Privacy

Privacy policy

We built Superfact so the work you do with AI becomes an artifact worth sharing. That trust runs both ways, so this page spells out what we collect, why, and what you can ask us to do with it.

Last updated · May 24, 2026

01 · At a glance

  • +We process two kinds of data: producer data from people who sign in and publish, and viewer data from people who load a published superfact.
  • +The actual writing happens inside your chat on your own LLM subscription (Claude, ChatGPT, Cursor, others). Superfact receives only the structured artifact the agent decides to publish, plus a handful of fields about the publish itself.
  • +We do not send your chat or your published content to any AI model to train it.
  • +Published superfacts are public by default but never indexed by search engines. Producers can switch any publish to password-protected or private.
  • +We store data in the EU where we can. A few processors are based in the US and rely on approved transfer mechanisms (SCCs, EU-US DPF).
  • +When you delete your account, we delete your publishes, comments, reactions, and viewer chat history within 90 days.
  • +You can reach us about any of this at hey@superfact.ai and we will reply within one business day.

02 · Who we are

Superfact is a product of Metascend GmbH, a Swiss company registered in the Canton of Zürich (UID CHE-195.997.652). For the purposes of the GDPR and the revised Swiss Federal Act on Data Protection (nFADP), Metascend GmbH is the controller of personal data collected through superfact.ai.

You can write to us at hey@superfact.ai for anything data-related: access requests, corrections, deletion, or questions about this policy.

03 · What we collect

From producers (account holders)

  • +Name, email address, and authentication identifiers (from Supabase Auth, including Google OAuth sub claims if you sign in with Google).
  • +Workspace and account settings: display name, custom domain configuration, brand accent (Pro), template defaults.
  • +Billing details processed by Stripe when paid plans launch. We receive a customer ID, plan, and billing status. We never see your card number.
  • +Each MCP tool call you make and the structured artifact payload it produces. This is the JSON your agent passes to the publish tool. It is not your raw chat. It is the data the agent decided to share.
  • +Integration tokens you choose to add (for example a Slack workspace token, when that integration ships).
  • +Usage logs and diagnostic events tied to your account (see section 06).

From viewers (people who load a published superfact)

  • +Basic device and browser metadata (user agent, approximate timezone, IP address for rate limiting and abuse defense).
  • +The slug of the publish you loaded, plus an anonymous view ping so producers can see view counts.
  • +Anything you type into a viewer reaction, comment, or chat question on a public publish (these features ship gradually; if you do not interact, we receive nothing beyond the view ping).
  • +If a publish is password-protected, the password you submit is checked server side and never stored in plaintext.

Derived data (produced by AI Gateway)

  • +Answers to viewer chat questions, generated on demand from the artifact JSON via the Vercel AI Gateway with zero data retention.
  • +Per-template Open Graph preview images rendered from the artifact.
  • +Aggregate counters (views, reactions, comments) used to show signal on the producer dashboard.

04 · Legal bases (GDPR Art. 6 / nFADP Art. 31)

  • +Contract. We process producer account data to deliver the service you signed up for.
  • +Consent. Viewer interactions (reactions, comments, chat questions) are voluntary. Submitting one is the consent. You can withdraw consent by asking us to delete the interaction at hey@superfact.ai.
  • +Legitimate interest. Security logging, abuse defense, rate limiting, error monitoring, and basic product analytics.
  • +Legal obligation. Financial records are kept for as long as Swiss tax law requires (ten years).

05 · How we use the data

  • +To accept structured artifacts your agent publishes through the MCP server, store them, and render them at a public URL on superfact.ai or your custom domain.
  • +To answer viewer chat questions on a publish using the artifact content and a zero-retention model call through the Vercel AI Gateway.
  • +To send transactional email (sign-in links, billing receipts, account notifications) via Resend.
  • +To keep the service reliable (logs, errors, performance) and to stop abuse and scraping.

We do not sell personal data. We do not use producer accounts or published artifacts to train AI models, and our model subprocessors are contracted on zero-retention or training-excluded terms.

06 · Subprocessors

We rely on the following processors to deliver the service. Each one is bound by a data processing agreement. This list is current as of the date at the top of this page.

ProcessorPurposeRegion
SupabaseDatabase, auth, storageEU (Frankfurt)
VercelHosting, CDN, serverless compute, cron, blob storageGlobal
Vercel AI GatewayRouting layer for viewer chat questions, zero data retentionGlobal
GoogleOAuth sign-in (only if you choose Google as your provider)US
StripePayments, billing, subscriptions (active when paid plans launch)EU / US
UpstashRate limitingEU
ResendTransactional emailEU / US
PostHogProduct analyticsEU
SentryError monitoringEU

07 · International transfers

Some of our processors are based in the United States. When data leaves Switzerland or the EEA, we rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework. The Swiss equivalents (Swiss SCCs and the Swiss-US Data Privacy Framework) apply to Swiss-origin data.

08 · Retention

  • +Active accounts. We keep publishes, comments, reactions, viewer chat history, and account settings for as long as your account exists.
  • +Deleted accounts. When you delete your account or ask us to, we remove publishes, comments, reactions, derived previews, and viewer chat history within 90 days. Backups roll over within that window.
  • +Individual publishes. You can delete any single publish from your workspace at any time. Deletion is immediate from the live URL; backups roll over within 90 days.
  • +Billing records. Invoices and tax-relevant records are kept for ten years to comply with Swiss accounting law (CO Art. 958f).
  • +Security logs. 30 days.

09 · Your rights

If you are in the EEA, UK, or Switzerland, you can ask us to do any of the following:

  • +Get a copy of the personal data we hold about you.
  • +Correct data that is wrong or incomplete.
  • +Delete your data (with the exceptions noted in section 08).
  • +Receive your data in a portable format.
  • +Object to processing based on our legitimate interests.
  • +Withdraw consent at any time, which will not affect the lawfulness of earlier processing.

Email hey@superfact.ai with your request. We may ask for proof of identity so we do not hand data to the wrong person. If you are unhappy with our response you can complain to the Swiss Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch) or your local EU supervisory authority.

10 · Security

Traffic is encrypted in transit with TLS. Account data and publishes live in Supabase Postgres and are protected by row level security, so a producer only ever reads or writes their own rows. Administrative access goes through a service role credential that is never exposed to the browser. Public publishes are served from our renderer with per-row visibility checks; password-protected publishes require a server-side check before the content is returned.

If we ever have a breach that affects your data, we will notify the relevant authority within 72 hours and tell you directly if there is meaningful risk to you.

11 · Search indexability

Published superfacts are public by default at a non-guessable URL, but every published page returns noindex, nofollow headers and meta tags. Search engines should not index your publishes. We do not submit publish URLs to sitemaps, and we explicitly disallow common crawlers in our robots policy for the /s/ renderer path.

12 · Children

Superfact is intended for professional use by knowledge workers and developers. Account holders (producers) must be at least 18. Viewers must be at least 16. We do not knowingly collect data from children, and producers are contractually responsible for making sure anything they publish does not include personal data of people who fall below those ages.

13 · Cookies and similar

We use cookies that are strictly necessary (authentication, CSRF protection) and a small number of first-party analytics cookies via PostHog. We do not run advertising trackers. You can refuse non-essential cookies in your browser without losing access to the service.

14 · Changes

When we make material changes to this policy we update the date at the top and, if the change affects how we process data you already gave us, we email account holders with a summary. Minor edits (typos, clearer wording) happen without notice.

15 · Contact

Questions, data requests, or breach reports: hey@superfact.ai. We reply within one business day.