Legal

Privacy Policy

Clear terms, plain language, and the details you need in one polished document.

EffectiveMay 14, 2026

Last updatedMay 14, 2026

JurisdictionToronto, Ontario, Canada

1Our Commitment to Your Privacy

At Subproof we take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data.

We are committed to full transparency. We will never sell your personal data. Ever.

2Information We Collect

2.1Information you provide directly

Your email address when you create an account
Bug reports, feature requests, and feedback you submit through the Reports page
Subscription and free trial information you manually add to your dashboard

2.2Information collected automatically

Basic usage data such as pages visited and features used — used only to improve Subproof
Your IP address and browser type for security purposes

2.3Payment information

When you subscribe to a paid plan your payment is processed by Stripe. Subproof never receives or stores your full credit card number, CVV, or banking credentials. We only receive a confirmation of payment and a Stripe customer identifier.

2.4Bank transaction data (Plus and Pro only)

If you choose to connect your bank account through Teller we receive read-only access to your transaction history. This data is used solely to detect recurring charges and subscriptions. We do not store your banking login credentials. You can disconnect your bank at any time.

2.5AI processed data

When you submit a bug report or feedback your message is sent to Groq AI to categorize its priority. Groq processes this text to help us respond to you faster. We do not send any other personal data to Groq.

3How We Use Your Information

We use the information we collect to:

Create and manage your Subproof account
Provide and improve our subscription tracking features
Process your payments and manage your subscription plan
Send you important account and billing notifications
Analyze bug reports and feedback to fix issues and improve the product
Detect recurring charges from your bank transactions if you connect your bank
Comply with applicable laws and legal obligations
Protect the security and integrity of the platform

We do not use your data for advertising. We do not build advertising profiles. We do not sell your data to any third party for any purpose.

4Who We Share Your Data With

We share your data only with the following trusted service providers:

Supabase — Secure database storage — supabase.com
Stripe — Payment processing — stripe.com
Teller — Bank connection for Plus and Pro users — teller.io
Groq — AI categorization of bug reports — groq.com
Resend — Sending transactional emails — resend.com
Vercel — Website hosting and infrastructure — vercel.com

We do not share your data with any other third parties. We do not sell your data. We do not share your data with advertisers, data brokers, or any party not listed above.

5Data Storage and Security

Your data is stored securely using Supabase, which is hosted on industry-standard cloud infrastructure. We implement the following security measures:

All data is encrypted in transit using HTTPS/TLS
Database access is protected by Row Level Security — you can only access your own data
Passwords are never stored in plain text
Payment data is handled entirely by Stripe and never touches our servers
Banking credentials are handled entirely by Teller and never stored by Subproof
Access to production systems is restricted to authorized personnel only

While we take security seriously no system is completely immune to risk. In the event of a data breach we will notify affected users as required by applicable law.

6Data Retention

We retain your personal data for as long as your account is active. If you delete your account we will delete your personal data within 30 days except where we are required to retain it for legal or regulatory purposes such as payment records.

Bug reports and feedback may be retained for up to 12 months after submission to help us track and resolve issues.

7Your Rights

Under Canadian privacy law (PIPEDA) and Ontario privacy regulations you have the following rights:

Right to access-You can request a copy of the personal data we hold about you at any time.

Right to correction-You can request that we correct any inaccurate personal data we hold about you.

Right to deletion-You can request that we delete your account and all associated personal data. We will process deletion requests within 30 days. Some data may be retained where required by law.

Right to withdraw consent-You can withdraw your consent to data processing at any time by deleting your account. Note that withdrawal of consent means you will no longer be able to use Subproof.

Right to data portability-You can request an export of your data in a readable format.

To exercise any of these rights please contact us at the email address below.

8Cookies

Subproof uses only essential cookies necessary for the platform to function such as keeping you logged in. We do not use tracking cookies, advertising cookies, or any third party analytics cookies.

9Children's Privacy

Subproof is not intended for anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from someone under 18 we will delete it immediately.

10Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or by displaying a notice within the app. The updated policy will become effective on the date stated at the top of the document.

11Contact Us

If you have any questions, concerns, or requests regarding your privacy or this Privacy Policy please contact us:

Subproof — Toronto, Ontario, Canada — Email: support@subproof.io

We will respond to all privacy related inquiries within 10 business days.