Privacy Policy

Article 1 — Introduction and Scope

This Privacy Policy (hereinafter "Policy") describes how Subliy LLC, a Florida limited liability company ("Subliy," "Company," "we," "us," or "our"), collects, uses, stores, discloses, transfers, and otherwise processes personal information and other data in connection with the Subliy platform, website located at subliy.com, application programming interfaces ("APIs"), dashboards, tools, and all related services (collectively, the "Platform").

This Policy applies to: (a) all registered Users ("Pros") of the Platform; (b) Customers of Users who interact with or transact through the Platform; (c) visitors to the Platform who do not have an Account; and (d) any individual whose personal information is collected, processed, or stored through the Platform (collectively, "you" or "your"). This Policy is incorporated into and forms part of our Terms of Service.

BY ACCESSING OR USING THE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE COLLECTION, USE, DISCLOSURE, AND OTHER PROCESSING OF YOUR INFORMATION AS DESCRIBED IN THIS POLICY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY DISCONTINUE ALL USE OF THE PLATFORM.

This Policy is designed to provide comprehensive transparency regarding our data practices while preserving Subliy's ability to collect, use, and leverage data in connection with its business operations to the maximum extent permitted by Applicable Law.

Article 2 — Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you register for an Account, use the Platform, communicate with us, or otherwise interact with our services. This includes the following categories:

(a) Identity and Contact Information: Full name, email address, telephone number, mailing address, and any other identifiers you provide during registration or in connection with your use of the Platform.

(b) Business Information: Business name, business address, business type, service categories, service areas, pricing information, and any other information related to the operation of your home services business on the Platform.

(c) Account Credentials: Username, password, security questions, and any other authentication information used to secure your Account.

(d) Financial and Payment Information: Billing address, payment card details (collected directly by our payment processor, Stripe), bank account information for payouts, transaction history, and other financial data necessary to facilitate payments through the Platform.

(e) Customer Data: Information about your Customers that you input into the Platform, including Customer names, contact information, service addresses, subscription details, service history, and any notes or records you maintain through the Platform.

(f) Communications: The content of messages you send and receive through the Platform's messaging system, emails you send to us, feedback, support requests, and any other communications you make in connection with the Platform.

(g) User Content: Profile photos, business logos, images, documents, and any other content you upload, post, or otherwise make available through the Platform.

2.2 Information Collected Automatically

When you access or use the Platform, we automatically collect certain information about your device, your use of the Platform, and your interactions with our services. This includes:

(a) Device and Technical Information: Device type, operating system and version, unique device identifiers, browser type and version, screen resolution, language preferences, mobile network information, and push notification tokens.

(b) Log and Usage Data: IP address, access times and dates, pages viewed, features used, actions taken within the Platform (such as creating a subscription plan, recording a service visit, or sending a message), clickstream data, session duration, referring URLs, and error logs.

(c) Location Data: With your consent, we collect precise geolocation data when you use the service visit check-in feature within the Subliy mobile application. This data is recorded at the time of check-in to verify that a service provider was physically present at a Customer's address. We may also collect approximate location data derived from your IP address.

(d) Cookie and Tracking Technology Data: Information collected through cookies, web beacons, pixels, local storage, and similar tracking technologies as described in Article 7 of this Policy.

2.3 Information from Third Parties

We may receive personal information about you from third-party sources and combine it with information we collect directly. Third-party sources include:

(a) Payment processors (such as Stripe) that provide us with transaction confirmations, payment status updates, payout details, and fraud-related information.

(b) Identity verification services that provide us with the results of identity and business verification checks conducted as part of the onboarding process for Stripe Connect.

(c) Analytics providers that help us understand how users interact with the Platform.

(d) Communication service providers (such as Resend and Twilio) that provide us with delivery status information for emails and SMS messages sent through the Platform.

(e) Cloud storage providers (such as Cloudinary) that store and deliver images and media uploaded through the Platform.

(f) Push notification services (such as Expo) that facilitate the delivery of notifications to your mobile device.

(g) Publicly available sources, including public databases, social media platforms, and other publicly accessible sources, to the extent permitted by Applicable Law.

2.4 Payment Information Processing

Subliy uses Stripe and Stripe's Link service as its payment processing infrastructure. When you enter payment card information on the Platform, that data is transmitted directly to Stripe via their secure, PCI DSS Level 1 compliant SDKs and APIs. Subliy does not receive, process, transmit, or store your full payment card number, expiration date, or card verification code (CVC) on its servers. Subliy retains only a Stripe Customer ID, the last four digits and brand of the payment card (for display purposes), and transaction records including amounts, dates, statuses, and invoice references. For Pros receiving payouts via Stripe Connect, Stripe may collect and store additional information including bank account details and identity verification documents. For more information about how Stripe handles your data, please review Stripe's Privacy Policy at stripe.com/privacy.

