Legal
Back to home

Privacy Policy

Last updated: May 23, 2026

This Privacy Policy describes how Subicon ("we") collects, uses and protects your personal data when you use our Service. We are committed to handling your data in compliance with applicable data protection laws, including GDPR.

[Placeholder — to be reviewed with legal counsel / DPO before launch.]

1. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email, password (hashed), profile information
  • Transaction data: purchase history, payout details, Stripe Connect ID
  • Usage data: IP address, device, browser, pages visited, interactions
  • Communication data: messages sent through the Service, support requests

2. How We Use Your Data

We process your data to:

  • Provide, maintain and improve the Service
  • Process payments and payouts
  • Communicate with you about your account and the Service
  • Detect and prevent fraud or abuse
  • Comply with our legal obligations

3. Legal Basis

We process your personal data on the following legal grounds: performance of the contract (your use of Subicon), our legitimate interest (security, improvement of the Service), your consent (marketing emails) and legal obligations (tax, accounting).

4. Data Sharing

We share data only with trusted service providers needed to operate Subicon:

  • Stripe — payment processing and payouts
  • Supabase — database and authentication hosting
  • Vercel — application hosting
  • Resend — transactional emails
  • Cloudflare R2 / Bunny — file storage and delivery

5. Cookies

We use cookies and similar technologies to operate the Service and analyse usage. See our Cookie Policy for details.

6. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted database storage, regular security audits and access controls.

8. Data Retention

We retain your personal data for as long as your account is active, and for additional periods required by law (e.g., accounting records: 10 years). You can request earlier deletion by contacting us.

9. International Transfers

Some of our service providers are located outside the European Economic Area. When data is transferred, we ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

10. Children

Subicon is not intended for users under 16. We do not knowingly collect data from minors. If we become aware of such data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or via the Service.

12. Contact

For privacy questions or to exercise your rights, contact our DPO at contact@subicon.io.