Last Updated on: July 16, 2025
Subotiz and/or its Affiliates (“Subotiz”, "we", "us" or "our") is committed to protecting your privacy. This Privacy Policy describes how Subotiz collects, uses, shares and otherwise processes the Personal Data of individuals covered by this Privacy Policy (the “Policy”), including choices and rights available to such individuals with respect to their Personal Data.
This Privacy Policy applies to all Subotiz Users, End-Customers, visitors to the Websites, anyone contacting and individuals who engage with us or we engage with, whereby we control or determine the means and purposes of processing their Personal Data, or otherwise only process their Personal Data as per the data controller’s instruction (“you” or “your”). Please note that not all provisions of this Policy will apply to you and your Personal Data, as this will depend on your specific relationship with us. The capitalized terms used in this Policy but not defined herein shall have the same meaning as defined in the Terms of Service.
BY USING THE WEBSITES OR ANY SUBOTIZ OPERATED SERVICES OR SUBMITTING PERSONAL DATA TO SUBOTIZ THROUGH THE WEBSITES OR ANY SUBOTIZ POWERED SERVICES, YOU ARE CONSENTING TO THE COLLECTION, USE, TRANSFER, AND DISCLOSURE OF INFORMATION AS DESCRIBED IN THIS POLICY. IF YOU DO NOT AGREE TO ABIDE BY THIS POLICY, DO NOT USE THE WEBSITES AND THE SERVICES. YOUR CONTINUED USE OF THE WEBSITES AND/OR THE SERVICES FOLLOWING THE POSTING OF ANY CHANGES TO THIS POLICY CONSTITUTES ACCEPTANCE OF SUCH CHANGES.
1. How do we collect your Personal Data
We may collect your Personal Data in various ways, which could either be directly from you or from third parties.
- Registration details: We collect or obtain Personal Data when you use, or register to use, any of our Websites or Services.
- Data provided to us: We obtain Personal Data when such data is provided to us (e.g., where you contact us via email or via the Websites, or by any other means).
- Relationship data: We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g. we provide the Services to you).
- Data you make public: We collect or obtain Personal Data that you manifestly choose to make public, including via social media (e.g. we may collect information from your social media profile(s) or if you make a public post about us).
- Site data: We may collect or obtain Personal Data when you visit any of our Websites or use any features or resources available on or through the Website.
- Content and advertising information: If you interact with any third party content or advertising on a site (including third party plugins and cookies) we may receive Personal Data from the relevant third party provider of that content or advertising.
- Third party information: We collect or obtain Personal Data from third parties who provide it to us (e.g. law enforcement authorities; etc.).
2. What Personal Data do we process about you?
Depending on who you are and how we are engaging with you, we may collect and process information including:
- Personal details: name; business name; date of birth; nationality; location data and language preferences.
- Contact details: address, email address and telephone number.
- Payment details: payment records; billing address; payment method (e.g. Visa, Mastercard and other international credit cards, Union Pay, Paypal and Alipay); cardholder or account holder name; card payment identifiers and other financial information.
- Purchase details: records of purchases and prices; and purchaser name, address, contact telephone number and email address.
- Data relating to your use of our Websites: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a website; username; password; security login details; and usage data.
- Content and advertising data: records of your interactions with our online advertising and content, records of advertising and content displayed on pages displayed to you, and any interaction you may have had with such content or advertising.
- Consent records: records of any consents you have given, together with the date and time; means of consent and any related information (e.g. the subject matter of the consent).
- Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.
- Other personal information which you may provide us or we may collect about you from you or third parties as part of the engagement with you or in order to engage with you.
Please note that not all of the above will apply to you, as it will depend on your relationship with Subotiz (e.g. Users, End-Customers, visitors, etc).
3. Why do we collect your Personal Data?
In most cases, we collect your Personal Data on the basis of your desire to utilize the Services from us or engage with us, including to complete a transaction using our Services. Therefore, our processing in many cases occurs on the basis of your consent or the need to perform a contract or commitment that we may have with you. However, in addition to this, there are other bases on which we may collect or process your Personal Data. These are as follows:
- For compliance with legal obligations, including for business accounting and tax purposes such as in relation to record-keeping, compliance, disputes, and filings;
- Legitimate interest, where we have assessed that it is beneficial to you and is in our legitimate business interest.
- Any other legal basis relevant to the specific Personal Data as permitted under Applicable Data Protection Laws.
