Privacy Policy

This privacy policy for Super Mega Lab LLC (doing business as tidbiits) ("Company," "we," "us," or "our") describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

Visit our website at tidbiits.com, or any website of ours that links to this privacy policy
Use our browser extension for Chrome or other supported browsers
Connect to our Services via the MCP (Model Context Protocol) server or API
Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at contact@supermegalab.com.

SUMMARY OF KEY POINTS

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more in Section 1.

What about the content I submit for processing? When you submit content (such as YouTube videos, articles, documents, or text) to tidbiits, our AI processes that content to generate summaries, knowledge graphs, and other outputs. We process this content solely to provide the Services to you and your team. We do not use your submitted content to train our AI models. Learn more in Section 2.

Do we process any sensitive personal information? We do not intentionally collect or process sensitive personal information. However, content you submit for processing may incidentally contain sensitive information. You are responsible for ensuring you have the right to submit any content you provide to the Services.

Do we collect any information from third parties? We may receive limited information when you authenticate via third-party services such as Google OAuth. Learn more in Section 1.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. Learn more in Section 3.

In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties. Learn more in Section 5.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. Learn more in Section 8.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more in Section 10.

How do I exercise my rights? The easiest way to exercise your rights is by contacting us at contact@supermegalab.com. We will consider and act upon any request in accordance with applicable data protection laws.

What Information Do We Collect?
How Do We Handle Content You Submit?
How Do We Process Your Information?
What Legal Bases Do We Rely On?
When and With Whom Do We Share Your Information?
Do We Use Cookies and Other Tracking Technologies?
How Do We Handle Third-Party Logins?
How Do We Keep Your Information Safe?
What Happens in the Event of a Data Breach?
How Long Do We Keep Your Information?
What Are Your Privacy Rights?
Do United States Residents Have Specific Privacy Rights?
Do We Collect Information From Minors?
Controls for Do-Not-Track Features
Do We Make Updates to This Policy?
How Can You Contact Us?
How Can You Review, Update, or Delete Your Data?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you provide to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

Names
Email addresses
Usernames
Passwords (stored in hashed form)
Profile information (such as profile pictures)
Workspace and team membership information
Billing and payment-related contact information

Sensitive Information. We do not intentionally collect or process sensitive personal information.

Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Stripe. You may find their privacy notice here: https://stripe.com/privacy.

Third-Party Login Data. We may provide you with the option to register with us using your existing Google account. If you choose to register in this way, we will collect certain profile information about you from Google, as described in Section 7 below.

Content you submit for processing

When you use tidbiits, you submit external content for AI-powered processing. This content may include URLs (to YouTube videos, articles, social media posts, and other web pages), uploaded files (PDFs, Word documents, PowerPoints, spreadsheets, CSVs, EPUBs), text pasted directly into the Services, and Google Docs imported via the Google Picker integration. This submitted content may incidentally contain personal information about third parties. You are responsible for ensuring you have the right to submit any content you provide.

Information collected via the browser extension

If you use the tidbiits browser extension, the extension may access the content of web pages you choose to submit to tidbiits. The extension does not passively monitor your browsing activity. It only accesses and transmits page content when you actively choose to submit it through the extension.

Information automatically collected

In Short: Some information — such as your IP address and browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we collect includes:

Log and Usage Data. Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services, including your IP address, device information, browser type, pages and features viewed, actions taken, and date/time stamps.
Device Data. Information about your computer, phone, tablet, or other device you use to access the Services, including IP address, device and application identification numbers, browser type, hardware model, and operating system.

2. HOW DO WE HANDLE CONTENT YOU SUBMIT?

In Short: Content you submit is processed by our AI to provide the Services. We do not use your content to train AI models.

When you submit content to tidbiits, our AI pipeline processes that content to generate structured summaries (including synopses, segments, groupings, and rollups), knowledge graph entities (topics and themes extracted across your content), intelligence signals (such as decisions, risks, opportunities, trends, and key findings), and synthesis documents (cross-source analysis you request).

