Privacy Policy
This Privacy Policy explains how Houly Ltd (trading as Ammo AI) ("we", "us", "our") collects, uses, and protects personal data when you use the SuperIntern platform and related services (the "Service").
We are committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR) where applicable.
1. Who We Are
The SuperIntern platform is operated by:
Houly Ltd (trading as Ammo AI), company incorporated in England and Wales. Company No. 15817830. Email: support@superintern.ai
Houly Ltd acts as the data controller for personal data processed through the Service. Certain intellectual property relating to the SuperIntern technology is owned by NeuroMesh Ltd, British Virgin Islands. Houly Ltd operates the Service under license from NeuroMesh Ltd.
Data Protection Contact: Yujian Hong Liu — support@superintern.ai
For privacy-related inquiries you may contact us at the email address above.
2. Personal Data We Collect
We may collect the following categories of personal data.
Account Information
- Name
- Email address
- Date of birth
- Account preferences
Usage Data
- Prompts and conversation history
- Interactions with AI features
- Skills installed or used
- Product usage analytics
Technical Information
- IP address
- Browser type
- Device information
- Log data and session activity
Payment Information
- Payments are processed by third-party payment providers (such as Stripe).
- We do not store full payment card information.
Creator Information
If you publish Skills or participate in revenue sharing we may collect:
- Payout information
- Tax documentation
- Usage statistics for your Skills
3. How We Use Personal Data
We process personal data to:
- provide and operate the SuperIntern service
- generate AI responses
- manage user accounts and subscriptions
- process payments
- facilitate creator revenue sharing and payouts
- improve product performance
- monitor platform security
- detect misuse or abuse
- provide customer support
- comply with legal obligations
We process personal data only to the extent necessary to operate and improve the Service.
4. AI Processing
SuperIntern uses artificial intelligence systems provided by third-party AI providers. User prompts or inputs may be transmitted to AI providers in order to generate responses. These providers include:
Anthropic
- Claude AI models
- Privacy Policy: https://www.anthropic.com/legal/privacy
- Location: United States
OpenAI
- GPT models
- Privacy Policy: https://openai.com/en-GB/policies/privacy-policy/
- Location: United States
X AI
- Grok models
- Privacy Policy: https://x.ai/legal/privacy-policy
- Location: United States
Alibaba Cloud
- QWEN models
- Privacy Policy: https://www.alibabacloud.com/help/en/legal/latest/alibaba-cloud-international-website-privacy-policy
- Location: China
Other AI infrastructure providers may be added as the platform evolves. A current list of AI providers is maintained in our sub-processor list.
These providers operate under their own privacy policies. We do not control the independent policies or operations of third-party AI providers.
Unless explicitly stated otherwise, we do not use user prompts or conversations to train AI models.
Note regarding Alibaba Cloud: User prompts transmitted to Alibaba Cloud are processed in China. As China does not benefit from an EU adequacy decision, we implement additional safeguards including Standard Contractual Clauses (SCCs) and enhanced encryption. See Section 7 for details.
Automated Processing
The Service uses automated systems and artificial intelligence to generate outputs. These systems assist users but do not make legally binding decisions about individuals.
5. Legal Bases for Processing
Under GDPR we rely on the following legal bases.
Contract
Processing necessary to provide the Service to users, including:
- account management
- AI response generation
- subscription billing
- customer support
- creator revenue sharing and payouts
Legitimate Interests
Processing required to:
- maintain platform security
- prevent fraud or misuse
- improve the product and user experience
- conduct business analytics
Legal Obligations
Processing necessary to comply with applicable laws such as:
- tax and accounting obligations
- regulatory compliance
Consent
Where required, for example:
- marketing communications
- optional cookies and analytics
Users may withdraw consent or object to legitimate interest processing where applicable.
6. How We Share Data
We may share personal data with the following categories of recipients.
Service Providers
Companies that help us operate the platform, including:
- hosting providers
- cloud infrastructure providers
- analytics tools
- payment processors
Key service providers include:
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Cloud computing, data storage, hosting | USA |
| Vercel | Front-end application deployment and hosting | USA |
| Cloudflare | CDN, DDoS protection, DNS, web application firewall | USA |
| GitHub | Source code repository and CI/CD pipelines | USA |
| Elastic | Application logging, monitoring, observability | USA |
| Google Workspace | Corporate email, calendar, collaboration | USA |
These providers process data on our behalf under contractual safeguards. A full list of subprocessors is available in our sub-processor list.
