Privacy Policy

Subrix ("we", "us", or "our") provides a subscription and SaaS management platform available at subrix.io. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Information We Collect

Account Registration

Full name, email address, company name, job title, phone number (optional), password and authentication credentials, billing address and payment information (processed through Stripe).

Service Usage

Subscription information (vendor names, billing amounts, renewal dates), integration credentials (API keys encrypted), budget tracking data, team member information, comments and notes, reports and exports.

Usage Data

IP address, browser type, operating system, pages visited, time spent, referring URLs, device information, and cookies (see Section 5).

Cancellation Feedback

When you cancel your subscription, we provide an optional form where you may share the reason for your cancellation and any additional feedback. Submitting this information is entirely voluntary — your cancellation is processed regardless of whether you respond.

What we collect: If you choose to respond, we collect your selected cancellation reason and any written feedback you provide at that time.

Why we collect it: We use this information to improve our products and to potentially offer you personalized re-engagement offers, discounts, or product updates based on the reason you shared.

Legal basis (GDPR): Legitimate interest (GDPR Art. 6(1)(f)). Analyzing voluntary cancellation feedback and conducting proportionate win-back outreach is a legitimate commercial interest that does not override your rights, given the data is limited, non-sensitive, and voluntarily provided.

Retention: This data is retained for 24 months from your cancellation date. After 24 months, it is automatically and permanently deleted from our systems.

Your rights: You may request deletion of your cancellation feedback at any time by contacting us at privacy@subrix.io. Deletion requests are honored within 30 days. EU/EEA residents have the right to object to this processing at any time under GDPR Art. 21.

2. How We Use Your Information

Service Delivery — Create and maintain your account, manage integrations, process transactions, and provide customer support
Service Improvement — Analyze usage patterns to improve features and add integrations
Communication — Send transactional emails and service updates
Subscription Monitoring — Monitor your subscriptions for renewal dates and send renewal reminders
Marketing (with consent) — Share tips on cost optimization and new features. You can opt-out at any time.
Legal Compliance — Comply with applicable laws, regulations, and legal processes
Fraud Prevention — Detect, prevent, and address fraud and security issues

Legal Bases for Processing (GDPR)

Processing Activity	Legal Basis
Account creation, service delivery, billing	Contract performance — Art. 6(1)(b)
Analytics, usage data, service improvement	Legitimate interest — Art. 6(1)(f)
Transactional emails	Contract performance — Art. 6(1)(b)
Marketing/promotional emails	Consent — Art. 6(1)(a)
Fraud prevention and security	Legitimate interest — Art. 6(1)(f)
Legal compliance obligations	Legal obligation — Art. 6(1)(c)
Cancellation feedback	Legitimate interest — Art. 6(1)(f)

3. How We Share Your Information

We share information with trusted vendors to operate the Service:

Provider	Purpose	Data Shared
Stripe	Payment processing, subscription management	Name, email, billing address
Postmark	Transactional email delivery	Email address, email content
Neon	PostgreSQL database hosting	All stored application data
Vercel	Application hosting and edge delivery	IP address, request data
Google OAuth	Optional sign-in provider	Name, email (only if you choose Google sign-in)

We do not sell or rent your personal information to third parties for marketing purposes. Stripe's privacy practices are described at stripe.com/privacy.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your login session, remember your preferences and dashboard layout, analyze how you use the Service, and detect and prevent fraud. Essential cookies are required for service functionality. Most browsers allow you to control cookies; disabling cookies may affect Service functionality.

5. Data Retention Schedule

Data Category	Retention Period
Account information	Duration of active subscription + 90 days after cancellation
Subscription tracking data	Duration of active subscription; deletable upon request
Integration credentials	Duration of active integration; deleted when revoked
Payment records	7 years (tax/legal compliance)
Support tickets	3 years
Usage logs/analytics	12 months
Cancellation feedback data	24 months from cancellation date

6. Marketing Communications

Onboarding Emails: After you sign up for Subrix, we send a 3-email onboarding sequence (Days 1, 3, and 7) to help you get started. Sent based on our legitimate business interest to help you succeed with the platform.

Review Request Emails: After you interact with our support team, we may send a brief survey or review request email to gather feedback.

Unsubscribe: You can unsubscribe from onboarding and marketing emails at any time by clicking the unsubscribe link in any email or managing preferences in account settings. Transactional emails (confirmations, billing notices, password resets) cannot be disabled as they are essential to account operations.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

Access and Portability: Request a copy of your personal information in a machine-readable format.
Deletion: Request deletion of your personal information within 30 days, except where legally required to retain.
Correction: Update your account information directly within the Service or by contacting us.
Opt-Out of Marketing: Unsubscribe via any email link or from account settings.
Right to Object (GDPR): EU/EEA residents have the right to object to processing based on legitimate interest.

To exercise any of these rights, contact us at privacy@subrix.io. We will respond within 30 days.

8. CCPA Rights (California Residents)

If you are a California resident, you have the following rights:

Right to Know: Request what personal information we collect, use, share, and sell about you.
Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
Right to Opt-Out: Direct us not to sell or share your personal information. (Note: Subrix does not sell personal information.)
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
Authorized Agent: You may designate an authorized agent to submit requests on your behalf.

To submit a CCPA request, contact us at privacy@subrix.io. We will verify your identity and respond within 45 days.

9. Data Security

We implement industry-standard security measures including SSL/TLS encryption in transit, encrypted storage for sensitive data (passwords, API keys), regular security audits, role-based access controls, and secure password hashing. No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

10. Data Transfers

If you are located outside the United States, your personal data will be transferred to, stored in, and processed in the United States.

EU/EEA Users: Transfers of personal data from the EEA to the United States are made on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Art. 46(2)(c). You may request a copy of the applicable SCCs by contacting privacy@subrix.io.

11. Children's Privacy

Subrix is not intended for children under 13. We do not knowingly collect information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted with an updated "Last Updated" date. Significant changes will be communicated via email. Your continued use of the Service constitutes acceptance of the updated policy.

13. Governing Law

This Privacy Policy is governed by the laws of the State of New York, United States, without regard to its conflict of law provisions. Any disputes arising under this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of the State of New York.

14. Contact Us

For privacy-related questions, requests, or concerns, contact us at:

Leonenko Group LLC

16 Whitetail Lane

Commack, NY 11725

United States

Email: privacy@subrix.io

Website: subrix.io

EU/EEA residents have the right to lodge a complaint with their local data protection authority.