This policy explains how Subido handles personal data—both the data of the people who run feedback portals on Subido ("admins"), and the data of the people who use those portals ("voters").
Subido is operated by [SUBIDO LEGAL ENTITY NAME], a company registered in [JURISDICTION] under company number [NUMBER], with its registered office at [REGISTERED ADDRESS] ("Subido", "we", "us"). For privacy questions and data-protection requests, contact privacy@subido.io.
Where this policy refers to our role under the UK GDPR and EU GDPR, references to "GDPR" mean both as applicable.
This policy covers personal data processed through the Subido marketing site (subido.io), the Subido application (dash.subido.io), the hosted feedback portals we serve on behalf of admins, and our API, MCP server, and embeddable widget.
It does not cover third-party websites we link to, or how an admin uses voter data outside Subido once they export it.
Subido plays two different roles depending on whose data is involved:
This allocation follows from who decides the purpose of the processing, not from whose branding or email-sending credentials are used. It is the same whether a portal is white-labelled on a custom domain or served on a subido.io subdomain.
If you are a voter and want to exercise your rights over your data, your request is usually best directed to the organisation running the portal (the controller). We will assist them, and we will help you reach them — see section 11.
| Category | Examples | Our role |
|---|---|---|
| Account data | Admin name, email, workspace name, role, brand settings | Controller |
| Authentication | Magic-link tokens, sign-in timestamps, IP at sign-in, optional Turnstile signals | Controller |
| Billing | Plan, billing contact; card data is handled by our payment provider, not stored by us | Controller |
| Voter content | Posts, comments, votes, attachments submitted to a portal | Processor |
| Voter identity | Voter email, display name, vote/comment history, email preferences and consent state | Processor |
| Usage & logs | Pages viewed, feature events, error logs, request metadata | Controller (for our analytics) / Processor (within a workspace) |
As controller, we use account, authentication, billing, and usage data to provide and secure the service, authenticate sign-ins, take payment, provide support, understand product usage in aggregate, and meet legal obligations.
As processor, we use voter data only to operate the portal as instructed by the admin: storing and displaying posts and votes, sending the notifications the admin configures, and exposing the data back to the admin through the dashboard, API, and exports. We do not use voter data for our own marketing, and we do not sell personal data.
Where we act as controller, we rely on: contract (to provide the service you signed up for), legitimate interests (securing the service, preventing abuse, basic product analytics), consent (where required, e.g. certain cookies or marketing email), and legal obligation (tax, accounting).
Where we act as processor, the legal basis for processing voter data is determined by the admin as controller. Our processing is carried out on their behalf under the DPA.
Subido sends two kinds of email: transactional messages required to operate an account (magic-link sign-in, team invites), and portal-activity notifications that an admin chooses to send to their voters (status changes, new comments, changelog announcements).
For voter notifications, Subido provides consent controls that the admin selects. The default behaviour is opt-in: voters are not sent activity email unless they have opted in. Admins may, where lawful for their recipients, choose an opt-out mode instead. The legality of opt-out email depends on where the recipients are located — opt-out is generally permitted for US recipients under CAN-SPAM, while the EU, UK, Canada, and other jurisdictions generally require explicit opt-in. The admin, as controller, is responsible for ensuring the mode they choose is lawful for their recipients.
Where an admin sends through Subido's shared email infrastructure, only the opt-in mode is available. Every activity email includes a one-click unsubscribe link, and voters can opt out of all activity email at any time.
We do not sell personal data or share it for others' marketing. We share data with vendors who process it on our behalf ("sub-processors"), each under contractual data-protection terms:
| Sub-processor | Purpose | Data |
|---|---|---|
| Postmark | Transactional & notification email (shared-email path) | Recipient email, message content |
| [HOSTING PROVIDER] | Application & database hosting | All stored data |
| [CDN / FILE STORAGE] | Attachment & media hosting | Uploaded files |
| [PAYMENT PROVIDER] | Subscription billing | Billing contact, payment method |
| [ANALYTICS / ERROR MONITORING] | Product analytics, error logs | Usage events, request metadata |
Admins who connect their own Postmark or SMTP account send notification email through their own provider; in that case that provider is the admin's vendor, not ours. A current sub-processor list is available on request, and our DPA describes how we notify customers of changes.
We may also disclose data where required by law, to enforce our terms, or in connection with a merger or acquisition (with notice where required).
We may process data in countries other than where you are located, including the United States. Where we transfer personal data out of the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Addendum and the EU Standard Contractual Clauses, together with supplementary measures where needed. Details are available at privacy@subido.io.
As controller, we keep account data for as long as your account is active and for a reasonable period afterward to meet legal and accounting obligations, then delete or anonymise it.
As processor, we retain voter data for as long as the admin's workspace exists. When an admin deletes a post, voter, or workspace, the data is removed in line with our deletion routines; deleting a workspace removes its voter data. Backups are retained on a rolling basis and overwritten in the ordinary course.
Subject to your jurisdiction, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. Residents of the EEA/UK have these under GDPR; residents of certain US states (e.g. California) have analogous rights.
If you hold a Subido account, contact us at privacy@subido.io and we will handle your request as controller. If you are a voter on a portal, the organisation running that portal is the controller of your data; direct your request to them, and we will support them in responding. If you are unsure who that is, contact us and we will help route your request.
You also have the right to complain to a supervisory authority — in the UK, the Information Commissioner's Office (ICO); in the EEA, your local authority.
We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, rate-limited passwordless authentication, scoped API keys, HMAC-signed webhooks, and network-hardened infrastructure. No system is perfectly secure, but we work to protect data and to notify affected parties of breaches as required by law.
We use a small number of cookies and similar technologies. See our Cookie Notice for details and choices.
We may update this policy from time to time. We will post the new version here with a revised "last updated" date and, for material changes, provide additional notice where required.
Questions or requests: privacy@subido.io, or write to [SUBIDO LEGAL ENTITY NAME], [REGISTERED ADDRESS].