4. How we use your Personal Data
The purposes for which we collect and process Personal Data, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:
4.1 To Provide Websites and Services:
- managing and maintaining your Account;
- providing our Websites, products, or services and ensuring their availability, integrity, and security;
- charging for our services and providing you access to third-party payment service;
- monitoring product performance to ensure reliability;
- identifying and resolving technical issues;
- operating and maintaining our website infrastructure and keeping our systems, products, and services secure and functioning properly;
- detecting and preventing fraud, abuse, and violations of our terms of service;
- responding to customer support inquiries and service requests; and
- making automated decisions based on data to optimize service delivery and user experience.
4.2 For Technology Development and Research of our Services and Websites
- Evaluating your business needs and recommending or demonstrating relevant products or services;
- Analyzing how you use our Services and Websites to understand behavioral patterns;
- Generating statistical insights to better understand user behavior and product interaction;
- Researching and developing new products and features;
- Improving the usability, accessibility, and interface of our Services;
- Enhancing and optimizing the performance and functionality of our overall service ecosystem;and
- Reaching out for and conducting surveys, setting up interviews, soliciting feedback, analysing usage and behaviour patterns, learning preferences and sending incentives.
4.3 To comply with Business obligations
- To carry out internal financial and tax management and reporting;
- To retain records for compliance with legal and regulatory requirements.
- To support internal legal, governance, and corporate administrative functions;
- To assess and implement corporate transactions, including mergers, acquisitions, divestitures, reorganizations, financings, and bankruptcy proceedings;
- To fulfill obligations related to due diligence, contract execution, and transaction completion; and
- To ensure business continuity and manage enterprise risk.
4.4 To comply with Legal and Compliance Purposes
- To comply with applicable laws, regulations, and legal obligations;
- To respond to lawful requests from courts, regulators, or law enforcement authorities;
- To manage legal risk, assert our legal rights, and participate in legal proceedings;and
- To conduct identity verification, sanctions screening, and risk assessments as required by law or internal policies.
4.5 For Marketing and Advertising
- To send you marketing emails, product updates, newsletters, and announcements;
- To show you contextual or behavioral ads based on your usage patterns;
- To publish your reviews or comments on our Website or blogs;
- To create and share case studies, blog posts, or other marketing content featuring your experience (with appropriate permissions);and
- To analyze how you use our products or services to improve our marketing strategies and better engage with you.
5. How do we store and protect your information
5.1 Location
We offer products and services in multiple countries and regions. You understand that your Personal Data may be transferred to a location outside of your country/region for storage or processing. In general, your Personal Data will be stored in the United States. However, for the purposes of providing services, statistics, or analysis, we may transfer your Personal Data across borders to regions outside the United States. In such cases, we will ensure that your Personal Data is provided with an equivalent level of protection in your country or region and that cross-border data transfers are conducted through encrypted channels.
5.2 Data Retention
We will retain your Personal Data only for the period necessary to achieve the purposes for which we collected it. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of your Personal Data, the potential risks of unauthorized use or disclosure of your Personal Data, the purposes for processing, and whether we can achieve these purposes through other means or in accordance with applicable legal requirements. We will also retain and use your Personal Data to the extent necessary to comply with legal obligations, resolve disputes, and enforce our policies. The criteria for determining the retention period include:
- Completing the transaction related to you, maintaining corresponding transaction and business records, and responding to your potential inquiries or complaints.
- Ensuring the security and quality of the Services we provide to you.
- The relevant requirements for litigation time limits.
- Whether there are other special agreements or legal regulations concerning the retention period.
After the retention period has expired, we will delete or anonymize your Personal Data in accordance with applicable legal requirements.
Please note that when you successfully delete your Subotiz Account, we will delete or anonymize your Personal Data.
Due to applicable legal and security technology limitations, we may not be able to immediately delete the corresponding information from our backup systems. We will securely store your Personal Data and restrict any further processing until the backup can be deleted or anonymized.
If we terminate our Services, we will notify you at least thirty days in advance and, after termination, delete or anonymize your Personal Data.
5.3 Our Policy Regarding Children
We do not knowingly collect or solicit Personal Data from a child under the age of 18 (or the age of majority in your jurisdiction of residence), nor do we knowingly allow children to use our Service. If you are a child under 18 (or the age of majority in your jurisdiction of residence), please do not send any information about yourself to us, including but not limited to your name, address, telephone number, or email address. No one under the age of 18 may provide any Personal Data. If you believe that we have collected Personal Data from a child, please contact us at the email and address provided below under “Contact Us”. In the event that we learn that we have collected Personal Data from a child, we will delete that information as soon as commercially practicable.