AI Processing. Content is processed using third-party AI model providers. Content is transmitted to these providers solely for the purpose of generating the outputs described above. We select AI providers that do not use customer inputs for model training. We do not use your submitted content to train our own AI models.

Raw Content Storage. For content submitted via URL (such as web articles, YouTube videos, and social media posts), we do not store the original raw source material. We retain only the AI-generated outputs — summaries, knowledge graph entities, and related structured data. For content submitted via file upload or Google Docs import, we may store the original file to enable processing; whether the full original content remains accessible to you after processing depends on the features available under your subscription plan and may change over time. Regardless of storage, all content is processed and stored in accordance with this privacy policy.

Content Visibility Within Your Workspace. Content you submit and its AI-generated outputs are visible to members of the workspace and team(s) where the content is shared. Annotations (notes, comments, and reactions) you add are visible to other members of your team. Highlights and bookmarks are private to your account.

Content Ownership. You retain ownership of all content you submit to the Services. The AI-generated outputs (summaries, knowledge graph entries, intelligence signals, and synthesis documents) are generated for your use as part of the Services. See our Terms of Service for full details on intellectual property rights.

3. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
To deliver and facilitate delivery of services to the user. We process your information and submitted content to provide you with AI-powered summaries, knowledge graphs, insights, and other features of the Services.
To manage subscriptions and billing. We process your information to manage your subscription, process payments through Stripe, and communicate about billing matters.
To respond to user inquiries and offer support. We may process your information to respond to your inquiries and solve any potential issues you might have with the Services.
To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
To enable team collaboration. We process your information to facilitate workspace and team features, including sharing content, annotations, @mentions, and activity feeds.
To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time.
To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
To comply with legal obligations. We may process your information where we believe it is necessary for compliance with our legal obligations.

4. WHAT LEGAL BASES DO WE RELY ON?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases:

Consent. We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.
Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information to analyze how our Services are used so we can improve them, to diagnose problems and prevent fraudulent activities, and to understand how our users use our products and services so we can improve user experience.
Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

5. WHEN AND WITH WHOM DO WE SHARE YOUR INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. For a complete list of our current subprocessors, including specific company names and data processing locations, please see our Subprocessor List.

The categories of third parties we may share personal information with are as follows:

AI Model Providers — to process content you submit and provide AI-powered features (such as summaries, knowledge graphs, chat, and intelligence signals)
Cloud Computing and Hosting Services — to host and deliver the Services
Payment Processors — specifically Stripe, to handle subscription billing and payment processing
Authentication Providers — specifically Google, when you use Google OAuth to sign in
Analytics Services — to understand how the Services are used and to improve them
Communication Tools — to send you transactional emails (such as account verification, billing notifications, and activity alerts)
Integration Partners — specifically Linear, when you choose to connect your Linear account to push insights as issues

We also may need to share your personal information in the following situations:

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Other Users in Your Workspace. When you participate in collaborative features of the Services (such as sharing content, adding annotations, creating insights, or using @mentions), that information is visible to other members of your workspace and team(s).
MCP Server and API Access. If your workspace administrator has enabled MCP server or API access, authorized third-party applications may access content and data within your workspace in accordance with the permissions granted by your workspace administrator.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We do not use any analytics, marketing, or advertising cookies. The only third-party cookies that may be set on our Services are strictly necessary cookies from Stripe (payment processing) and Google (authentication), which are required for those features to function. For more details about the specific cookies used on our Services, please see our Cookie Notice: tidbiits.com/legal/cookies.

7. HOW DO WE HANDLE THIRD-PARTY LOGINS?

In Short: If you choose to register or log in to our Services using a third-party account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your Google account. Where you choose to do this, we will receive certain profile information about you from Google. The profile information we receive may include your name, email address, and profile picture.

We will use the information we receive only for the purposes described in this privacy policy or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by Google. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information.

When you connect your Linear account to tidbiits, we receive an OAuth access token that allows tidbiits to create issues in your Linear workspace on your behalf. We do not access or store your Linear password.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. These measures include encryption of data in transit (TLS) and at rest, access controls within workspaces and teams, and regular security reviews.

