← Back home

Privacy Policy

Last updated: 5 July 2026

1. Who is the data controller

For personal data about your own account and staff, Subinx is the controller. For data you upload about your clients, tenants, and jobs, you are the controller and we act as your processor.

2. What we collect

3. Legal basis (UK GDPR)

We process personal data under: (a) contract — to deliver the Service you signed up for; (b) legitimate interest — to keep the platform secure and improve it; (c) legal obligation — for tax and accounting records.

4. Who we share data with

We do not sell your data. We do not share it for advertising.

5. Retention

Active accounts: for as long as your subscription is active. Closed accounts: 90 days for restoration, then hard-deleted. Invoicing records: retained for 6 years to meet UK tax law.

6. Your rights

Under UK GDPR you can request access, correction, deletion, restriction, portability, or object to processing. Email hello@subinx.co.uk and we will respond within 30 days. You can also lodge a complaint with the ICO.

7. Security

Data is encrypted in transit (TLS) and at rest. Row-level security isolates tenants at the database layer. Access to production systems is restricted and logged.

8. Cookies

We use strictly-necessary cookies (session, CSRF) and no third-party advertising cookies. Analytics are aggregate and privacy-preserving.

9. Changes

Material changes will be communicated by email at least 14 days in advance.

10. Contact

Data queries: hello@subinx.co.uk.