Skip to main content

Search

Data & Security Policy

Updated: Nick Edited:

Overview

At Supermove, safeguarding customer data is a core commitment. We employ robust organizational and technical measures to prevent unauthorized access, use, alteration, or disclosure of customer data.

This policy is divided into three parts:

Part 1: Supermove Security 

This Supermove Security Policy describes the organizational and technical measures Supermove implements platform-wide, designed to prevent unauthorized access, use, alteration, or disclosure of customer data. The Supermove services operate on Amazon Web Services (AWS). This policy describes the activities of Supermove within its instance of AWS unless otherwise specified.

Infrastructure

  • All Supermove services run in the cloud on Amazon Web Services (AWS)

  • We do not operate our own physical servers, routers, or load balancers

  • All servers are hosted in AWS facilities and protected by AWS security measures, as outlined in AWS Security

  • Our servers reside in a dedicated virtual private cloud (VPC) with network access controls that block unauthorized requests from reaching our internal systems

Data Security

  • All data transmitted to and from Supermove is encrypted in transit using 256-bit encryption

  • Data at rest is protected using the AES-256 industry-standard encryption algorithm

  • To minimize risk, we strongly advise against collecting customer credit card information on documents. Instead, use Supermove Payments (outlined in Part 2)

Two-Way Email

Supermove offers Two-Way Email, allowing you to send messages to customers directly from Supermove and automatically sync their replies back into the system. This ensures that all communications remain in one place, improving visibility and support efficiency.

To enable this functionality, email providers (such as Google and Microsoft) require granting what they term “full inbox access.” While the label may sound broad, here’s what it means in practice:

Why it’s required:

Without this access, Supermove could only send emails on your behalf. Full access is necessary to also retrieve replies, enabling true two-way communication

How it’s used:

  • Only emails tied to conversations started in Supermove are processed

  • We do not view or store unrelated emails

  • All data is encrypted and managed according to strict compliance standards

Industry standard: This is the same secure approach used by CRMs, support platforms, and calendar integrations across the industry

Part 2: Supermove Payments

PCI Compliance for Supermove Users

Any entity that processes, transmits, or stores card data must comply with Payment Card Industry Data Security Standards (PCI DSS).

  • Our payment processor is a PCI Level 1 Service Provider, the highest certification available, validated by an independent PCI Qualified Security Assessor (QSA)
  • Card data never passes through Supermove servers
  • Our payment processor securely collects and transmits card information via hosted forms or iframes

By using these integrations, Supermove customers typically qualify for the simplest PCI validation method: SAQ A. Supermove can assist in generating this documentation if needed.

Note: If your business exceeds certain transaction thresholds (e.g., more than 6M Visa/MasterCard or 2.5M AmEx annually), you may be required to complete a Report on Compliance (RoC) instead of SAQ validation.

Part 3: Use of Artificial Intelligence (AI)

We may use artificial intelligence (AI) and machine learning technologies, including third-party AI tools (“AI Technologies”), in our business operations and in providing our Services. We only use AI Technologies where legally permitted and necessary to deliver, maintain, or improve our Services.

AI Technologies may be used to analyze and process data, generate or enhance content, improve and optimize our Services, automate certain processes or communications, personalize user experiences, support quality assurance, and assist with customer service. This may include processing call transcripts and recordings through AI-powered tools to deliver our core Services.

Where we rely on third-party providers of AI Technologies, we take reasonable steps to ensure they handle Personal Information in accordance with applicable privacy laws, including through contractual obligations requiring appropriate protection. Information generated or inferred by AI Technologies about individuals is treated as Personal Information, and you retain all rights described in our Privacy Policy.

We maintain technical and organizational measures to ensure our use of AI Technologies preserves the security and integrity of Personal Information. This includes human oversight, testing for accuracy, and review of significant AI-generated outputs. We also regularly assess and mitigate risks associated with AI Technologies, including monitoring their performance, accuracy, and impact over time.

Learn More: For more details, please see our full Legal Terms or reach out to Supermove Product Experts at help@supermove.com

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.