GET API's are now available in "Settings > API"

GDPR / Privacy Policy
SuperCMMS

GDPR
GDPR

Kepler Data Science Pte. Ltd. (“Kepler”, “we”, “us”, or “our”) operates SuperCMMS, a cloud-based Computerized Maintenance Management System (CMMS) SaaS platform available at https://supercmms.com and associated mobile apps (collectively, the “Service”).

This Policy explains how we collect, use, disclose, transfer, and protect personal data in connection with the Service. It is designed to comply with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the UK GDPR, and other applicable data protection laws where we process personal data of individuals in the European Economic Area (EEA), United Kingdom, or other relevant jurisdictions.

We act as:

  • Data controller for personal data we collect directly from website visitors, account holders, and users of the Service (e.g., your account registration and usage data).

  • Data processor for Customer Data (work orders, asset records, employee names, contact details, etc.) that our business customers (“Customers”) upload or generate while using the Service. Customers remain the data controllers for such data and are responsible for ensuring they have a lawful basis to process it.

If you are a Customer using the Service on behalf of an organization, please ensure your organization has a separate Data Processing Agreement (DPA) or Addendum in place with us (available upon request).

1. Information We Collect

We collect the following categories of personal data:

A. Data you provide

  • Account data: name, email address, phone number, organization name, job title, billing address, and payment information.

  • Customer Data: any personal data contained in work orders, asset records, preventive maintenance schedules, inventory, user-generated reports, or other content uploaded to the Service (e.g., names and contact details of maintenance staff or contractors).

  • Support and communication data: inquiries, feedback, or correspondence sent to help@supercmms.com or any other official communication channel established by us.

B. Automatically collected data

  • Usage and technical data: IP address, browser type, device information, operating system, referral source, pages visited, and session duration.

  • Cookies and similar technologies.

  • Analytics data: non-identifying statistical usage data collected via tools such as PostHog and Google Analytics.

C. Data from third parties

  • Authentication data via Google SSO (if chosen).

  • Payment processor data (Stripe, Razorpay, Wise, etc.).

We do not knowingly collect personal data of children under 16 (or the applicable age of consent) or sensitive personal data (special categories under GDPR Article 9) unless you or your organization voluntarily includes it in Customer Data.

We do not sell personal data.

2. Purposes and Legal Basis for Processing (GDPR Article 6)

We process personal data only where we have a lawful basis, the purposes legal basis whereof are listed below.

  • Providing and operating the Service (including hosting Customer Data) - Contract (Art. 6(1)(b)) or Legitimate Interests (Art. 6(1)(f))

  • Account management, authentication, and security - Contract / Legitimate InterestsBilling and payment processingContract (Art. 6(1)(b))

  • Sending service-related communications (critical updates, account activity) - Contract / Legitimate Interests

  • Marketing communications (newsletters, product updates) – only with consent where required - Consent (Art. 6(1)(a)) or Legitimate Interests

  • Improving the Service, analytics, and debugging - Legitimate Interests

  • Complying with legal obligations (tax, accounting, anti-fraud) - Legal Obligation (Art. 6(1)(c))

  • Responding to data subject requests or disputes - Legal Obligation / Legitimate Interests

Where we rely on legitimate interests, we conduct a balancing test to ensure our interests do not override your rights and freedoms.

For Customer Data processed as a processor, processing is based on the Customer’s instructions and our contractual obligations.

3. Sharing and Disclosure of Personal Data

We share personal data only as necessary:

  • With sub-processors (listed at https://supercmms.com/sub-processors) who provide infrastructure, hosting, analytics, authentication, payments, email delivery, and documentation services. All sub-processors are contractually bound by data protection obligations equivalent to this Policy.

  • With professional advisers, auditors, or regulators where legally required.

  • In the event of a merger, acquisition, or sale of assets (with notice where required by law).

We do not share personal data with third parties for their own marketing purposes.

4. International Data Transfers

Kepler Data Science Pte. Ltd. is based in Singapore (68 Circular Road #02-01, Singapore 049422). Data may be transferred to and processed in: Singapore, the United States, Ireland (EEA), India, and other jurisdictions where our sub-processors operate.

