Privacy Policy
Last updated: 5 July 2026
1. Who is the data controller
For personal data about your own account and staff, Subinx is the controller. For data you upload about your clients, tenants, and jobs, you are the controller and we act as your processor.
2. What we collect
- Account data: name, email, company name, hashed password.
- Operational data: jobs, clients, engineers, photos, invoices, SOR codes, messages you generate in the app.
- Usage data: log-in times, IP address, browser, error logs — used to keep the service secure and reliable.
- Billing data: handled by our payment processor. We only store the plan, status, and last-four card digits.
3. Legal basis (UK GDPR)
We process personal data under: (a) contract — to deliver the Service you signed up for; (b) legitimate interest — to keep the platform secure and improve it; (c) legal obligation — for tax and accounting records.
4. Who we share data with
- Hosting & database: UK/EU hosted infrastructure with row-level security so tenants are isolated.
- Email delivery: for transactional emails (invoices, resets, notifications).
- Payment processor: for subscription billing.
- AI providers: only when you use AI features (e.g. AI Complete, AI Import). Prompts are transient and are not used to train third-party models.
We do not sell your data. We do not share it for advertising.
5. Retention
Active accounts: for as long as your subscription is active. Closed accounts: 90 days for restoration, then hard-deleted. Invoicing records: retained for 6 years to meet UK tax law.
6. Your rights
Under UK GDPR you can request access, correction, deletion, restriction, portability, or object to processing. Email hello@subinx.co.uk and we will respond within 30 days. You can also lodge a complaint with the ICO.
7. Security
Data is encrypted in transit (TLS) and at rest. Row-level security isolates tenants at the database layer. Access to production systems is restricted and logged.
8. Cookies
We use strictly-necessary cookies (session, CSRF) and no third-party advertising cookies. Analytics are aggregate and privacy-preserving.
9. Changes
Material changes will be communicated by email at least 14 days in advance.
10. Contact
Data queries: hello@subinx.co.uk.