Your data, explained clearly

We collect information you provide directly and information generated through use of the service:

• Account data: email, profile name, authentication identifiers, and login provider details.
• Project data: project name and brand context fields, such as business description, audience, problem framing, and unique positioning.
• Lead monitoring data: keywords, Reddit post IDs, subreddit names, post titles/URLs, author usernames (public Reddit handles), timestamps, and lead status.
• Generated content data: AI-generated posts/replies, plus metadata used to organize history.
• Usage and plan data: daily usage counters (for posts, replies, discovery/scans), subscription status, and billing-period metadata.
• Technical and analytics data: event-level product analytics, browser/device basics, and operational logs needed for reliability and abuse prevention.

• Operate core functionality, including project setup, lead monitoring, and AI content workflows.
• Authenticate your account and enforce account-level data permissions.
• Measure and enforce plan limits and feature access.
• Process subscription lifecycle events (activation, renewal window, status updates, cancellations).
• Send account, billing, support, product, promotional, newsletter, and other marketing communications about SubClimb.
• Improve product quality, troubleshoot incidents, and prevent abuse or policy violations.
• Comply with legal obligations and enforce our Terms.

When you create an account, join a waitlist, request information, or otherwise provide your email address, we may use that email to contact you about your account, service operations, updates, offers, campaigns, announcements, and other communications related to SubClimb. Where required by law, you may opt out of promotional or marketing emails, but we may still send service-related, transactional, security, and legal notices.

SubClimb relies on third-party services to provide the product. These providers process data on our behalf or as independent controllers for their own services:

• Supabase: authentication, database, and realtime infrastructure.
• OpenAI: generation of post and reply suggestions based on your inputs and project context.
• Stripe: checkout, customer IDs, subscription status, and billing lifecycle events.
• Google OAuth (optional): sign-in via Google account.
• Reddit public endpoints: retrieval of public subreddit/post data for lead discovery and subreddit suggestions.

We do not sell your personal information. We share data with providers only to deliver and support the service, or when required by law.

• Generated content history is designed for short retention and currently cleaned after approximately 3 days.
• Account, project, keyword, lead, and subscription records are retained while your account remains active and as needed for legal/business purposes.
• Operational logs and analytics are retained according to operational needs and provider defaults.

If you delete your account, associated data is deleted or anonymized where feasible, subject to legal, tax, anti-fraud, and security retention obligations.

• Row Level Security policies are used to restrict access to account-owned data in the database.
• Authentication is handled through managed auth providers and secure session mechanisms.
• Access to production systems is restricted to authorized personnel on a need-to-know basis.
• We monitor for abuse and reliability issues and may log technical events for incident response.

No method of transmission or storage is completely secure. We continuously improve controls but cannot guarantee absolute security.

• Access or update your account information from your account settings where available.
• Cancel subscription renewal through the billing portal/Stripe customer portal.
• Request deletion of account data, subject to legal and security exceptions.
• Opt out of promotional or marketing emails using the unsubscribe link, where applicable.
• Use browser controls for cookies/tracking technologies where applicable.

If your region grants specific privacy rights (for example, access, correction, deletion, portability, or objection), we will honor valid requests as required by applicable law.

Your data may be processed in countries other than your own, depending on the infrastructure and subprocessors used by SubClimb. Where required, we rely on appropriate transfer mechanisms and safeguards.

SubClimb is not directed to children under 13 (or the age required by local law). If you believe a child has submitted personal data, contact us so we can investigate and remove it.

We may update this policy as the product evolves, laws change, or integrations are modified. Material updates will be reflected by updating the effective date and, when appropriate, with in-app or email notice.

Privacy questions or requests can be sent to aaronaber3@gmail.com. You can also contact us through your account support channels.

This page is provided for transparency and general information. It is not legal advice.