Singapore is not currently the subject of an EU adequacy decision. Therefore, for transfers of personal data from the EEA/UK to Singapore or other non-adequate countries, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission (Modules 1–4 as applicable), or

  • Other appropriate safeguards permitted under GDPR Article 46 (e.g., Binding Corporate Rules where applicable).

5. Data Security

We implement appropriate technical and organizational measures, including encryption in transit and at rest (where technically feasible), access controls, regular security audits, and 99.95% uptime infrastructure (GCP, AWS, Cloudflare). However, no system is completely secure. Customer Data remains your property; we process it only on your instructions.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined or as required by law:

  • Account data: for the duration of your account + up to 2 years after deletion (for legal/archival purposes).

  • Customer Data: for the duration of the Customer agreement + a reasonable period thereafter (or as instructed by the Customer).

  • Analytics data: up to 2 years (anonymized where possible).

Upon account termination or deletion request, we delete or anonymize data subject to legal retention obligations.

7. Your Data Subject Rights (GDPR Chapter 3)

If you are located in the EEA, UK, or another jurisdiction granting these rights, you can:

  1. Access – request confirmation of processing and a copy of your data.

  2. Rectification – correct inaccurate or incomplete data.

  3. Erasure (“right to be forgotten”) – request deletion (subject to exceptions).

  4. Restriction of processing.

  5. Objection to processing based on legitimate interests or for direct marketing.

  6. Portability – receive your data in a structured, machine-readable format.

  7. Withdraw consent (where processing is based on consent).

  8. Not be subject to automated decision-making (including profiling) with legal or significant effects.

To exercise these rights, email privacy@supercmms.com with a clear description and proof of identity. We respond within one month (extendable in complex cases). You also have the right to lodge a complaint with your local supervisory authority (e.g., the Data Protection Commission in Ireland or the relevant EEA authority).

Note for Customers acting as data controllers: Rights requests regarding Customer Data should be directed to your organization (the controller). We will assist as processor upon verified instruction from the controller.

8. Cookies and Tracking Technologies

We use essential cookies for functionality, analytics cookies (PostHog, Google), and reCAPTCHA for security. You can manage preferences via your browser settings. A detailed Cookie Policy is available upon request or will be linked separately.

9. Changes to This Policy

We may update this Policy. Material changes will be notified via email or prominent notice on the Service at least 7 days in advance (or as required by law). Continued use after changes constitutes acceptance.

10. Contact Us / Data Protection Representative

Data Controller: Kepler Data Science Pte. Ltd. 68 Circular Road #02-01 Singapore 049422

Email: help@supercmms.com (preferred for privacy matters).

11. Governing Law

This Policy is governed by the laws of the Republic of Singapore. Disputes shall be subject to the non-exclusive jurisdiction of the courts of Singapore. Where GDPR applies, you retain the right to enforce your GDPR rights in the courts of your habitual residence or the place of the alleged infringement.

Updated: 29-Nov-2024

Trusted in 50+ countries
99.95% uptime
99.95% uptime
99.95% server uptime
Forever free plan
trusted around the globe
trusted around the globe
supercmms is a free cmms
supercmms is a free cmms

Quick Links

About
Why SuperCMMS
Free CMMS
Free Work Order Software
Maintenance Management Software
Comparisons
API and Documentation
Services and Privacy Terms
Privacy / GDPR
Open Source
Sub Processors
Contact
Status

Super CMMS Logo - World's easiest and free CMMS
Super CMMS Logo - World's easiest and free CMMS

About

SuperCMMS is a free Enterprise Asset Management (CMMS) software for managing your work orders at scale.

Fits All Industries. ❤️ Made for SME's.

Kepler Data Science Pte. Ltd.
68 Circular Rd.
Singapore - 049422

Knowledge base

What is a Work Order?
Preventive Maintenance
Predictive Maintenance
Work Order Template
CMMS Selection Guide
Asset Management
Inventory Management
Warehouse Management

Discuss with AI

ChatGPT
Google AI
Perplexity
Claude
Grok

need a demoneed a demo