AI Providers
User prompts may be transmitted to AI providers in order to generate responses. See Section 4 for details.
Legal Requirements
We may disclose personal data where required by law or legal process.
Business Transfers
If the company undergoes a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction.
7. International Data Transfers
Because our services operate globally, personal data may be transferred outside the UK or European Economic Area.
Where this occurs we rely on the following safeguards:
- EU-US Data Privacy Framework (DPF): For transfers to US-based providers that are DPF-certified, including Google Cloud Platform, Google Workspace, and GitHub (via Microsoft). The European Commission has issued an adequacy decision for the EU-US DPF.
- Standard Contractual Clauses (SCCs): For transfers to providers that are not DPF-certified, including OpenAI, Anthropic, X AI, Vercel, Cloudflare, Elastic, and Notion.
- Supplementary technical measures: Including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, and audit logging.
Transfers to China: Personal data may be transmitted to Alibaba Cloud in China for AI inference processing. As China does not benefit from an EU or UK adequacy decision, we implement enhanced safeguards including SCCs, end-to-end encryption, data minimization (prompts only, no bulk data transfer), transfer impact assessments, and regular vendor security reviews.
These safeguards ensure personal data remains protected in accordance with GDPR requirements.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements.
More specifically:
- Account Data: Retained for the duration of the user's account and for up to 30 days after account deletion.
- Task Execution Logs: Retained for up to 12 months for service improvement, debugging, and security monitoring.
- Billing Records: Retained for up to 7 years to comply with legal and financial obligations.
- User Content (including chat history and interactions): Retained for the duration of the user's account unless deleted by the user. We may delete or anonymize such data when it is no longer necessary for the purposes for which it was collected.
- AI Interaction Data: Processed transiently for task execution purposes. Zero data retention (ZDR) is enabled where supported by the AI provider. For providers where ZDR is not available, data is retained only for the minimum period required for inference processing and is not used for model training.
- Sensitive data handling addendum: Task execution logs are retained for up to 12 months for security monitoring, debugging, fraud prevention, and service improvement. Users are advised via our Terms of Use not to submit sensitive personal data (GDPR Article 9 categories) through the Service. Where sensitive data is incidentally included in user inputs, users may request deletion at any time in accordance with GDPR Article 17. Deletion requests will be processed within 30 days of receipt. Where a request is complex, the response period may be extended by up to two additional months, with prior notice to the user in accordance with GDPR Article 12(3). AI interaction data is processed transiently; where supported, zero data retention is enabled. Data is securely deleted or anonymized after the applicable retention period, unless a longer retention period is required by law.
After the applicable retention period, data is securely deleted or anonymized.
9. Your Data Rights
Under GDPR you may have the following rights.
Your Rights
- Right of Access: Request a copy of your personal data.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of personal data in certain circumstances.
- Right to Restrict Processing: Request limitations on how your data is processed.
- Right to Data Portability: Request transfer of your data to another service.
- Right to Object: Object to certain processing activities.
- Right to Withdraw Consent: Where processing is based on consent.
How to Exercise Your Rights
Email: support@superintern.ai
Suggested subject lines:
- "Data Access Request"
- "Data Deletion Request"
- "Data Correction Request"
- "Privacy Request"
Please include your account email address and details of your request. We may need to verify your identity before processing requests. We aim to respond within 30 days.
Complaints
If you are not satisfied with our response you may lodge a complaint with a supervisory authority.
United Kingdom: Information Commissioner's Office (ICO) — https://ico.org.uk
EU users may also contact their local data protection authority.
10. Security
We implement reasonable technical and organizational measures designed to protect personal data, including:
- encryption in transit and at rest
- access controls
- monitoring and logging
- secure infrastructure providers
- multi-factor authentication
- regular security assessments and penetration testing
We regularly review our security practices to maintain appropriate safeguards.
However, no system can guarantee absolute security. Users are responsible for maintaining the confidentiality of their account credentials.
11. Children
The Service is not intended for individuals under 16 years of age. If we become aware that personal data from a child under 16 has been collected, we will take steps to delete the data.
12. Cookies
We may use cookies or similar technologies to:
- maintain user sessions
- analyze platform usage
- improve the Service
More information is available in our Cookie Policy.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or by email where appropriate. The updated policy will include a revised "Last Updated" date.
14. Contact
If you have questions about this Privacy Policy or our data practices: Email: support@superintern.ai
Subject: "Privacy Question"
© 2025–2026 Houly Ltd (trading as Ammo AI). All rights reserved.
