Last Updated: November 6, 2020
1. What information do we collect? A. SUMMARY SuperWorld collects data to enable us to operate the App effectively, and to provide you with the best experience on our website and our App. You provide some of this data to us directly, such as when you register to use our App, subscribe to a newsletter, respond to a survey, make an inquiry through our website, contact us for support, or contact us as a prospective user, vendor, supplier, or consultant. We receive some of your data by recording how you interact with our website and our App by, for example, using technologies like cookies. We also obtain and process data in the context of making the App available to you. B. LEARN MORE You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary to enable us to make the App available to you, you may not be able to sign up for or play the App. The data we collect depends on the context of your interactions with SuperWorld, and the choices you make (including your privacy settings). The data we collect can include, but is not limited to your email address and your Metamask wallet address. Device and Usage information. We may collect data about your device and how you and your device interact with SuperWorld and our App. For example, we may collect your interactions on our website, your feature usage patterns, location data, and your interactions with us. We may also collect data about your device and the network you use to connect to our App; this may include data such as your IP address, browser type, operating system, and referring URLs.
3. How do we protect your information? We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. We offer the use of a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.
4. How do we ensure that our processing systems remain confidential, resilient, and available? A. SUMMARY We implement a variety of measures to ensure that our processing systems remain confidential, resilient, and available. Specifically, we have implemented processes to help ensure high availability, business continuity, and prompt disaster recovery. We commit to maintaining strong physical and logical access controls, and conduct regular penetration testing to identify and address potential vulnerabilities. B. LEARN MORE High Availability. Every part of the App utilizes properly-provisioned, redundant servers (e.g., multiple load balancers, web servers, replica databases) in case of failure. We take servers out of operation as part of regular maintenance, without impacting availability. Business Continuity. We keep encrypted backups of data daily in multiple regions on AWS. While never expected, in the case of production data loss (i.e., primary data stores loss), we will restore organizational data from these backups. Disaster Recovery. In the event of a region-wide outage, we will bring up a duplicate environment in a different AWS region. Our operations team has extensive experience performing full region migrations. Physical Access Controls. SuperWorld is hosted on Amazon Web Services. Amazon data centers feature a layered security model, including extensive safeguards such as custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics According to the AWS Security Whitepaper: “AWS’s data centers are state of the art, utilizing innovative architectural and engineering approaches. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.” SuperWorld employees do not have physical access to AWS data centers, servers, network equipment, or storage. Logical Access Controls. SuperWorld is the assigned administrator of its infrastructure on AWS, and only designated authorized SuperWorld operations team members have access to configure the infrastructure on an as-needed basis behind a two-factor authenticated virtual private network. Specific private keys are required for individual servers, and keys are stored in a secure and encrypted location. Penetration Testing. We engage an independent, third-party agency to perform black box penetration testing on an annual basis. Information about security vulnerabilities that are successfully exploited through penetration testing is then used to set mitigation and remediation priorities. Intrusion Detection and Prevention. Unusual network patterns or suspicious behavior are among SuperWorld’s biggest concerns for infrastructure hosting and management. AWS’s intrusion detection and prevention systems (IDS/IPS) rely on both signature-based and algorithm-based security to help identify traffic patterns that are similar to known attack methods. IDS/IPS involves tightly controlling the size and make-up of the attack surface, employing intelligent detection controls at data entry points, and developing and deploying technologies that automatically remedy dangerous situations, as well as preventing known threats from accessing the system in the first place. We do not provide direct access to security event forensics, but we do provide access to our engineering and customer support teams during and after any unscheduled downtime.
6. Do we disclose any information to outside parties? A. SUMMARY We share your personal data with your consent, or as necessary to make the App available to you. We also share your data with vendors working on our behalf; when required by law or to respond to legal processes; to protect our customers; to protect lives; to maintain the security and integrity of our App; and to protect our rights or our property. B. LEARN MORE We share your personal data with your consent, or as necessary to make the App available to you. We also share personal data with vendors or agents working on our behalf for the purposes described in this Policy. For example, companies we have hired to provide cloud hosting services, off-site backups, and customer support may need access to personal data to provide those functions. In such cases, these companies are required to abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. If you have questions or concerns about any of our vendors, feel free to contact us at email@example.com.
