Supsindex Privacy Policy

Effective Date: October 28, 2024

1. Introduction

Welcome to Supsindex, a platform operated by Startups Index S.L (“Supsindex,” “we,” “us,” or “our“). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, our AI-driven assessment services, our community platform (SupsHub), and any related services (collectively, the “Services“).

Our mission is to build the premier global index for assessing the “soft power” of entrepreneurs. This requires handling sensitive personal data with the utmost care, transparency, and security. This policy is designed to be compliant with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person. This includes but is not limited to name, email address, and identification numbers.
• Sensitive Personal Data: A special category of Personal Data under GDPR, which for Supsindex includes psychometric and behavioral data derived from your assessment responses, as well as biometric data (video and audio) collected during proctored tests.
• Data Controller: The entity that determines the purposes and means of processing Personal Data. For the purpose of this policy, Supsindex (Admito Technologies Private Limited, registered in Spain) is the Data Controller.
• Data Processor: Any entity that processes Personal Data on behalf of the Data Controller (e.g., our cloud hosting provider).
• Test Taker: An individual founder or member of a startup team who takes a Supsindex assessment.
• Functional Partner: An organization or individual (e.g., VC, accelerator, incubator, mentor, government agency) that uses Supsindex reports to evaluate Test Takers.
• Operational Partner: An individual or group integral to our platform’s operations, including Faculty Members, Ambassadors, and Judges.
• Leadership Flight Simulator: Our proprietary, high-fidelity simulation technology used in the Founder Decision Effectiveness (FDE) assessment.
• Supex Token: The native utility token of the Supsindex ecosystem, used for rewards and transactions on the platform.
• Usage Data: Data collected automatically, such as your IP address, browser type, and pages visited.

3. Data We Collect

We collect different types of information depending on your role and interaction with our Services.

1. For Test Takers (Founders and Startup Teams):

• Identity & Contact Data: First and last name, email address, phone number, country of residence.
• KYC (Know Your Customer) Data: To ensure the integrity of our assessments and the validity of our certificates, we require all Test Takers to complete an identity verification process. This involves collecting a government-issued identification document (e.g., passport, national ID card). This data is used exclusively for identity verification and is handled with the highest level of security and encryption.
• Profile Data: Startup name, industry, startup lifecycle stage, and other information you provide in your profile.
• Assessment Data (Sensitive Personal Data): Your responses to our assessments (FPA, GEB, EEA, FEE, FDE), including answers to questionnaires and behavioral data from the Leadership Flight Simulator.
• Proctoring Data (Sensitive Personal Data): Video and audio recordings of your test-taking session to ensure test integrity and prevent fraud.
• Financial Data: Payment information for purchasing our services, processed securely by our third-party payment processors. We do not store your credit card details.
• Community Data: Your posts, comments, and interactions within the SupsHub community.

1. For Functional and Operational Partners:

• Identity & Contact Data: Name, email, professional title, organization name, and contact details of the representative.
• Professional Data: Information about your organization, your role, and your areas of expertise (for Faculty Members).
• Financial Data: Bank account information for receiving commissions (for Individual Partners and Ambassadors).

1. Automatically Collected Data (for all users):

• Usage Data: We collect information about how you access and use the Services, including your IP address, browser type, device identifiers, pages viewed, and time spent on the platform.
• Tracking & Cookies Data: We use cookies and similar technologies to operate and analyze our Service, remember your preferences, and ensure security. You can control the use of cookies at the individual browser level. Please see our Cookie Policy for more details.

4. How We Use Your Data & The Legal Basis for Processing (GDPR)

We process your Personal Data only when we have a valid legal basis to do so.

Purpose of Processing	Types of Data Used	Legal Basis (GDPR)
To Provide Our Core Services (Administering tests, generating verified reports and certificates)	Identity, Contact, Profile, Assessment, Proctoring, Financial	Performance of a Contract with you.
To Verify Test Taker Identity (Ensuring the integrity and validity of assessments and certificates)	KYC Data (Government ID)	Performance of a Contract (as providing a verified certificate is a core part of the service) and our Legitimate Interest in preventing fraud and maintaining the credibility of our platform.
To Operate Our Community & Web3 Ecosystem (SupsHub, Leaderboard, Supex token rewards)	Identity, Community, Assessment Results, Wallet Address	Performance of a Contract (our Terms of Service) and your Consent to participate.
To Improve Our Services & Algorithms (Internal research and development)	Anonymized and Aggregated Assessment and Usage Data	Legitimate Interest to enhance our platform’s accuracy and user experience.
To Ensure Security and Prevent Fraud (Proctoring, cheat detection)	Identity, Proctoring, Usage Data	Legitimate Interest to protect the integrity of our assessments and the security of our platform.
To Manage Partner Relationships (Paying commissions, providing dashboards)	Identity, Contact, Financial, Professional	Performance of a Contract with our partners.
To Send Marketing & Promotional Communications (Newsletters, special offers)	Identity, Contact	Your explicit Consent. You can withdraw this consent at any time.
To Comply with Legal Obligations (Responding to legal requests, tax laws)	Relevant Personal Data as required	Legal Obligation.

