PRIVACY POLICY
Effective Date: February 24, 2026
Supersonic Limited, Inc. ("COMP," "we," "us," or "our") operates the COMP platform at getcomp.io. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.
1. INFORMATION WE COLLECT
1.1 Information You Provide
Account Information: When your organization registers for COMP, we collect names, email addresses, phone numbers, job titles, and organizational role information for authorized users.
Employee Data: Subscribers may input employee information including names, contact details, employment dates, job positions, and location assignments.
Incident Data: Information related to workplace incidents, including incident reports, investigation notes, corrective actions, and related documentation.
Communications: When you contact us for support or provide feedback, we collect the content of those communications.
1.2 Information Collected Automatically
Usage Data: We collect information about how you interact with the Service, including pages visited, features used, timestamps, and session duration.
Device Information: We collect device type, operating system, browser type, and IP address.
Cookies: We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage patterns.
1.3 Information from SMS Messaging
When you opt in to our SMS messaging program, we collect your mobile phone number. We use this information solely to deliver compliance alerts, incident report notifications, two-factor authentication codes, deadline reminders, and customer support messages.
Your mobile information will not be shared with third parties or affiliates for marketing or promotional purposes.
2. HOW WE USE YOUR INFORMATION
We use the information we collect to:
(a) Provide, maintain, and improve the Service, including AI-powered compliance tools and analytics;
(b) Send transactional communications, including incident report notifications, compliance deadline alerts, and account verification codes via SMS and email;
(c) Provide customer support and respond to inquiries;
(d) Generate aggregated, de-identified analytics and benchmarking data (ERA scores) that do not identify individual employees;
(e) Detect, prevent, and address fraud, security issues, and technical problems;
(f) Comply with legal obligations and enforce our Terms of Service.
3. HOW WE SHARE YOUR INFORMATION
We do not sell your personal information. We may share information in the following limited circumstances:
Service Providers: We share information with third-party vendors who perform services on our behalf, including cloud hosting (e.g., AWS), SMS delivery (e.g., Plivo), and analytics. These providers are contractually obligated to use your information only as directed by us.
Within Your Organization: Subscriber administrators and authorized managers may access employee data and incident reports within their organization as permitted by their role and access level.
Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of COMP, our users, or the public.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
4. SMS MESSAGING PRIVACY
This section applies specifically to our SMS messaging program:
(a) We collect mobile phone numbers solely for the purpose of delivering compliance-related notifications, account security codes, and customer support messages.
(b) Your mobile information will not be shared with third parties or affiliates for their marketing or promotional purposes.
(c) SMS delivery is facilitated by our messaging provider solely for the purpose of transmitting messages on our behalf. Our messaging provider does not use your phone number for any other purpose.
(d) You may opt out at any time by texting STOP. You may text HELP for assistance.
(e) Message frequency varies. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.
5. DATA SECURITY
We implement industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest (AES-256), role-based access controls, audit logging, and regular security assessments. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
6. DATA RETENTION
We retain your information for as long as your organization maintains an active subscription, plus thirty (30) days following termination to allow for data export. Incident records and compliance documentation may be retained for longer periods as required by applicable employment laws and regulations. De-identified, aggregated data may be retained indefinitely for analytics and benchmarking purposes.
7. YOUR RIGHTS
7.1 Connecticut Residents
Under the Connecticut Data Privacy Act (CTDPA), Connecticut residents have the right to: access their personal data; correct inaccuracies; delete their personal data; obtain a copy of their data in a portable format; and opt out of the sale of personal data or targeted advertising. We do not sell personal data or engage in targeted advertising.
7.2 California Residents
Under the California Consumer Privacy Act (CCPA/CPRA), California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information as defined under the CCPA.
7.3 Exercising Your Rights
To exercise any of these rights, contact us at privacy@getcomp.io. We will respond to verifiable requests within forty-five (45) days. Employees whose data is managed by a Subscriber should direct requests to their employer, who controls the data within the Service.
8. CHILDREN'S PRIVACY
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information.
9. THIRD-PARTY LINKS
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access.
10. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.
11. CONTACT US
If you have questions about this Privacy Policy or our data practices, please contact us at: