Privacy Policy

This Privacy Policy explains how SuperAuditor, Inc. ("we", "us", "our") collects, uses, and protects information when you use our platform and Chrome Extension (collectively, the "Service").

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and company name. We use Supabase Auth for authentication -- we never store passwords directly.

Billing Data from GoHighLevel

When you run the Chrome Extension, it pulls billing transaction data from your GoHighLevel account using your existing authenticated session. This includes:

• Agency wallet transactions (charges, recharges, fees)
• Sub-account usage summaries (Voice AI, Email, SMS, Phone, Workflow)
• SaaS subscription details (plan names, prices, statuses)
• Location names and identifiers
• Wallet balances and complimentary credits

We do not collect GHL login credentials, OAuth tokens, or personal data of your sub-account end users (patients, customers, etc.).

Usage Data

We collect basic analytics about how you use the Service: pages visited, features used, and error logs. This helps us improve the product. We do not use third-party tracking pixels or advertising SDKs.

2. How We Use Your Data

• Provide the Service -- Calculate P&L, generate insights, detect anomalies, and display your billing intelligence dashboard.
• Improve the product -- Aggregate usage patterns to identify bugs and feature opportunities. We never analyze your billing data for our own business intelligence.
• Communicate with you -- Send account-related emails (password resets, billing receipts). We do not send marketing emails without your consent.
• Enforce terms -- Detect abuse, prevent fraud, and enforce our Terms of Service.

3. Data Storage & Security

Your data is stored on Supabase (hosted on AWS) with:

• TLS 1.2+ encryption in transit
• AES-256 encryption at rest
• Row-Level Security (RLS) -- your data is architecturally isolated from other users
• API keys are stored as SHA-256 hashes -- we cannot see your raw keys

See our Security page for detailed technical information.

4. Chrome Extension Privacy

The SuperAuditor Chrome Extension:

• Does not track your browsing activity outside of GoHighLevel
• Does not collect or store your GHL password
• Does not inject ads, trackers, or third-party scripts
• Does not access data from other tabs or websites
• Only activates when you explicitly click "Run Audit" on a GHL billing page
• Only sends data to your SuperAuditor account via your API key

The extension reads authentication tokens from your active GHL session to make API calls on your behalf. These tokens are used in-memory during the audit and are not persisted or transmitted outside of GHL's own APIs.

5. Data Sharing

We do not sell, rent, or share your data with third parties. Period.

The only exceptions:

• Infrastructure providers -- Supabase (database), Vercel (hosting), Resend (transactional email). These providers process data on our behalf under strict data processing agreements.
• Legal requirements -- If required by law, subpoena, or court order.

6. Data Retention

• Active accounts: Your data is retained as long as your account is active.
• Deleted accounts: Data is permanently deleted within 30 days of account deletion.
• Canceled subscriptions: Your data is retained for 90 days after cancellation in case you resubscribe. After 90 days, it is permanently deleted.

7. Your Rights

You have the right to:

• Access your data -- everything is visible in your dashboard
• Export your data -- available via the Debug JSON download in the Chrome Extension
• Delete your data -- use Settings → Billing & Data → Delete All Data, or email us
• Close your account -- available in Settings at any time

For GDPR, CCPA, or other data rights requests, contact our support team.

8. Cookies

SuperAuditor uses minimal cookies:

• Authentication cookie -- maintains your login session (essential, cannot be disabled)
• Sidebar state -- remembers whether the navigation sidebar is collapsed (functional, no tracking)

We do not use advertising cookies, third-party tracking cookies, or analytics cookies that identify individual users.

9. Children's Privacy

SuperAuditor is not intended for use by anyone under 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect.

11. Contact

Questions about privacy? Contact our support team