Privacy Policy
Last updated: December 3, 2025
At sub5.io, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
Our Commitment
We are a Swiss company committed to GDPR compliance. We only collect data necessary to provide our services, and we never sell your personal information to third parties.
1. Information We Collect
Information You Provide
- Account Information: Email address, name, and company name when you sign up for our waitlist or create an account
- Communication Data: Messages and inquiries you send us
Automatically Collected Information
- Usage Data: Pages visited, features used, and interaction patterns (only with your consent)
- Device Information: Browser type, operating system, and device type
- Log Data: IP address, access times, and referring URLs
2. How We Use Your Information
- To provide and maintain our service
- To notify you about changes to our service
- To provide customer support
- To gather analysis or valuable information to improve our service (only with consent)
- To detect, prevent, and address technical issues
3. Analytics & Cookies
We use PostHog for analytics to understand how visitors interact with our website. PostHog is configured with:
| Feature | Details |
|---|---|
| Data Residency | EU (Frankfurt, Germany) |
| Cookie Duration | 1 year |
| Personal Data | Anonymous by default, identified only when you sign up |
| Session Recording | Enabled (passwords masked) |
You can opt-out at any time by clicking "Decline" on the cookie banner or by contacting us.
4. Data Storage & Security
Where Your Data Lives
- Database: Supabase (Frankfurt, EU) - Your account data and preferences
- Analytics: PostHog (EU) - Anonymous usage analytics
- AI Processing: Anthropic Claude API (US) - Query processing only, no data retention
We implement industry-standard security measures including:
- TLS 1.3 encryption for all data in transit
- Encrypted database storage
- Regular security audits
- Access controls and authentication
5. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing of your personal data
- Right to Withdraw Consent: Withdraw consent at any time
To exercise any of these rights, please contact us at founders@sub5.io.
6. Data Retention
We retain your personal data only for as long as necessary:
- Account Data: Until you delete your account
- Analytics Data: 90 days
- Communication Records: 2 years
7. Third-Party Services
We use the following third-party services:
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database & Authentication | EU (Frankfurt) |
| PostHog | Analytics | EU |
| Vercel | Hosting | Global CDN (EU edge) |
| Anthropic | AI Processing | US (no data retention) |
8. International Transfers
Some of our service providers (Anthropic, Vercel) operate in the United States. When transferring data outside the EU, we ensure appropriate safeguards through:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements
- Privacy Shield successor frameworks where applicable
9. Children's Privacy
Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
11. Contact Us
Get in Touch
If you have any questions about this Privacy Policy, please contact us:
- Email: founders@sub5.io
- General: founders@sub5.io
sub5.io is operated by a Swiss entity. For data protection inquiries, please contact our data protection officer at founders@sub5.io.