Privacy Policy

Last updated: 05/12/2023

At Subsystem ("we," "us," or "our"), we are committed to protecting the privacy of our users. This Privacy Policy outlines how we collect, use, and disclose personal information when you access and use our services.

By using our services, you agree to the collection and use of your personal information in accordance with this Privacy Policy.

Information We Collect

We may collect the following types of information from you when you use our services:

• a) Personal Information: This includes any information that can be used to identify you, such as your name, email address, phone number, and billing information.
• b) Usage Information: We may collect information about how you use our services, such as the features you access, the actions you take, and the time and duration of your usage.

How We Use Your Information

We use the information we collect for various purposes, including:

• a) To provide and improve our services
• b) To personalize your experience
• c) To communicate with you, including for marketing and promotional purposes
• d) To protect the security and integrity of our services
• e) To comply with legal obligations and enforce our terms of service

Disclosure of Your Information

We may share your personal information with third parties under the following circumstances:

• a) With your consent
• b) With third-party service providers who help us operate and maintain our services
• c) To comply with legal obligations, such as responding to subpoenas, court orders, or other legal processes
• d) To protect our rights, property, or safety, and the rights, property, or safety of our users and the public
• e) In connection with a merger, acquisition, or sale of our assets

Storage and Protection of Access Tokens and API Keys

At Subsystem, we understand the importance of securely handling access tokens and API keys. To ensure their safety, we implement the following measures:

• a) Encryption: We encrypt all access tokens and API keys before storing them in our database. This ensures that even in the unlikely event of unauthorized access to our database, your sensitive data remains protected.
• b) Server-Side Usage: We do not use or access API keys or access tokens from client (browser) side of our application. By avoiding client-side usage, we minimize the risk of exposure to potential security vulnerabilities.
• c) Regular Audits and Updates: We continually monitor and evaluate our security practices to ensure the ongoing protection of access tokens and API keys. This includes regular audits and updates to our encryption methods and storage protocols.

Storage of Airtable Record Data and Metadata

We prioritize the privacy and security of your data. With respect to Airtable record data and metadata, our practices are as follows:

• a) Record Data: We do not store any of your Airtable record data or record values. This ensures that the sensitive content of your records remains solely within your Airtable account and is not stored on our servers.
• b) Metadata: While we do not store your Airtable record data, we do store metadata associated with your records, such as base, field or record IDs. This information is necessary for our services to function effectively and efficiently. We take appropriate measures to protect the metadata we store, in accordance with the other sections of this Privacy Policy.

By clearly distinguishing between record data and metadata, we maintain a balance between providing a seamless user experience and protecting your sensitive information.

Security

We take the security of your personal information seriously and implement appropriate measures to protect your information from unauthorized access, use, or disclosure. However, no method of data transmission or storage is 100% secure, and we cannot guarantee the absolute security of your information.

Cookies and Tracking Technologies

We use cookies and other tracking technologies, such as web beacons and device identifiers, to collect information about your activity on our platform and enhance your experience. These technologies help us remember your preferences, track your usage of our services, and provide personalized content and advertising. By using our services, you consent to our use of cookies and other tracking technologies. You can control your cookie settings through your browser settings or by following the instructions provided in our Cookie Policy.

Third-Party Links

Our services may include links to third-party websites or services. Please be aware that these third parties have their own privacy policies and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites or services you visit.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. When we no longer need your personal information, we will securely delete it in accordance with applicable laws and regulations. If you delete your account, allow up to 24 hours for all data associated with your account to be deleted.

Legal Basis for Processing Personal Information (for GDPR compliance)

• a) Contractual necessity: We process personal information to fulfill our contractual obligations and provide our services to you.
• b) Legitimate interests: We process personal information to operate and improve our services, protect our rights and interests, and communicate with you.
• c) Consent: In some cases, we may process your personal information based on your consent, which you can withdraw at any time.

Rights of Users

You have the following rights concerning your personal information:

• a) Access: You have the right to request access to the personal information we hold about you.
• b) Rectification: You have the right to request the correction of any inaccurate personal information we hold about you.
• c) Erasure: You have the right to request the deletion of your personal information under certain circumstances.
• d) Restriction of processing: You have the right to request the restriction of processing of your personal information under certain conditions.
• e) Objection: You have the right to object to the processing of your personal information under certain circumstances.
• f) Data portability: You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format.

To exercise any of these rights, please contact us at support@getsubsystem.com

California Privacy Rights (for CCPA compliance)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• a) Right to know: You have the right to request information about the personal information we collect, use, disclose, and sell about you.
• b) Right to delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
• c) Right to opt-out of sale: You have the right to opt-out of the sale of your personal information, if applicable.
• d) Right to non-discrimination: You have the right not to be discriminated against for exercising your CCPA rights.

To exercise any of these rights, please contact us at support@getsubsystem.com

Children's Privacy

Our services are not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to remove that information and terminate the child's account.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the updated policy on this page, and we encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at support@getsubsystem.com