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

9. WHAT HAPPENS IN THE EVENT OF A DATA BREACH?

In Short: If a data breach occurs that affects your personal information, we will notify you and applicable authorities as required by law.

In the event of a security breach that results in unauthorized access to, or disclosure of, your personal information, we will take the following steps:

Promptly investigate the breach and take steps to contain and remediate it
Notify affected users by email within seventy-two (72) hours of becoming aware of the breach, or as soon as reasonably practicable
Notify applicable data protection authorities as required by law (including the relevant supervisory authority under GDPR within 72 hours where applicable)
Provide details about the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach

10. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy policy unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this policy will require us keeping your personal information for longer than the period of time in which you have an account with us.

Content Retention. Content you submit and its AI-generated outputs are retained for as long as your workspace remains active. When you delete content within the Services, it is moved to an archive and can be permanently deleted by you. If your subscription is canceled and your workspace enters a "paused" state, your existing content remains accessible in read-only mode.

Account Deletion. When you request deletion of your account, we will delete or anonymize your personal information from our active databases within a reasonable timeframe. However, we may retain certain limited information for up to twelve (12) months following account deletion to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements (such as tax and accounting obligations). After this retention period, any remaining personal information will be permanently deleted or anonymized.

Data Export. You may request an export of your data at any time while your account is active or in a "paused" state by contacting us at contact@supermegalab.com. We will provide your data in a commonly used, machine-readable format within a reasonable timeframe.

11. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your state of residence in the US or in some regions, such as the EEA, UK, Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure, (iii) to restrict the processing of your personal information, (iv) if applicable, to data portability, and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information.

We will consider and act upon any request in accordance with applicable data protection laws.

Withdrawing your consent. If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us at contact@supermegalab.com.

Opting out of marketing communications. You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us at contact@supermegalab.com. You will then be removed from the marketing lists. However, we may still communicate with you to send you service-related messages that are necessary for the administration and use of your account.

Account Information. If you would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account, or contact us using the contact information provided.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of certain US states, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information.

Categories of Personal Information We Collect

We have collected the following categories of personal information in the past twelve (12) months:

Category	Examples	Collected
A. Identifiers	Contact details, such as real name, email address, and account name	YES
B. Personal information as defined in the California Customer Records statute	Name, contact information	YES
C. Protected classification characteristics	Gender, age, date of birth, race and ethnicity, national origin, marital status	NO
D. Commercial information	Transaction information, purchase history, financial details, and payment information	YES
E. Biometric information	Fingerprints and voiceprints	NO
F. Internet or other similar network activity	Browsing history, search history, online behavior, interactions with our Services	YES
G. Geolocation data	Device location (imprecise, based on IP address)	YES
H. Audio, electronic, sensory, or similar information	N/A	NO
I. Professional or employment-related information	N/A	NO
J. Education information	N/A	NO
K. Inferences drawn from collected personal information	Inferences drawn from usage data to improve the Services	YES
L. Sensitive personal information	Account login information	YES

We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months.

Your Rights

You have rights under certain US state data protection laws. These rights include the right to know whether or not we are processing your personal data, right to access your personal data, right to correct inaccuracies, right to request deletion, right to obtain a copy of data you previously shared with us, right to non-discrimination for exercising your rights, and right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling.

How to Exercise Your Rights

To exercise these rights, you can contact us by email at contact@supermegalab.com, or by referring to the contact details at the bottom of this document.

13. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. The Services are intended for use by adults (age 18 and over). By using the Services, you represent that you are at least 18. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at contact@supermegalab.com.

14. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy policy.

15. DO WE MAKE UPDATES TO THIS POLICY?

In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.

We may update this privacy policy from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this privacy policy. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

16. HOW CAN YOU CONTACT US?

If you have questions or comments about this policy, you may contact us by email at contact@supermegalab.com, or by post to:

Super Mega Lab LLC 16192 Coastal Highway Lewes, Delaware 19958 United States

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE YOUR DATA?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. To request to review, update, or delete your personal information, please contact us at contact@supermegalab.com.