Data Collection Policy

Data Collection, Gathering and Use Policy

These Additional Terms & Conditions (“Additional Terms”) supplement and form part of Supahuman’s Terms & Conditions and any master services agreement, order, or SOW that references them (together, the “Agreement”). If there is any inconsistency, these Additional Terms govern for matters relating to data collection, crawling, and gathering.

1) Our Position & How We Operate

  1. Enterprise & licensed sources first. We primarily leverage enterprise-grade technologies and licensed data partners to collect, normalise, and surface information for Customer-directed use cases.
  2. Legally obtainable public sources. We may also collect information that is legally obtainable from the public internet and other public sources, where permitted by law and applicable terms.
  3. No circumvention. We do not intentionally bypass authentication, paywalls, CAPTCHAs, technical protection measures, robots directives, geo-blocks, or contractual prohibitions to obtain data.
  4. Respect for platform/content rights. We access and use data only in ways consistent with licences, website terms, and intellectual property rights.
  5. Privacy-aware by design. Public information can still include personal information. We build controls to support lawful, fair, and transparent collection and use.

2) What You (the Customer) Are Responsible For

  1. Legality of your use. You are solely responsible for the legality of your instructions and your downstream use of any data or outputs (including decisions you make using that data).
  2. Your rights & consents. You warrant you have all rights, permissions, and consents needed for any sources you direct us to access or ingest, and that your instructions do not require us to violate platform terms or law.
  3. Compliance (AU & NZ). You are responsible for complying with applicable privacy, spam, consumer, intellectual-property, and computer-misuse laws in New Zealand and Australia, including any notification, consent, security, cross-border transfer, and record-keeping requirements.
  4. Model training inputs. You must not instruct us to train models on personal, sensitive, or biometric data unless the Agreement explicitly allows it and all legal prerequisites (lawful basis/consent, minimisation, de-identification) are satisfied.

3) Prohibited Sources & Methods (We Won’t Do These and You Must Not Ask Us To)

  • Access data behind logins, paywalls, or other access controls without express authorisation from the data owner/operator.
  • Defeat or bypass CAPTCHAs, rate limits, geo-blocks, or other technical protection measures.
  • Scrape or reuse content where website terms prohibit automated access or re-use.
  • Harvest email addresses or phone numbers to build contact lists for unsolicited marketing.
  • Build or contribute to biometric identification databases (e.g., facial recognition) without a compliant legal framework and explicit approval under the Agreement.
  • Infringe copyrights, database rights, or other IP rights, including mass copying beyond licence scope.

4) Permitted Sources & Methods (With Guardrails)

  • Licensed data partners and official/open data portals, observing licence scope, attribution, and rate limits.
  • Public web pages where automated access is permitted by the site’s terms (or via an official API).
  • Customer-owned systems accessed via enterprise connectors where you have authority to grant access.
  • Collection conducted with respectful load profiles, user-agent identification, throttling, caching, provenance logging, and prompt takedown if a legitimate objection is received.

5) What the Data and Outputs May / May Not Be Used For

Generally Allowed (subject to law and licences):

  • Discovery, search, analytics, dashboards, decision-support, research, monitoring, and trend analysis aligned to your specified use case(s).
  • Aggregated or de-identified reporting.
  • Internal knowledge retrieval (e.g., RAG) using Customer-provided or lawfully obtained content.

Not Allowed:

  • Profiling of children or other sensitive groups without a valid legal basis and safeguards.
  • Automated adverse decisions about individuals without required notices, lawful basis, and human review (where mandated).
  • Re-identifying de-identified data, or reselling scraped datasets in breach of licences/terms.

6) Marketing Use of Gathered Information

These rules tell you exactly how you may (and may not) use information gathered via Supahuman-enabled sources for marketing. They apply across email, SMS, instant messaging, phone, and social DMs. This is provided as guidance only and it is advised to do you own research to validate your own circumstance and position.

6.1 The short version

  • Only contact people for marketing if you have permission (consent) and you follow identification and unsubscribe rules.
  • Never use scraped or purchased “harvested” contact lists for marketing.
  • For phone calls in Australia, do not call numbers on the Do Not Call Register unless you have that person’s consent or a lawful exemption applies.