5. How We Share and Disclose Your Data

Your privacy is paramount. We are not in the business of selling your Personal Data. We share it only in the following, limited circumstances:

• With Functional Partners (VCs, Incubators, etc.): If you take an assessment using an Affiliation Code provided by a partner, we will share your corresponding test report and certificate with that specific partner. This is a core function of the platform, enabling you to share your verified credentials with decision-makers.
• With the Public (Leaderboard & SupsHub): If you qualify for and choose to participate in our Leaderboard, your name and rank may be publicly visible. Your activity within the SupsHub community may also be visible to other members. Your participation in these features is governed by our Terms of Service.
• With Service Providers (Data Processors): We use trusted third-party companies to perform certain functions, such as cloud hosting (e.g., AWS, Google Cloud), payment processing, and analytics. These providers only have access to the data necessary to perform their tasks and are contractually obligated to protect it and use it only for the purposes we dictate.
• For Academic Research: We may share anonymized and aggregated data with our Faculty Members and academic partners for research purposes aimed at advancing the science of entrepreneurship. This data does not personally identify you.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred as part of the transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
• Legal Requirements: We may disclose your data if required by law or in response to valid requests by public authorities (e.g., a court order or government agency).

6. Web3, Blockchain, and the Supex Token

Our platform incorporates Web3 technologies to foster a transparent and community-driven economy.

• Public Data: When you receive or transact with Supex tokens, your public wallet address and transaction details are recorded on the Polygon blockchain. This information is public, permanent, and cannot be erased.
• No Control: Supsindex does not own or control the Polygon network. We are not responsible for any issues, losses, or forks of the blockchain.

7. Data Security

We implement robust technical and organizational security measures to protect your Personal Data from loss, misuse, and unauthorized access. These measures include data encryption, access controls, and regular security audits. Our platform is designed in accordance with GDPR guidelines and best practices for psychometric data handling.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

8. International Data Transfers

Supsindex is a global company registered in Spain. Your data may be transferred to, and maintained on, computers located outside of your state, province, or country where data protection laws may differ. Specifically, if you are in the European Economic Area (EEA), your data may be transferred to our data processors in other countries.

We ensure such transfers are lawful by using appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs), to ensure your data receives a level of protection equivalent to that provided within the EEA.

9. Data Retention

We retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.

• Active User Data: Retained for the duration of your active account to provide you with our Services.
• KYC Data: We retain the copy of your identification document only for the duration required to complete the verification process. Once your identity is successfully verified, the document image is permanently deleted from our active systems. We retain only a secure, encrypted record confirming that your identity has been successfully verified.
• Partner-Referred Data: Personal Data from assessments may be anonymized 120 days following the end of our agreement with the referring Functional Partner, unless they request earlier anonymization.
• Legal & Regulatory: We may retain certain data for longer periods if required by law (e.g., financial records for tax purposes).

10. Your Data Protection Rights (GDPR)

If you are a resident of the EEA, you have the following rights regarding your Personal Data:

• The Right to Access: You can request copies of your Personal Data.
• The Right to Rectification: You can request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The Right to Erasure (Right to be Forgotten): You can request that we erase your Personal Data, under certain conditions.
• The Right to Restrict Processing: You can request that we restrict the processing of your Personal Data, under certain conditions.
• The Right to Object to Processing: You can object to our processing of your Personal Data, under certain conditions (e.g., for direct marketing).
• The Right to Data Portability: You can request that we transfer the data we have collected to another organization, or directly to you, in a structured, machine-readable format.
• The Right to Withdraw Consent: Where we rely on your consent to process data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact our Data Protection Officer at the address provided below. We may need to verify your identity before responding to your request. You also have the right to lodge a complaint with a supervisory authority, such as the Spanish Data Protection Agency (AEPD).

11. Additional Information for Residents of Other Jurisdictions (e.g., California)

If you are a resident of California, the California Consumer Privacy Act (CCPA) provides you with specific rights, including the right to know what personal information we collect and the right to request its deletion. Supsindex does not “sell” or “share” your personal data as defined by the CCPA. To exercise your rights, please contact us.

12. Children’s Privacy

Our Services are not intended for or directed at individuals under the age of 18. We do not knowingly collect Personal Data from children. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to remove that information from our servers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Effective Date” at the top. For significant changes, we will notify you via email or through a prominent notice on our Service. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact our Data Protection Officer (DPO):

Data Protection Officer
Startups Index S.L
Email: privacy@supsindex.com
Mailing Address: