SubTrackPricing

Privacy Policy

Last updated: June 23, 2026

This Privacy Policy explains how SubTrack ("we", "us") collects, uses, and shares information when you use our Service. We act as a data controller for account data and as a data processor for the subcontractor records you upload.

1. Information we collect

  • Account data: name, email, company name, country, password hash.
  • Subcontractor data you upload: contact details, documents (e.g. COIs, W-9s, licences), expiry dates.
  • Billing data: handled by Stripe; we store only customer and subscription identifiers.
  • Usage data: log data, IP address, browser type, pages viewed.

2. How we use information

  • To provide, secure, and improve the Service;
  • To send compliance reminders you have configured;
  • To process payments and manage subscriptions;
  • To communicate about your account and service updates;
  • To comply with legal obligations.

3. Subprocessors

  • Supabase — database, authentication, file storage.
  • Stripe — payments and subscription billing.
  • Resend — transactional email delivery.
  • Cloudflare — hosting, CDN, and edge runtime.

4. Legal bases (UK/EU users)

We process personal data on the bases of contract performance, legitimate interest in operating and securing the Service, your consent (where required), and legal obligation.

5. Data retention

We retain your data for as long as your account is active. After cancellation, account and subcontractor data is deleted within 30 days unless we are legally required to keep it. Backups are rotated within 90 days.

6. Your rights

Subject to applicable law (including UK GDPR and US state privacy laws), you may request access, correction, deletion, export, or restriction of your personal data. Contact us via the contact page to exercise these rights.

7. Security

We use encryption in transit (TLS), encrypted storage, row-level access controls, and least-privilege access for our team. No service is 100% secure, but we work hard to protect your data.

8. International transfers

Your data may be processed in countries other than your own (e.g. United States, European Union, United Kingdom). Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

9. Cookies

We use strictly necessary cookies for authentication and session management. We do not use third-party advertising or cross-site tracking cookies.

10. Children

The Service is not directed to children under 16 and we do not knowingly collect their data.

11. Changes

We will notify you of material changes to this policy by email or in-app.

12. Contact

Privacy questions or requests? Reach us via the contact page.