What we collect
We collect two kinds of data: account data (your Subportly login, billing info, team membership) and Reddit data (messages, threads, and metadata from the Reddit accounts you connect via OAuth).
Account data we collect directly from you when you sign up:
- Name and email address
- Workspace name and team member emails (when you invite them)
- Billing address and payment method (handled by Stripe — we never see card numbers)
- Standard product telemetry: pages visited, features used, error reports
Why we collect it
To run the service. We use account data to authenticate you, bill you, and provide support. We use Reddit data to show you your messages — that’s the product. We do not sell your data, ever, and we do not use it to train AI models.
Reddit data & OAuth tokens
When you connect a Reddit account, we receive an OAuth token from Reddit on your behalf. We use it to fetch messages, modmail, mentions, and comment replies for that account. We store the token encrypted at rest and use it only to make Reddit API calls you’ve explicitly enabled.
We poll Reddit on a schedule (5 minutes on Starter, 60 seconds on Team, 15 seconds on Enterprise). We cache message content so you can read it offline and search across history. You can disconnect any Reddit account at any time from settings — disconnecting revokes our token and deletes the cached content within 24 hours.
What we never do: post on your behalf without your action, scrape Reddit content outside the official API, share connected-account data with anyone outside your workspace, or use OAuth tokens for anything other than the inbox feature.
Who we share it with
A short, named list. Each is bound by a DPA:
- Amazon Web Services — hosting (US-East and EU-West)
- Stripe — payment processing
- Postmark — transactional email
- Sentry — error reporting
- Linear — internal support tickets (only when you contact us)
The full current list lives at /subprocessors. We notify customers 30 days before adding a new one.
How long we keep it
Reddit message history is retained for 12 months by default on Team. Enterprise customers can configure retention from 0 days (no cache) to 7 years. When you delete a workspace, all data is deleted within 30 days, including from backups.
Your rights
If you’re in the EU, UK, California, or any jurisdiction with comparable laws, you have the right to access, correct, export, or delete your data. You can do all four self-serve from settings, or email privacy@subportly.com.
Where data lives
You pick a region at signup (US or EU). Data stays there. We do not move data between regions without telling you. We do not transfer data outside your chosen region for any reason short of a court order, and if that happens we’ll notify you unless legally prohibited.
Contact
Questions about this policy? privacy@subportly.com. We respond within 5 business days.
This is a starter privacy policy. Subportly Labs, Inc. should have it reviewed by counsel before going to production. It is not legal advice.