Security & trust
Superlemon is operated by Quick Brown Fox OPC Private Limited. This page summarizes how we think about security and trust during the public beta. For binding terms, use the legal documents linked in the next section.
Policies and legal documents
Product and data boundaries
Intelligence stores the context your team deliberately adds—knowledge sources, brand rules, audiences, and research artifacts—so Content studio outputs stay traceable. We do not sell customer workspace content to third parties for advertising model training; see the Privacy policy for the precise legal wording and any permitted subprocessors for infrastructure and AI providers.
Operational practices (beta)
- Encrypted connections for the marketing site and web application.
- Access to production systems restricted to operators who need it for reliability and support.
- Vendor review before onboarding new subprocessors that touch customer data.
Questions about procurement, DPIAs, or custom terms: Contact or email [email protected].
Security & trust — common questions
What kinds of data does Superlemon process?
Superlemon processes workspace content you choose to upload or generate: knowledge-base files and URLs, brand and audience inputs, research outputs, drafts, and deliverables. Optional integrations only receive data required for the connection you authorize (for example OAuth-scoped Google or channel APIs).
Where can I read the full privacy and legal terms?
Start with the Privacy policy, Cookie policy, and Data protection pages linked below—they describe retention, lawful bases where applicable, subprocessors, and your rights. This security page is a plain-language overview, not a substitute for those documents.
Is Superlemon SOC 2 Type II certified today?
We are in public beta and building toward formal attestations buyers expect at scale. Controls follow least-privilege engineering practice, encrypted transport for the web app, and documented vendor review for subprocessors. Ask [email protected] for the latest security posture letter if you are procuring.
How do I report a security vulnerability?
Email [email protected] with the subject line “Security disclosure”, include reproduction steps and impact, and allow reasonable time before public disclosure. We appreciate responsible research.
Does the free beta change how long you keep my data?
Retention and deletion are governed by the published Privacy policy and product settings available in your workspace. Beta accounts may receive product notices when retention windows change—always refer to the policy pages for authoritative language.