Your data belongs
to you.

We collect only what we need, we never sell it, and you stay in control. This policy explains exactly what we do with your information.

Last updated: January 21, 2026

Our Commitment

SubBust is built on a simple principle: your data belongs to you. We collect only what we need to provide the service, we give you full control over your information, and we will never sell it to anyone.

SubBust is operated by Afluate. This policy applies to all users of the SubBust platform. It complies with applicable data protection laws and is written to be understood by actual humans, not just lawyers.

Data We Collect

Information you provide

Account information — email address, encrypted password, and preferences
Subscription data — services, costs, and renewal dates you choose to track
Payment information — billing details processed through our payment provider; we never store full card numbers
Profile data — name, settings, and communication preferences
Support communications — messages when you contact our support team

Information collected automatically

Device and browser info — type, OS, browser version, screen resolution
Usage data — pages visited, features used, time spent, and navigation paths
Approximate location — country and city level only, based on IP address
Ad engagement data — views and engagement metrics used to calculate your earnings
Error and performance logs — technical metrics to keep the platform running smoothly

Affiliate and referral data

When you use affiliate links or our referral program, we record click-throughs, conversions, and earnings to correctly credit your account.

How We Use Your Data

Running the service

Account management — create and maintain your account, verify your identity
Core features — track subscriptions, calculate ad earnings, process commissions, and apply credits
Payments — process subscription payments and distribute earnings to your wallet
Communications — send subscription reminders, earnings updates, and service announcements
Support — respond to inquiries and resolve issues

Platform improvement

We analyze usage patterns to understand how SubBust is used and where it can improve. Wherever possible, we use aggregated, anonymized data rather than individual records.

Security and fraud prevention

Behavioral and transactional data is used to detect and block fraudulent activity, unauthorized access, and abuse. This protects your account and keeps the platform fair for everyone.

What We Never Sell

We never sell, rent, or trade your personal information to third parties for any marketing purpose.

Unlike many free services, SubBust does not monetize your personal data. Revenue comes from advertisers reaching engaged audiences — not from selling information about you.

Your email is never shared with marketing companies

Your subscription data stays private

Your usage patterns are not sold to advertisers

Your financial information is never disclosed

We do not build or sell advertising profiles

Advertisers receive only aggregated, anonymous data

Cookies and Tracking

Types of cookies we use

Essential

Required for authentication, security, and session management. These cannot be disabled without breaking the platform.

Preferences

Remember your settings, language, and customization choices across sessions.

Analytics

Help us understand how the platform is used so we can improve it. Data is aggregated.

Ad tracking

Track ad views and engagement to calculate your earnings accurately. These do not identify you to advertisers personally.

Managing cookies

You can control cookie settings through your browser preferences. Disabling certain cookies may limit platform functionality. See your browser's help documentation for instructions.

Third-Party Providers

Who we share data with

We work with a small set of trusted providers. All are contractually required to protect your data and use it only for the purpose it was shared.

Payment processors — handle transaction data with industry-standard security
Cloud infrastructure — hosting and database services with enterprise-grade security
Analytics providers — platform usage analysis using aggregated, anonymized data
Email services — notifications and support communications
Advertising networks — receive only aggregated performance data, not personal information

Our requirements for providers

Every provider signs a data processing agreement requiring them to use data only for agreed purposes, implement appropriate security measures, and comply with applicable law. We review provider compliance regularly.

Legal disclosures

We may disclose your information when required by law or valid legal process, to protect our legal rights, to prevent fraud, or to protect user safety. Where permitted, we will notify you when such a request is made.

Security and Data Retention

How we protect your data

Encryption — all data encrypted in transit (TLS) and at rest (AES-256)
Access controls — strict role-based access with multi-factor authentication for internal systems
Ongoing assessments — regular security reviews and vulnerability scanning
Monitoring — continuous security monitoring and intrusion detection
Redundant infrastructure — enterprise-grade cloud hosting with automated backups

How long we keep data

We retain your data only as long as necessary to provide the service. After account deletion, personal data is securely deleted or anonymized within 90 days, except where longer retention is required by law. Backup systems may hold data for up to 30 additional days.

Your Rights and Choices

What you can request

Access

Request a copy of all personal data we hold about you.

Correction

Update or fix inaccurate information at any time through your account settings.

Deletion

Request permanent deletion of your account and data. We process these within 30 days.

Portability

Export your data in a machine-readable format (JSON or CSV).

Opt-out

Unsubscribe from marketing at any time while still receiving service notifications.

Restriction

Limit how we process your data in certain circumstances.

Objection

Object to processing your data for direct marketing or other purposes.

How to exercise your rights

1Log in and visit your account Settings for self-service options
2Email support@subbust.com with your specific request
3We will respond to verified requests within 30 days

California and EU residents

CCPA and GDPR provide additional protections:

Right to know what personal information is collected, used, and shared
Right to non-discrimination for exercising privacy rights
Right to withdraw consent at any time
Right to lodge a complaint with a supervisory authority

Children's Privacy

SubBust is not intended for users under 18. We do not knowingly collect personal information from children. If we learn that we have done so without parental consent, we will delete that information immediately. Contact support@subbust.com if you believe a child has provided us with personal data.

International Data Transfers

SubBust operates globally, and your information may be processed in countries other than where you live. Those countries may have different data protection laws.

When data crosses borders, we implement appropriate safeguards — including standard contractual clauses — to ensure it receives equivalent protection regardless of location.

Policy Changes

When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page
Notify you via email or a prominent notice on the platform
Obtain your consent again if required by law

Contact Us

Questions, requests, or concerns about your data or this policy:

Privacy support

support@subbust.com

For privacy inquiries, data requests, and GDPR-related matters

Response time: We aim to reply to all privacy inquiries within 48 hours and complete data requests within 30 days.

Your data belongsto you.