Legal & Transparency

Explore our general terms of service, legal agreements and policies for using our cloud service - SuperOffice CRM.

Relationships – personal or in business – are built on trust. And transparency is in the core of trust. That is why SuperOffice takes this so seriously. We know that when you trust us with your CRM data and software to support your most significant business processes in marketing, sales and customer service, we must continuously work to earn and keep your trust.

In this section you will find an overview and introduction to our goals, culture and specific measures in the area of trust and transparency.

Agreements & Policies

Below you can access important documents and explore the content of our Terms of Service, legal agreements and policies.

SuperOffice CRM Online Subscription Agreement (MSA)

Terms for SuperOffice AI Lab

Data Processing Agreement (DPA)

List of pre-approved sub-Processors

SuperOffice CRM Onsite Subscription Agreement

Privacy Statement

SuperOffice App Store (Terms of Use)

Public Facing Services Policy

Data Mirroring Service

Expander Services

SuperOffice Consulting Service Master Agreement (MACS)

Premium Support Addendum

DPA/NDA for Support & Consulting Services

List of pre-approved sub-Processors Services

SuperOffice Code of Conduct (pdf)

SuperOffice Suppliers Code of conduct (pdf)

GDPR compliance

Our products have undergone external reviews to confirm that we and our products are GDPR compliant.

DLA Piper review of SuperOffice AS and SuperOffice CRM


The SuperOffice CRM cloud service is designed mainly to be used in Europe. This is specifically related to the location of the main data centers in Norway, as well as the scheduled maintenance windows which are optimized for customers and users in the European time zones.

In addition, the SuperOffice CRM cloud service is compliant with and managed under the EU General Data Protection Regulation, in terms of storage and management of personal data.


The server infrastructure is built on secure public cloud solutions. We use data centers facilitated by Visma IT & Communications. Data processing takes place in accordance with the data center transparency list below and follows local European regulations and requirements with regards to protection of data privacy. In order to comply with national legal requirements, separate data storage is additionally provided in Norway.

  • Locked and alarmed with 24/7 surveillance.
  • External and internal video monitoring and traceability of access to the premises.
  • Redundant climate control with environmental monitoring of gas, moisture, heat and water.
  • Fire alarm with automatic fire-fighting equipment.
  • Uninterruptible power supply regularly tested against fictional power outages.

For public cloud solutions, we use the vendor's data centers for storage of information. The centers run around the clock and ensure uninterrupted operations, by protecting against power outage, physical intrusion and network outage. These data centers conform to recognized industry standards of physical security and reliability.

Data Center Transparency List

SuperOffice stores and processes Cloud CRM data at the following data centers.

Entitiy company name Entity city, country Processing country Entitiy type & description of service Privacy & security governance
SuperOffice AS Oslo, NO Oslo, NO Cloud Service Provider. SuperOffice CRM offering functionality for basic CRM as well as specialized functionality for marketing, sales and service.

GDPR audits performed by PWC. Legal Agreements certified by Lawyer Foyen Torkildsen. Part of Visma ITC ISO27001 certificate.

Visma ITC Oslo, NO  Oslo, NO Hosting Provider. Hosting and operations of all servers and infrastructure for SuperOffice CRM. ISO Certificates for ISO9001 and ISO27001. ISO27018 during 2018. ISAE3402 audit report available on request.
Mailgun Inc.  US Frankfurt, Germany in E  Email service provider. Mailgun is storing mass emails (campaigns) generated from SuperOffice CRM in 24 hours (for resending purposes).

EU Standard Contract Clauses (SCC)

Microsoft Inc.  US

Primary data center in Netherlands. Secondary data center in Ireland.

Document Storage Provider. All documents stored in SuperOffice CRM are stored in a Microsoft Azure service.
Microsoft Inc.  US Western Europe Office365 used for document management in SuperOffice CRM
Google Inc.  US Western Europe G Suite (Google) used for document management in SuperOffice CRM
InfoBridge Software BV S´Hertogenbosch, NL Western Europe Provider of calendar synchronization between SuperOffice CRM and various calendaring systems


Hosted on the Microsoft Azure platform.

App Store Partner App Store partner country App Store partner country Providers of 3rd party apps and integrations – based on the SuperOffice CMR APIs Described in the Terms of Service and DPA between Customer and Partner.


Service Availability

SuperOffice has the goal of keeping its services up and running on a “24x7x365” basis. However, system maintenance might lead to short periods of unavailability. System maintenance is performed on a regular basis to provide our customers with the best performance, security and stability. Our maintenance schedule aims at minimizing disruption to normal business hours’ operation.

Currently, SuperOffice uses the following maintenance schedule (all times are CET +1):

  • System maintenance: Operating system patching, updates, reconfiguration of software to backend systems. This is scheduled for every second week on Fridays between 00:00 and 06:00.
  • Application maintenance: Upgrades of the SuperOffice application software are scheduled for every third week on Tuesdays at 22:00 (10% of customers) and the rest of the customers the following Friday at 22:00.
  • Server re-cycle: Every night at 02:00 servers are re-cycled causing a temporary drop in connection to the system (1-3 seconds). Users are normally automatically logged in again.
  • Microsoft patching: Microsoft releases security patches once a month. These updates are scheduled on a second Friday of every month between 00:00 and 06:00.
  • Infrastructure upgrade: Data center, hardware, electricity, network upgrades are scheduled between Saturday 20:00 and Sunday 06:00 if needed.
  • Emergency patching: Occasional serious security updates and similar are normally installed after normal working hours, at approximately 18:00.

Downtime for the individual customer will vary depending on the type of change/update. Normally, a user will experience a short loss of connection (a few seconds), followed by an automatic login. Downtime will rarely exceed 30 minutes.

All scheduled maintenance is clearly posted at the login screen of each user at least 24 hours in advance.

Critical fixes may be posted at the login screen of each user with minimum 24 hours’ notice if required to maintain service stability.

The above described maintenance schedules are designed to support customers and users of our services in Europe in the best possible way. Any usage of the service outside Europe, are subject to the same maintenance schedules, meaning that maintenance can take place during normal working hours in Asia, as well as in North and South America.

Status Page

All scheduled outage is notified at least 24 hours in advance. System status and any scheduled downtime are presented at the login screen of each user and on the status page:

Have a question?

If you have any questions that aren’t answered here, please feel free to contact us