Article 3 — How We Use Your Information

Article 4 — How We Share Your Information

Article 5 — Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to provide and operate the Platform, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The specific retention periods depend on the nature and sensitivity of the information, the purposes for which it is processed, and Applicable Law requirements.

Account data, including your name, email address, phone number, and address, is retained for the duration of your Account and for a reasonable period thereafter to allow for account recovery or reactivation, after which it is permanently deleted. Payment and transaction records are retained for seven (7) years after the date of the transaction to comply with tax, accounting, and financial reporting requirements. Messages exchanged through the Platform are retained for the duration of the associated Pro's Account. Service visit records and location data are retained for three (3) years after the date of the visit for dispute resolution and record-keeping purposes. Usage and analytics data may be retained in aggregated, anonymized form indefinitely. Session and rate-limiting data stored in cache is subject to automatic expiration.

You may request earlier deletion of your data by contacting us using the information in Article 15. Certain data may be retained longer where required by Applicable Law or where we have a legitimate business need to do so (such as maintaining records for financial reporting or defending against legal claims). When your data is no longer required, we will securely delete or anonymize it in accordance with our data retention and destruction policies.

Article 6 — Data Security

We implement industry-standard technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, destruction, loss, and other forms of unlawful processing. These measures include, but are not limited to: encryption of data in transit using TLS (Transport Layer Security); hashing of passwords using bcrypt (passwords are never stored in plaintext); exclusive handling of payment card data by Stripe (payment card information never touches our servers); restriction of access to production systems and databases to authorized personnel with multi-factor authentication; automatic expiration of session tokens and rate-limiting data; regular reviews of our data collection, storage, and processing practices; and implementation of access controls and audit logging.

WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION, NO METHOD OF ELECTRONIC TRANSMISSION OR STORAGE IS COMPLETELY SECURE. WE CANNOT AND DO NOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR INFORMATION. IN THE EVENT OF A DATA BREACH AFFECTING YOUR PERSONAL INFORMATION, WE WILL NOTIFY YOU AND ANY APPLICABLE REGULATORY AUTHORITIES AS REQUIRED BY APPLICABLE LAW.

Article 7 — Cookies, Tracking Technologies, and Online Advertising

7.1 Cookies and Similar Technologies

The Platform uses cookies and similar tracking technologies to maintain functionality, improve the user experience, and analyze how the Platform is used. Cookies are small data files placed on your device when you visit a website. We use the following categories of cookies and tracking technologies:

• Essential Cookies: These cookies are strictly necessary for the Platform to function and cannot be switched off. They include session cookies used to keep you logged in and maintain your session state, authentication tokens, and security cookies.
• Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings. They may be set by us or by third-party providers whose services we have added to the Platform.
• Analytics Cookies: These cookies allow us to collect anonymized usage data such as page views, feature usage, session duration, and navigation patterns. This data is used solely to improve the Platform and is not shared with advertisers.

7.2 Local Storage

The Platform uses browser local storage to store user preferences and non-sensitive application state on your device to improve performance and user experience. Local storage data remains on your device until cleared by you or the Platform.

7.3 Online Advertising

Subliy does not use advertising cookies or tracking pixels. We do not serve targeted advertisements on the Platform, and we do not share your browsing data with advertising networks. We do not participate in cross-site tracking or cross-context behavioral advertising. You may manage your cookie preferences through your browser settings at any time. Please note that disabling essential cookies may impair the functionality of the Platform.

Article 8 — Your Rights and Choices

8.1 General Rights

Depending on your jurisdiction and Applicable Law, you may have certain rights with respect to your personal information, including the right to access, correct, update, delete, or port your personal information. You may also have the right to restrict or object to certain processing of your personal information, and the right to withdraw your consent where processing is based on consent.

8.2 Access and Correction

You may access and update certain personal information through your Account settings. You may also request a copy of the personal information we hold about you, or request that we correct inaccurate information, by contacting us using the information in Article 15.

8.3 Deletion

You may request that we delete your personal information by contacting us using the information in Article 15. We will comply with your request subject to any legal obligations that require us to retain certain data, such as financial and transaction records required for tax and accounting purposes. Deletion of your Account and personal information is permanent and cannot be reversed.

8.4 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected your information, the business or commercial purpose for collecting your information, and the categories of third parties with whom we share your information.
• Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions provided under Applicable Law.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: Subliy does not sell your personal information, nor do we share it for cross-context behavioral advertising. Therefore, there is no need to opt out of such activities.
• Right to Limit Use of Sensitive Personal Information: To the extent we process sensitive personal information, you have the right to limit our use of such information to purposes permitted by Applicable Law.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, quality, or levels of service for making a privacy request.

