subprocessor.io
Legal

Privacy Policy

This policy explains how subprocessor.io handles personal data when you use our website.

Last updated: 31 May 2026

1. Who we are

Subprocessor.io ("we", "us", "our") provides subprocessor obligation management software for B2B SaaS companies. We are the data controller for personal data collected through this website.

Questions about this policy can be sent to privacy@subprocessor.io.

2. Data we collect

The only personal data we collect on this site is what you voluntarily submit through our contact form: your name, work email address, and company name.

We do not use tracking pixels, advertising cookies, or behavioural analytics on this site.

3. How we use your data

We use your contact details solely to respond to your enquiry and, where relevant, to follow up about the product. We will not add you to a mailing list or pass your details to third parties for marketing purposes.

4. Legal basis (GDPR)

Where the UK GDPR or EU GDPR applies, we rely on legitimate interests as our legal basis — specifically, our interest in responding to genuine business enquiries, balanced against the low privacy impact of processing only the information you have chosen to provide.

5. Sharing your data

We use an email service provider to receive and respond to contact form submissions. That provider processes your data on our behalf as a data processor and is contractually restricted to acting on our instructions. We do not sell, rent, or share your personal data with any other third parties.

6. Retention

We retain contact form submissions for up to 24 months from the date of your enquiry, or until you ask us to delete them, whichever is sooner.

7. Your rights

Depending on your location, you may have the right to access, correct, or delete your personal data, and to object to or restrict our processing of it. To exercise any of these rights, email privacy@subprocessor.io and we will respond within one month.

You also have the right to lodge a complaint with a supervisory authority. In the UK this is the Information Commissioner’s Office (ico.org.uk); in the EU, your local data protection authority.

8. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page will reflect any changes.

Questions about this document? Email privacy@subprocessor.io.