1. Introduction

We practice privacy and security by design.

Please read our full document below to understand details between where we are a Data Controller and where we are a Data Processor (when we process your data through our systems into Google Sheets, Google Data Studio).

2. Privacy and security as data processor

This section summarizes our commitments to you where we are a Data Processor (when we process your data through our systems into Google Sheets, Google Data Studio)

  • When it comes to being a data processor, the data is never stored permanently on our systems. In the majority of cases, we process your data in real time. To improve performance, we may cache your query results on our servers as needed for the success of your query. Please note that any time we cache query results we strongly encrypt the data. Any caches are deleted once they are unnecessary or when you cease use of our systems.
  • Our staff is trained regularly on handling data and our systems are monitored constantly. Our staff have access as needed. For any data we process, your data is extremely restricted and we will only access it at your written request or in the case where we need to debug and solve problems. In each case all such access is audited.
  • We do not share the data you process with us with any party.
  • In some cases you may be given the option and/or have chosen the option to have your data processed in specific region(s) or in specific data center(s). In such cases we will give you the guarantee such processing will happen in the specified manner and any changes will be communicated to you.
  • Supermetrics tools only use official APIs (application programming interfaces) for accessing data.
  • For logging into most of the data sources, our tools use OAuth. This is a secure authentication method, which means that you never have to type your password into our tools, as the authentication happens on a webpage hosted by the data source (eg. Google, Facebook or Microsoft).
  • Most other services we connect to also work with OAuth, and provide their own interface for revoking access rights.
  • There are a few services that still require you to type your username and password, or API key, into our tools. Any tokens, keys or passwords are stored encrypted in our systems.
  • Our data processing and storage happens in monitored and highly scalable, best-in-class data centers managed by Facebook, Microsoft and Google.
  • Our security is audited annually by an external third party.

3. Privacy and security as data controller

This section relates to the personal data processed by us as a data controller for concluding the agreement with our customers and for other purposes as set out in more detail below.

We may also process personal data that is sent to our systems by our customers when providing our processing services to our customer (please see section 2. above). Such processing of personal data is governed by a data processing agreement entered into between us as the data processor and our customer as the data controller. We process such data only on the instructions of our customer. If you have any questions relating to such data processing, please contact directly the relevant data controller. The sections 3.1 – 3.11  that follow refer only to personal data provided to us by Supermetrics license holders (our customers) and/or visitors to our marketing web sites.

3.1 Controller of the processing of your personal data

Novaon Oy

Duy Tan, Cau Giay, Ha Noi

Tel: +84386836566

Email: [email protected]

Contact person in case of matters relating to the processing of personal data: ThaoNV, CTO, [email protected]

3.2 Data processed and sources of personal data

When you sign up for our services, we may collect and process the following personal data about you: Your name; Address details; E-mail address.

We collect the above mentioned personal data directly from you when you sign up for the service. If you do not provide us with your above personal details, we may not be able to enter into an agreement with you. In addition we may collect technical data such as IP address, operating system, web browser this data may be combined with your personal data so that we may create optimized and efficient workflows and provide further analysis to improve sales and delivery of our products.

3.3 Purposes of processing

We may process personal data for the following purposes:

  • Concluding the agreement with you or the legal entity you represent;
  • Maintaining a contractual relationship with you or the legal entity you represent, including:
    • invoicing;
    • providing you with support for the services under the agreement;
    • troubleshooting
  • Sending you or the legal entity you represent necessary updates regarding:
  • the services under the agreement;
  • changes in our Terms and Conditions or this Privacy Policy.

Statistical and analytical purposes.

  • We use the personal data to generate reports and statistics regarding the use of our services.
  • Where possible, we use anonymized data or non-personal data in these activities