7. How to Access and Control Your Personal Data A. SUMMARY You can view, access, edit, delete, or request a copy of your personal data for many aspects of the App via your user dashboard. You can also make choices about SuperWorld’s collection and use of your data. You can always choose whether you want to receive marketing communications from us. You can also opt out from receiving marketing communications from us by using the opt-out link on the communication, or by visiting your user dashboard. B. LEARN MORE Data Access. You can access your personal data on your account’s user dashboard. Data Portability. You can request a copy of your personal data by submitting an email to us at firstname.lastname@example.org and including “Please send me a copy of my personal data” in the “Subject” line. SuperWorld will verify your ability to access that email, then send you a digital export of the data we hold that is associated with your email address. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. SuperWorld may be limited in its ability to send certain personal data to you (e.g., the identification of your Metamask wallet). Data Erasure. You can delete your personal data on your account’s user dashboard. Please be aware that we require certain information about you in order to make the App available to you; this means that if you want to delete any of these critical pieces of personal data, you may be required to delete your entire profile and no longer be able to access or play the App. Alternatively, you may request that SuperWorld delete your personal data by submitting an email to us at email@example.com and including “Please delete my personal data” in the “Subject” line. SuperWorld will verify your ability to access that email, then delete the personal data associated with your email address. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. Data Correction. You can modify your personal data on your account’s user dashboard. Note that since some of the data we collect is specific to you – for example, your Metamask wallet address – you may not be able to modify this data without needing to create a new user profile. Your Communications Preferences. You can choose whether you wish to receive marketing communications from us. If you receive marketing communications from us and would like to opt out, you can do so by following the directions in that communication. You can also make choices about your receipt of marketing communications by signing into your account, and viewing and managing your communication permissions in your account’s user dashboard, where you can update contact information, manage your contact preferences, opt out of email subscriptions, and choose whether to share your contact information with SuperWorld and our partners. Alternatively, you can request that we withdraw consent to use your personal data by submitting an email to us at firstname.lastname@example.org and including “Please withdraw my consent for marketing communications” in the “Subject” line. SuperWorld will verify your ability to access that email, then update our systems to remove your email address from the system we use to send marketing communications. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. Please note that these choices do not apply to mandatory communications that are part of the App, or to surveys or other informational communications that have their own unsubscribe method.
8. Third Party Links Occasionally, at our discretion, we may include or offer third party products or services on our website or through our App. If you access other websites using the links provided, the operators of these websites may collect information from you that will be used by them in accordance with their privacy policies. These third party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
9. Where we Store and Process Personal Data; International Transfers Personal data collected by SuperWorld may be stored and processed in the United States or in any other country where SuperWorld or its affiliates, subsidiaries or service providers maintain facilities. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect is processed according to the provisions of this Policy, and the requirements of applicable law wherever the data is located. We transfer personal data from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we engage in such transfers, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in the countries where SuperWorld processes personal data, please visit: ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
10. Data Retention A. SUMMARY We may retain your personal information as long as you continue to use the App, have an account with us, or for as long as is necessary to fulfill the purposes outlined in this Policy. You can ask to close your account by contacting us as described above, and we will delete your personal information on request. We may, however, retain personal information for an additional period as is permitted or required under applicable laws, for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes. B. LEARN MORE We will retain your personal data for as long as necessary to make the App available to you, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different types of data, actual retention periods can vary significantly. The criteria we use to determine the retention periods include: How long is the personal data needed to make the App available to you and/or operate our business? This includes such things such as maintaining and improving the performance of the App, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most data retention periods. Is there an automated control, such as in your user dashboard, that enables you to access and delete the personal data at any time? If there is not, a shortened data retention time will generally be adopted. Is the personal data of a sensitive type? If so, a shortened retention time would generally be appropriate. Has the user provided consent for a longer retention period? If so, we will retain the data in accordance with your consent. Is SuperWorld subject to a legal, contractual, or similar obligation to retain the data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.
12. How to Contact Us If you have a technical or support question, please send us an email at support@SuperWorldapp.com.
If you have a privacy concern, complaint, or a question for the Data Protection Officer of SuperWorld, please contact us by sending us an email at support@SuperWorldapp.com. We will respond to questions or concerns within 30 days.
Unless otherwise stated, SuperWorld is a data controller for personal data we collect through the App subject to this statement.