Data Handling Statement — Beta Period (Short Form)

Data Handling Statement

Super Mega Lab LLC ("Super Mega Lab") provides the Agentic Bookmarks VS Code extension and related components (the "Services") to the customer identified in the applicable agreement ("Customer") (the "Agreement").

This statement summarizes the Personal Data that Super Mega Lab Processes in connection with the Services during the Beta Period. It is intended to satisfy Customer's diligence requirements where the limited nature of the Processing makes a full Data Processing Addendum unnecessary. A short-form Beta-period Data Processing Addendum is available at https://agenticbookmarks.com/legal/dpa; a full Data Processing Addendum will be published when the subscription verification service launches at the end of the Beta Period.

Capitalized terms not defined here have the meanings given under the EU General Data Protection Regulation ("GDPR") or equivalent applicable data protection law.

1. What Super Mega Lab does NOT receive

During the Beta Period the Services run entirely on the user's device and do not transmit data to Super Mega Lab. Super Mega Lab does not receive, Process, or store any of the following:

• Source code, file contents, file paths, or file names.
• Repository names, remote URLs, branch names, commit hashes, commit messages, or other version control metadata.
• Prompts, AI completions, model inputs or outputs, or assistant conversations.
• Editor activity, keystrokes, telemetry events, or product-usage analytics.
• Diagnostics, error reports, or crash dumps.
• Repository visibility status (the Services determine repository visibility on the user's machine by querying the applicable repository host directly; this information is not transmitted to Super Mega Lab).
• IP addresses or other connection metadata.

The Services contain no telemetry, no analytics, and no behavioral event logging.

2. What Super Mega Lab does Process

During the Beta Period, Super Mega Lab Processes no Personal Data in connection with the Services, other than what an end user or Customer voluntarily provides through support communications.

When the subscription verification service launches at the end of the Beta Period, the limited categories of Personal Data Super Mega Lab will Process will be published in an updated version of this statement and in the full Data Processing Addendum, with at least thirty (30) days advance notice.

3. Sub-processors

Super Mega Lab engages no sub-processors to Process user data through the Services during the Beta Period, because Super Mega Lab receives no user data through the Services.

4. Security

A description of Super Mega Lab's security posture is published at https://agenticbookmarks.com/legal/security.

5. International transfers

During the Beta Period, the Services do not transmit data to Super Mega Lab and therefore do not effect any international transfer of Personal Data. Transfer mechanisms applicable to the post-beta subscription service will be described in the full Data Processing Addendum.

6. Security incidents

Super Mega Lab will notify Customer without undue delay, and in any event within seventy-two (72) hours after becoming aware, of any security breach materially affecting Personal Data described in this statement in a manner relevant to Customer's end users.

7. Data subject requests

End users may exercise their data protection rights (access, rectification, deletion, portability, objection) by contacting contact@supermegalab.com. Given the limited data Processed, Super Mega Lab can typically respond within thirty (30) days.

8. Changes to this statement

Super Mega Lab may update this statement from time to time. The current version is published at https://agenticbookmarks.com/legal/data-handling. Material changes will be communicated through the channel Customer has designated for account notices.

9. Contact

For questions about this statement or Super Mega Lab's data practices: contact@supermegalab.com

Acknowledged and accepted (optional)

Some Customers will require this statement to be countersigned; others will treat it as a unilateral disclosure attached to the Agreement. Either is acceptable.