6.2 What you may do

  • Transactional/service messages (e.g., order updates, password resets) — keep strictly informational.
  • Marketing with consent:
    • Express consent (they clearly opted-in; keep records — double opt-in recommended).
    • Inferred consent (existing relationship where marketing is reasonably expected and directly related). Use cautiously.
    • NZ deemed consent (address publicly published in a business context, message relevant to their role, no “don’t contact me” notice).
  • Every marketing message must:
    • Identify you (business name + working contact details).
    • Include a simple, free unsubscribe that works for at least 30 days and is acted on within 5 working days.
  • SMS/IM/social DMs: treat as marketing messages — same consent/identify/unsubscribe rules apply.
  • Telemarketing (AU): only call numbers not on the Do Not Call Register, unless you have express consent or a lawful exemption; keep opt-out logs.

6.3 What you must not do

  • Send marketing to people who haven’t consented (no “cold blasting”).
  • Buy, sell, or use lists built with address-harvesting software, or build them yourself.
  • Hide who you are, use misleading subject lines, or omit an unsubscribe.
  • Call Australian numbers on the Do Not Call Register without consent or a lawful exemption.
  • Treat a one-off purchase as permission to start marketing — that alone is not consent.

6.4 Your ongoing obligations (you agree to do all of the following)

  • Keep consent records (who, when, how) and be able to prove them.
  • Screen and clean: remove unsubscribed/opt-out contacts promptly; maintain suppression lists.
  • Respect channel rules: apply the same standards across email, SMS, IM, social DMs, and phone.
  • Train your staff and vendors: ensure anyone sending on your behalf follows these rules.
  • Respond to complaints: investigate and stop any non-compliant activity immediately.

If you can’t meet these requirements, you must not use gathered information for marketing. You are responsible for getting your own legal advice where needed.

7) Model Training & Inference

  • Default: We do not train foundation or Customer-specific models on personal information unless you instruct us in writing and all legal/contractual prerequisites are satisfied.
  • Prohibited inputs: harvested contact lists; data obtained through circumvention; biometric identifiers without a compliant framework and explicit Agreement terms.
  • Provenance: We maintain reasonable logs of sources, timestamps, and methods to support audit and takedown.

8) Third-Party Terms; Suspension

You must comply with all third-party licences, API terms, website terms, and data-partner restrictions tied to any source. We may suspend or disable any connector, crawler, or job that appears to breach these Additional Terms, applicable law, or third-party terms.

9) Intellectual Property & Ownership

We retain all rights in our software, models, connectors, tooling, and documentation. You retain rights in your data. No rights in third-party content are granted beyond those expressly permitted by licences and law. You must not remove notices, attributions, or provenance markers we provide.

10) Disclaimers

  • No legal advice. Information or outputs we provide are not legal advice.
  • No warranty on third-party content. Data from third parties or public sources may be incomplete, out of date, or withdrawn. We provide such data “as is” and may remove it if a provider changes terms or a rightsholder objects.

11) Allocation of Risk & Liability

  1. Customer indemnity. You indemnify, defend and hold harmless Supahuman and our affiliates, officers, and personnel from all claims, fines, losses, and expenses arising from (a) your data inputs or instructions, (b) your use of data or outputs (including marketing uses), or (c) your breach of these Additional Terms, applicable law, or third-party terms—except to the extent caused by our intentional misconduct.
  2. Limitation of liability. To the maximum extent permitted by law, our aggregate liability for all claims under these Additional Terms is limited to fees paid by you to us for the relevant services in the twelve (12) months preceding the event giving rise to liability. Nothing excludes liability that cannot be excluded under applicable law.
  3. Consumer/Trade law notes (where applicable):
    • Australia: Non-excludable rights under the Australian Consumer Law remain unaffected.
    • New Zealand: Where both parties are “in trade,” the parties contract out of the Fair Trading Act to the extent permitted by law and agree this is fair and reasonable.

12) Termination & Enforcement

We may pause or terminate any activity we reasonably consider (a) unlawful, (b) contrary to third-party terms, or (c) a material risk to security, privacy, platform integrity, or our business. We may require you to provide evidence of rights/consents for sources you direct us to access.

13) Changes

We may update these Additional Terms from time to time. Material changes will be posted on this page with a new “Last updated” date. Continued use of our site or services after changes constitutes acceptance.

14) Governing Law & Venue

Unless otherwise agreed in a signed contract: (a) if your principal place of business is in New Zealand, these Additional Terms are governed by New Zealand law and the courts of Auckland, NZ; (b) if in Australia, New South Wales law and the courts of NSW, AU; otherwise, by the laws and courts we specify in our Website Terms of Use.