To exercise your California privacy rights, please contact us using the information in Article 15 with the subject line "CCPA Request." We will verify your identity and respond within forty-five (45) days as required by law. You may also designate an authorized agent to make a request on your behalf.

8.5 Other State Privacy Laws

Residents of certain other states, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Indiana (INCDPA), Tennessee (TIPA), and other states with comprehensive privacy laws, may have additional rights under their respective state privacy statutes. These rights may include the right to access, correct, delete, and obtain a copy of your personal information, as well as the right to opt out of targeted advertising, the sale of personal information, and profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise any rights available to you under Applicable Law, please contact us using the information in Article 15. We will process your request in accordance with the requirements of your applicable state privacy law. If your request is denied, you may have the right to appeal our decision by contacting us.

Article 9 — Children's Privacy

The Platform is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18. If you are under 18, please do not use the Platform or provide any personal information to us.

If we become aware that we have collected personal information from a person under 18 without verification of parental consent, we will take reasonable steps to delete that information promptly. If you believe we have collected information from a minor, please contact us immediately using the information in Article 15.

Article 10 — International Data Transfers

Subliy is based in the United States, and the information we collect is governed by U.S. law. If you are accessing the Platform from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your country.

BY USING THE PLATFORM, YOU CONSENT TO THE TRANSFER OF YOUR INFORMATION TO THE UNITED STATES AND OTHER JURISDICTIONS AS DESCRIBED IN THIS POLICY. We will take reasonable steps to ensure that your information is treated securely and in accordance with this Policy, regardless of where it is processed or stored.

Article 11 — Third-Party Links and Services

The Platform may contain links to third-party websites, applications, or services that are not owned or controlled by Subliy. This Policy does not apply to the privacy practices of such third parties. We are not responsible for the content, privacy policies, or practices of any third-party websites, applications, or services. We encourage you to review the privacy policies of any third-party services you access through links on the Platform.

Our integration with third-party service providers, including Stripe, Resend, Twilio, Expo, and Cloudinary, is governed by their respective privacy policies and terms of service. While we require our service providers to protect your information, we are not liable for the independent actions or omissions of these third-party providers.

Article 12 — User Responsibilities Regarding Customer Data

If you are a Pro using the Platform to manage Customers and their personal information, you acknowledge and agree that:

• (a) You are responsible for ensuring that you have obtained all necessary consents and authorizations from your Customers before inputting their personal information into the Platform.
• (b) You will use Customer data collected through the Platform only for legitimate business purposes related to the provision of your services, and in compliance with all Applicable Laws, including applicable privacy and data protection laws.
• (c) You will not sell, rent, lease, or otherwise disclose Customer data obtained through the Platform to any third party without the Customer's explicit consent, except as required by Applicable Law.
• (d) You are responsible for responding to any data access, correction, or deletion requests from your Customers with respect to the Customer data you have inputted into the Platform, and you will cooperate with Subliy in fulfilling any such requests.
• (e) You will implement reasonable security measures to protect the confidentiality and integrity of Customer data within your control, including safeguarding your Account credentials and restricting access to authorized personnel only.
• (f) You will promptly notify Subliy of any suspected or actual data breach or unauthorized access to Customer data that you become aware of in connection with your use of the Platform.

Subliy acts as a service provider (or processor) with respect to the Customer data that Pros input into the Platform. Pros are the controllers of such Customer data and bear primary responsibility for compliance with Applicable Law regarding its collection, use, and processing.

Article 13 — Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, technology, legal requirements, or for other operational reasons. When we make changes to this Policy, we will update the "Last Updated" and "Effective Date" at the top of this page. If we make material changes that affect how we collect, use, or share your personal information, we will notify you by email, through an in-app notification, or by posting a prominent notice on the Platform prior to the change becoming effective.

YOUR CONTINUED USE OF THE PLATFORM AFTER THE EFFECTIVE DATE OF A REVISED PRIVACY POLICY CONSTITUTES YOUR ACCEPTANCE OF THE UPDATED TERMS. IF YOU DO NOT AGREE WITH ANY CHANGES TO THIS POLICY, YOU MUST DISCONTINUE YOUR USE OF THE PLATFORM. We encourage you to review this Policy periodically to stay informed about how we protect your information.

Article 14 — Governing Law and Dispute Resolution

This Privacy Policy is governed by and construed in accordance with the laws of the State of Florida, United States, without regard to its conflict of law provisions. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Miami-Dade County, Florida.

To the extent permitted by Applicable Law, any claims or disputes relating to this Policy or the processing of your personal information shall be resolved in accordance with the dispute resolution provisions set forth in our Terms of Service, including any applicable arbitration agreement contained therein.

Article 15 — Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: