PRIVACY POLICY
Effective Date: April 8, 2026
Superior Street Group Inc., doing business as Valmetric ("Valmetric," "we," "us," or "our"), respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website at valmetric.com and our pricing management platform (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. INFORMATION WE COLLECT
We collect information in the following ways:
1.1 Information You Provide
Account Information. When you create an account, we collect:
- Name
- Email address
- Company name
- Job title or role
- Password (stored in hashed form)
Billing Information. When you subscribe to a paid plan, our payment processor collects:
- Payment method details (credit card number, expiration date)
- Billing address
Customer Data. When you use the Service, you may upload:
- Pricing data (price books, discount schedules, product catalogs)
- Quote data (deal information, customer names, pricing terms)
- Configuration data (settings, preferences, user permissions)
Communications. When you contact us, we collect:
- Email correspondence
- Support tickets
- Feedback and survey responses
1.2 Information Collected Automatically
Usage Data. We automatically collect information about how you use the Service, including:
- Pages and features accessed
- Actions taken within the platform
- Time and duration of sessions
- Referring URLs
Device and Browser Information. We collect:
- IP address
- Browser type and version
- Operating system
- Device type
- Screen resolution
Cookies and Similar Technologies. We use cookies and similar tracking technologies to:
- Keep you logged in
- Remember your preferences
- Understand how you use the Service
- Improve the Service
See Section 6 (Cookies) for more details and your choices.
1.3 Information from Third Parties
We may receive information about you from:
- Single Sign-On Providers. If you log in using your organization's SSO provider (e.g., Microsoft Entra ID, Okta), we receive your name and email address from that provider.
- Business Partners. If your employer or another organization creates an account for you, they may provide your name and email address.
2. HOW WE USE YOUR INFORMATION
We use your information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Service | Performance of contract |
| Process payments and billing | Performance of contract |
| Send transactional communications (e.g., receipts, password resets) | Performance of contract |
| Provide customer support | Performance of contract / Legitimate interests |
| Send product updates and announcements | Legitimate interests |
| Send marketing communications (with consent or where permitted) | Consent / Legitimate interests |
| Analyze usage to improve the Service | Legitimate interests |
| Detect and prevent fraud, abuse, and security incidents | Legitimate interests / Legal obligation |
| Comply with legal obligations | Legal obligation |
We do not:
- Sell your personal information
- Use Customer Data for advertising
- Share your data with third parties for their marketing purposes
3. HOW WE SHARE YOUR INFORMATION
We share your information only in the following circumstances:
3.1 Service Providers
We share information with third-party vendors who help us operate the Service, including:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, and Edge Functions | Account data, Customer Data, email address |
| Vercel | Hosting and delivery | Usage data, IP addresses |
| Stripe | Payment processing | Billing information |
| Anthropic | AI-powered pricing configuration assistance (product and pricing structure descriptions only; no PII) | Pricing structures and product configurations |
| Railway | API and MCP server hosting | API request metadata, pricing calculation inputs/outputs (no PII) |
| Resend | Transactional email delivery (invitations, notifications) | Recipient email addresses, invitation tokens |
| PostHog | Marketing website analytics only (cookieless, no PII) | Anonymized page views, referral sources |
Our service providers are contractually obligated to protect your information and use it only for the purposes we specify.
3.2 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.
3.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal process (e.g., a subpoena, court order, or government request). We will attempt to notify you before disclosing your information unless prohibited by law or court order.
3.4 Protection of Rights
We may disclose information when we believe it is necessary to:
- Enforce our Terms of Service
- Protect our rights, property, or safety
- Protect the rights, property, or safety of our users or others
- Investigate fraud or security issues
3.5 With Your Consent
We may share your information with third parties when you give us explicit consent to do so.
4. DATA RETENTION
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion |
| Customer Data (products, price books, configurations) | Duration of account + 90 days after termination |
| Finalized quotes | 7 years from creation (business records) |
| Billing records | 7 years (as required for tax/legal compliance) |
| Usage and application logs | Managed by infrastructure providers (Supabase: 7 days; Vercel: 30 days) |
| Support communications | 3 years after resolution |
After the retention period, we delete or anonymize your information. You may request earlier deletion subject to our legal obligations (see Section 7).
5. DATA SECURITY
We implement reasonable technical and organizational measures to protect your information, including:
- Encryption in transit: All data transmitted to and from the Service is encrypted using TLS 1.2 or higher.
- Encryption at rest: Customer Data is encrypted at rest using AES-256.
- Access controls: We use role-based access controls and row-level security to limit access to data.
- Authentication: We support secure authentication including SAML 2.0 single sign-on (SSO) for enterprise customers.
- Infrastructure security: Our hosting providers (Supabase, Vercel) maintain SOC 2 compliance and other security certifications.
- Monitoring: We monitor for security incidents and unauthorized access.
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
For more details about our security practices, contact us at security@valmetric.com.
6. COOKIES AND TRACKING TECHNOLOGIES
6.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential (Supabase Auth) | Session cookies required for authentication and security | Session or persistent |
| Functional | Remember your preferences and settings | Persistent |
Our marketing analytics provider (PostHog) operates in cookieless mode and does not set any tracking cookies. The Service does not use third-party advertising or tracking cookies.
6.2 Your Cookie Choices
- Browser settings: Most browsers allow you to block or delete cookies. Blocking essential cookies may affect your ability to use the Service.
7. YOUR RIGHTS AND CHOICES
Depending on your location, you may have the following rights regarding your personal information:
7.1 All Users
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct inaccurate or incomplete information.
- Deletion: Request that we delete your personal information, subject to certain exceptions.
- Data Portability: Request an export of your data in a portable format.
- Opt-out of Marketing: Unsubscribe from marketing emails by clicking the "unsubscribe" link or contacting us.
7.2 European Economic Area (EEA) Residents
If you are in the EEA, you have additional rights under GDPR:
- Right to Object: Object to processing based on legitimate interests.
- Right to Restrict Processing: Request that we limit how we use your data.
- Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
- Right to Lodge a Complaint: File a complaint with your local data protection authority.
7.3 California Residents
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request information about the categories and specific pieces of personal information we have collected.
- Right to Delete: Request deletion of your personal information.
- Right to Opt-Out: We do not sell personal information, so this right does not apply.
- Non-Discrimination: We will not discriminate against you for exercising your rights.
7.4 How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: privacy@valmetric.com Mail: 2895 S Superior St, Milwaukee, WI 53207
We will respond to your request within 30 days. We may need to verify your identity before processing your request.
8. INTERNATIONAL DATA TRANSFERS
We are based in the United States, and your information is processed and stored in the United States.
If you are located outside the United States, your information will be transferred to the U.S. We rely on the following safeguards for international transfers:
- Standard Contractual Clauses (SCCs): We use EU-approved SCCs with our service providers.
- Data Processing Agreements: We have DPAs in place with vendors who process personal information on our behalf.
Data Processing Agreement for Customers. Upon written request, we will enter into a Data Processing Agreement (DPA) with customers whose use of the Service involves processing of personal data subject to GDPR or similar data protection regulations. Our standard DPA is available at valmetric.com/dpa. To request execution of a DPA, contact privacy@valmetric.com.
9. CHILDREN'S PRIVACY
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information.
If you believe a child has provided us with personal information, please contact us at privacy@valmetric.com.
10. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:
- Posting the updated policy on our website with a new "Effective Date"
- Sending an email to the address associated with your account (for material changes)
Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
We encourage you to review this policy periodically.
11. CONTACT US
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Superior Street Group Inc. d/b/a Valmetric
Email: privacy@valmetric.com Address: 2895 S Superior St, Milwaukee, WI 53207