information. We also do not share it for cross-context behavioral advertising.

4) How We Use Data & Legal Bases

Operate the Service (contract/legitimate interests): schedule and send reminders; maintain accounts; deliver notifications; provide customer support.

Generate Reminders (contract/consent): when you ask for unique or contextual reminders, we process your prompt with our AI provider strictly to return the requested text (details below).

Improve and Secure (legitimate interests): debug, combat abuse, measure reliability and performance, and understand what features help habit formation. We use aggregated or de-identified reports where feasible.

Legal/Compliance (legal obligation/legitimate interests): comply with law, defend legal claims, and enforce our Terms.

5) AI Processing (OpenAI)

For optional AI-generated reminders, we send the minimum necessary prompt/context to our AI provider, OpenAI, via API to generate the requested text. We do not use AI outputs to make legal or similarly significant decisions about you.

Data we send: the text you enter (e.g., “help me draft a kind reminder about drinking water at random times”), plus lightweight instructions (tone/length) needed to generate the reminder.

Purpose: return reminder wording/content to you. We do not permit the AI provider to use your prompts/outputs for targeted advertising.

Controls: You can use Sup without AI features. If you opt in to AI reminders, you can switch them off anytime in Settings. You can also delete AI-related content (see Your Rights).

Data handling by OpenAI: OpenAI processes your prompts to provide the service and may retain limited logs for safety/abuse detection per its own terms/policies. We implement available controls to limit retention where supported and do not knowingly enable model training on your data. For more detail, review OpenAI’s documentation and terms from within your account or at their site.

6) When We Share Data

We share personal data only with:

Service Providers (Processors): vendors that host our app, deliver notifications, provide analytics, crash reporting, or AI processing—bound by confidentiality and data processing terms.

Legal/Protection: when required by law or to protect rights, safety, and integrity of the service.

Business Transfers: if we undergo a merger, acquisition, or asset sale, your data may transfer under equivalent protections and notice.

We do not sell personal data and we do not share it for cross-context behavioral advertising.

7) Analytics, Cookies & Similar Technologies

We use privacy-respecting analytics to understand app reliability and usage at a high level (e.g., crash frequency, notification delivery). Where required, we obtain your consent before enabling analytics.

Cookie/Storage Use: strictly necessary cookies for session/security and local storage for preferences (including your analytics consent state). We do not use third-party ad trackers.

Analytics are currently off.

8) Data Retention

We keep personal data only as long as needed for the purposes above or as required by law. Typical retention:

Account data: retained while your account is active; deleted or anonymized within 30–90 days after deletion, subject to legal holds.

Reminder content: retained while the reminder is active; deleted when you delete it or your account (subject to backup cycles).

Analytics logs: kept for short operational windows and then aggregated or deleted.

9) Security

Data in transit uses HTTPS/TLS. We apply industry-standard controls, including access controls, least privilege, encryption in transit, and monitoring. No system is perfectly secure; we maintain an incident response process and will notify you and/or authorities as legally required in the event of a breach.

10) Your Privacy Rights

Depending on your location, you may have the right to access, correct, delete, port, or restrict processing of your data, and to object to certain processing. You may also withdraw consent where we rely on it.

How to exercise: Use in-app controls where available or email us (see Contact Us). We will verify your request to protect your data.

CCPA/CPRA (California): you have rights to know, delete, correct, and opt out of “selling” or “sharing.” We do not sell or share personal data as defined by CPRA. You may still submit requests at any time.

GDPR/UK-GDPR (EEA/UK): where applicable, you may contact our EU/UK representative (if required) and your supervisory authority. You also have the right to lodge a complaint with your local authority.

Automated decisions: our AI features generate reminder text; they do not produce legal or similarly significant decisions.

11) International Transfers

We may process data in countries outside your own. Where we transfer personal data internationally, we use legally recognized safeguards (e.g., standard contractual clauses) and technical/organizational measures appropriate to the risk.

12) Children’s Privacy

Sup is not directed to children under 13 (or the age of digital consent in your region). We do not knowingly collect personal data from children. If you believe a child provided us personal data, contact us so we can delete it.

13) Changes to This Policy

We will update this policy as we improve Sup or as laws change. We will post the new date at the top and, when material changes occur, provide additional notice (e.g., banner or email) and obtain consent where required.

14) Contact Us

Questions or requests? Email us at privacy@supreminders.com.

15) Sub-Processors (Operational Vendors)

We use vetted service providers to help run Sup. They process data strictly under our instructions:

Vendor Purpose Data Categories Region
OpenAI Generate reminder text from your prompts Prompt text; generation settings; output text Global
Google/Firebase Analytics/Crash reporting App/device identifiers; event telemetry; crash logs Global
Hosting provider App/DB hosting, content delivery Account basics; reminder metadata; logs US Region-specific

We update this list when vendors change. For updates, check this page.

Quick Controls

Delete account & data: Use in-app Settings → Account → Delete Account, or email privacy@supreminders.com.

Export data: Email us with the subject “Data Export Request” from your account email.

Disable AI features: Settings → Reminders → AI-Generated Reminders → Off.

Analytics consent: Use the toggle above to opt in/out anytime.

i
Privacy Preference Saved
Your analytics preference has been updated.