Subble Logo

Privacy Policy

Effective Date: January 25, 2024

Introduction

Subble ("we," "us," or "our") respects the privacy of our users ("user" or "you"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website subble.com, including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the "Site"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please refrain from using the site.

Information We Collect

We collect various types of information from and about you through different methods. The categories and methods of collection include:

  • Personal Information: This includes identifiable details like your name, address, email address, and telephone number, as well as demographic information such as your age, gender, location, and interests. You provide this information voluntarily when you register on our Site or engage in activities related to our services.
  • Derivative Data: Our servers automatically log details when you access our Site, such as your IP address, browser type, operating system, access times, and the pages you visit directly before and after your visit.
  • Third-Party Financial Data: We may receive information about your financial transactions, such as transaction records, invoices, and financial statements, from third-party financial services linked to your account.
  • Credit Card Information: While we facilitate transactions that may require credit card information, this data is processed and stored directly by third-party payment processors. To ensure enhanced security, we do not store credit card details on our servers.
  • Integrated Service Usage Data: We may receive information from third-party service providers regarding your use of integrated services, including license details and usage statistics.

Use of Your Information

We collect your data to enhance your experience by offering a seamless, efficient, and personalized service. Here's how we use your information:

  • Account Management and Security: To manage and protect your account effectively.
  • Operations and Analytics: To conduct business operations, improve the functionality and efficiency of our site and services.
  • Payment Processing: While payment processing is handled by secure payment processors, we only facilitate the connection to these services and do not store or handle your payment information directly.
  • Financial Data Usage: To provide insights into your spending on software and licenses, and generate detailed financial reports.
  • License Data Usage: To track and manage software applications, offer detailed security and usage analytics, and support account provisioning and deprovisioning processes.
  • Updates and Announcements: To keep you informed about changes to our site and new offerings.
  • Use of Google API data: Subble's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements. We explicitly affirm that data obtained through Google Workspace APIs is not used to develop, improve, or train generalized AI and/or machine learning models.

Disclosure of Your Information

Our policy ensures the careful handling of your information, strictly governed by legal and ethical standards. We do not share your data with third parties. Your information may only be disclosed in the following specific circumstance:

  • Legal Compliance and Safety: Sharing with authorities when legally required or to protect rights and safety, aligning with our commitment to legal compliance and user protection.

Security of Your Information

To ensure the protection of your personal information, we employ a robust suite of security measures. These include:

  • Encryption: We use industry-standard encryption technologies, such as SSL/TLS, to safeguard data during transmission. Additionally, sensitive data stored on our servers is encrypted using AES-256-GCM, and user passwords are hashed with Bcrypt.
  • Compliance Standards: Our security practices are designed to be in compliance with major international standards, including the ISO 27001 for information security management.
  • Regular Audits: We conduct regular security assessments and audits to ensure our practices meet or exceed industry standards. These proactive measures are intended to prevent unauthorized access, use, alteration, and disclosure of personal information.

Location of Your Data

Our customer database is located in Australia, hosted in AWS in their Sydney region.

Australian Privacy Law Compliance

As an Australian company, we are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Here's how we meet these obligations:

  • Australian Privacy Principles (APPs): We adhere to all 13 APPs governing the collection, use, disclosure, and handling of personal information.
  • Notifiable Data Breaches: We maintain a data breach response plan and will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if an eligible data breach occurs.
  • Cross-Border Data Flows: When transferring data overseas, we ensure recipients comply with the APPs and maintain appropriate data protection standards.
  • Direct Marketing: We only use personal information for direct marketing purposes with your consent and provide easy opt-out mechanisms.

GDPR Compliance

While we are an Australian company, we aim to respect and protect the privacy rights of users from the European Economic Area (EEA), United Kingdom, and Switzerland in accordance with the principles of the General Data Protection Regulation (GDPR). Here's how we handle personal data for users in these regions:

  • Legal Basis for Processing: We only process personal data when we have a valid reason to do so:

    • Your explicit consent
    • When necessary to provide our services to you
    • To comply with legal obligations
    • Where we have legitimate business interests that don't override your privacy rights
  • International Data Transfers: As an Australian company, we process and store data in Australia and other countries outside the EEA. When we transfer your data outside the EEA, we implement appropriate safeguards and mechanisms to protect your privacy rights.

  • Privacy Inquiries: While we haven't formally appointed a Data Protection Officer, we take your privacy seriously. For any privacy-related questions or concerns, please contact us at privacy@subble.com.

  • Data Breach Handling: We maintain procedures to detect, report, and investigate suspected personal data breaches. We will notify affected users and relevant authorities as required by applicable laws.

User Rights and Data Management

As a user, you are afforded specific rights regarding your personal data under applicable privacy laws, including GDPR and Australian Privacy laws. These rights include:

  • Right to Access: You can request access to the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of inaccurate data about you.
  • Right to Erasure (Right to be Forgotten): You can request the deletion of your data where there is no compelling reason for its continued processing.
  • Right to Restrict Processing: You may request that the processing of your personal data be restricted.
  • Right to Data Portability: You can request a copy of your personal data in a machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances, such as for direct marketing purposes.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable laws.
  • Right to Withdraw Consent: Where we rely on consent as the legal basis for processing, you can withdraw this consent at any time.

To exercise any of these rights, please contact us using the details provided in the "Contact Information" section below. We will respond to your request within 30 days.

Data Retention Policy

Purpose of Data Retention: We retain your personal information only as long as necessary to fulfill the services you have requested, comply with our legal obligations, resolve disputes, and enforce our agreements. The factors determining how long we keep your information include:

  • Duration of Services: The period during which we have an ongoing relationship and continue to provide you with our services.
  • Legal Requirements: Any legal obligations that require us to hold onto certain records for a specific time frame (e.g., retention of transaction records as mandated by law).
  • Legal Advisability: The advisability of retaining data based on legal standings such as statutes of limitations, ongoing or potential litigation, and regulatory investigations.

Deletion of Data: When the retention period expires, your personal information will be securely deleted or anonymized, ensuring it cannot be associated with you, in compliance with applicable laws and regulations.

User Rights and Data Management: You hold several rights concerning your personal data:

  • Access and Correction: You can request access to or corrections of your personal data at any time.
  • Deletion: You may request the deletion of your personal data.
  • Information on Retention Periods: You may inquire about specific retention periods for different types of personal data we hold.

Cookies

We store secure cookies on your device to handle authentication. We also store cookies for analysing site usage.

Policy for Children

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

Changes to this Policy

We reserve the right to amend this Privacy Policy at any time for any reason. Changes to the policy will be communicated by updating the "Effective Date" at the top of this document and by posting the revised policy on our Site. These modifications will take effect immediately upon posting. To stay informed of any changes, you are encouraged to review this Privacy Policy periodically. By continuing to use the Site after changes are posted, you acknowledge and accept the revised policy. We recommend keeping track of the policy updates to ensure you are aware of how your personal information is being used.

Contact Information

If you have any questions or comments about this Privacy Policy or need to exercise your rights, you can reach us at:

  • Email: privacy@subble.com
  • Address: SaaS Management Technologies Pty Ltd, L 7 420 King William St, Adelaide SA 5000, Australia

We value your privacy and are committed to resolving any concerns you may have regarding your personal information.

Subble isn't just SaaS management. It's the revolution your business needs.