Privacy Policy

Subcraft.ai, Inc., a Delaware corporation with its principal place of business at 3654 Thornton Ave, #720, Fremont, CA 94536 (“Subcraft,” “we,” “our,” or “us”), values your privacy. This Privacy Policy explains how we collect, use, and protect information when you use our website and services (the “Services”).

We may collect personal information that you provide, information automatically collected through usage and integrations, and information gathered via cookies and similar tracking technologies. These technologies help us operate the Services, analyze site traffic, personalize content, and support marketing efforts.

By using Subcraft.ai, you agree to the practices described in this Privacy Policy, including our use of cookies and tracking technologies as described below.

Pre-release notice. Subcraft.ai is currently offered through a Design Partner program and is not yet generally available. Features, integrations, and data-handling practices described herein are planned and may change as the product evolves. This Privacy Policy describes our data practices as of the date above.

1. Our Role (Controller vs. Processor)

• Controller. For data we collect directly — site visitors, marketing leads, Design Partner contacts, and merchant account administrators — Subcraft is the Controller (the entity determining how and why data is processed).
• Processor. For data our merchant customers send us about their own end customers (e.g., transaction metadata used for payment-failure recovery), Subcraft acts as the Processor and handles that data only on documented merchant instructions under our Data Processing Addendum.

This Privacy Policy governs Subcraft’s Controller-role processing. Processor-role processing is governed by our Data Processing Addendum.

2. Information We Collect

a. Information You Provide

• Business and contact details (name, email, phone, company, job title).
• Billing information (limited to invoicing details — we do not store credit card data).
• Account credentials (when you register for an account).

b. Information Collected Automatically

• Usage data (log files, browser type, IP address, device information, pages visited).
• Cookies and tracking technologies to improve performance and analytics.

c. Data from Integrations

• When merchants connect their billing or payment providers (e.g., Stripe, Recurly, Chargebee, Zuora, Braintree, Adyen), we process limited transaction metadata necessary to recover failed payments. This data is handled under our DPA.
• Subcraft does not store or process sensitive payment card details.

3. How We Use Your Information

We use the collected information to:

• Provide and operate the Subcraft Services.
• Analyze failed payments and optimize recovery using AI models (see Section 4).
• Send automated customer communications (email, SMS) if enabled by the merchant.
• Improve product performance through analytics and A/B testing.
• Respond to inquiries and provide customer support.
• Comply with legal obligations.

4. AI and Machine Learning

Subcraft uses AI and machine-learning models to power retry and recovery features (for example, predicting optimal retry timing and generating customer outreach variants). We use customer and merchant data to operate these models. We do not use end-customer personal information to train third-party or general-purpose foundation models. Aggregated or de-identified data may be used to improve Subcraft’s own models and Services.

5. Legal Bases for Processing (EEA/UK)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

• Contract — to provide the Services you or your company have signed up for.
• Legitimate interests — to operate, secure, and improve the Services and to communicate with prospects and customers.
• Consent — for optional cookies, marketing communications, and any other processing where consent is required.
• Legal obligation — where processing is required to comply with applicable law.

6. How We Share Your Information

We do not sell your information. We may share data with:

• Service providers (e.g., hosting, analytics, email/SMS providers) acting as subprocessors under contract. Our current subprocessor list is available at subcraft.ai/subprocessors.
• Payment/billing processors connected by the merchant.
• Legal authorities if required by law or to protect our rights.

All third parties are contractually obligated to protect your information.

7. Data Security

• We use industry-standard encryption (TLS/SSL) in transit and at rest.
• We never store sensitive payment card details.
• Access to data is restricted to authorized personnel under role-based access controls.

8. Data Retention

We retain Controller-role data for the periods below unless a longer period is required by law:

Data	Retention
Merchant account data (company info, admin users, billing)	Life of the account + 6 months
Marketing and lead data (prospects, unconverted sign-ups)	24 months from last engagement
Support tickets and correspondence	24 months after ticket closure
Website analytics and cookie data	13 months

Processor-role data (merchant end-customer transaction metadata) is retained for the duration of the merchant’s engagement with Subcraft and deleted or returned on termination in accordance with the DPA.

You may request deletion of your account data by contacting us at privacy@subcraft.ai.

9. Your Rights

a. EEA, UK, and Switzerland

Subject to applicable law, you may:

• Access, correct, or delete your personal data.
• Object to or restrict certain processing.
• Request portability of data you provided to us.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your supervisory authority.

b. California (CCPA/CPRA)

California residents may:

• Know what categories of personal information we collect and the purposes for which it is used.
• Request access to, correction of, or deletion of personal information.
• Opt out of the “sale” or “sharing” of personal information. Subcraft does not sell personal information and does not share it for cross-context behavioral advertising.
• Limit the use of sensitive personal information (we do not use sensitive personal information for secondary purposes requiring this right).
• Be free from retaliation or discrimination for exercising these rights.

To exercise any of the above rights, contact us at privacy@subcraft.ai. We will verify your identity before fulfilling a request.

10. Cookies and Tracking

We use cookies to:

• Remember login sessions.
• Analyze site usage and improve features.
• Provide relevant marketing campaigns.

You can control cookies through our cookie banner or your browser settings. Essential cookies cannot be disabled.

Cookie Categories

• Essential Cookies — Required for core functionality such as security, login sessions, and form submissions.
• Analytics Cookies — Help us understand how our site and platform are used, so we can improve performance and features.
• Marketing Cookies — Used to deliver relevant ads and measure campaign effectiveness, including retargeting.

11. International Data Transfers

If you access Subcraft outside the United States, your data may be transferred to and processed in the U.S. Where EEA, UK, or Swiss data is transferred, we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, and the Swiss addendum, as applicable.

12. Children’s Privacy

Subcraft is a business service not intended for children. We do not knowingly collect data from children under 16 (EEA/UK) or under 13 (United States).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be posted with a new “Last Updated” date at the top of this page.

14. Contact Us

Subcraft.ai, Inc.
3654 Thornton Ave, #720
Fremont, CA 94536
Telephone: 408-762-4310
Email: privacy@subcraft.ai