5.4 Security
We take reasonable and appropriate measures to protect your information from unauthorized access or against loss, misuse or alteration by third parties. We follow industry standards on information security management to safeguard sensitive information, such as financial information, intellectual property, employee details and any other Personal Data entrusted to us. Our information security systems apply to people, processes and information technology systems on a risk management basis. We have also implemented specific security measures such as firewalls, intrusion detection systems, and access control to protect your Personal Data.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Data.
In the event of any actual or suspected breach or compromise of Personal Data (a "Data Breach"), we will immediately initiate our emergency response plan, conduct an internal investigation, and cooperate with regulatory authorities in their investigation. Meanwhile, we will provide notice by email, posting a notice in your Subotiz Admin or any reasonably effective communication method in a timely manner, which contains information about: the basic situation and possible impact of the Data Breach, any reasonable actions have been taken or will be taken, any reasonable preventions to mitigate any future Data Breach risk, in accordance with the requirements of laws and regulations. At the same time, we will report the Data Breach to the relevant regulatory authorities whereas it is required in accordance with the requirements of the regulatory authorities.
6. How do we share your information
We may share your information with third parties listed below for the purposes set forth in this Privacy Policy, subject to a lawful basis and in compliance with applicable laws (including, as applicable, after providing you additional notice, or obtaining your consent).
- Our affiliates and companies we acquire in future: They assist in provision of our Services as well as with other business needs and purposes.
- Vendors and service providers: They provide Services to help us with our business activities such as payment fulfilling, research, analyzing your usage patterns and behaviour and compiling insights, showing personalized advertisements, marketing, data enrichment, administration of events, compliance with laws, including screening prospective customers, customers, end customers and individuals in order to comply with sanctions regulations, preventing violation of laws, performance monitoring, product implementation and integrations, and other business purposes. We also require that they only use your Personal Data on our behalf and for purposes consistent with this Policy.
- Third-party SDK providers: We may contain third-party SDK or other similar applications (e.g. Google Pay API JavaScript, Apple Pay JS, Stripe.js and Airwallex.js). If you use such services provided by a third party, you agree to its direct collection and processing of your information and processing of information by such a provider (by such ways as insert code or widget). These third party websites and products have separate and independent terms and privacy policies. Since We neither own or control such websites and products, we are not responsible or liable for the content and activities of these websites or products. The collection and processing of information follow its own privacy provisions, not this Privacy Policy. However, we will also do our best to examine the access qualification of such third parties and impose lawful, compliant and secure requirements thereon. To protect your information security to the maximum, we strongly recommend you first read its privacy provisions before using any third-party SDK. To ensure your lawful rights and interests, if you discover the risks of any such SDK or similar application, we suggest you immediately cancel relevant operations and contact us in time.
- Auditors, accountants, lawyers and other professional advisers: They assist us in compliance with accounting and other business requirements, advise on various legal aspects, prevent violation of law and ensure compliance with law.
- Investors, insurance companies and financial institutions: We may disclose your information to potential investors if we are involved in any merger, acquisitions, asset purchase or corporate restructuring, to current investors as part of reporting, and to financial institutions in case we seek any financial assistance or as part of any KYC requirements.
- Regulators, law enforcement authorities and courts: We may disclose your information to regulators and law enforcement authorities in case of any request from them for information or where necessary to protect you, third parties or our rights, and to court or as part of judicial proceedings, arbitration or other dispute resolution mechanism, including to enforce our agreements and claim remedies available to us.
7. Do We transfer any information across borders
To operate our business, we may engage our affiliates and third parties to provide services such as technical infrastructure services, function development, operation and maintenance services, cloud hosting services, customer service technical support, and message push services. Therefore, your Personal Data may be sent and processed to our affiliates and service providers, available at
Subotiz’s Subprocessors.
Please note that these countries and jurisdictions may not have the same data protection laws as your own jurisdiction, and we take steps to ensure adequate safeguards are in place to enable transfer of information and the use and disclosure of information about you, including Personal Data, as described in this Policy. We will not transmit your Personal Data until we have complied with the applicable laws and regulations regarding cross-border transmission. We will take reasonable measures to ensure that your Personal Data is subject to appropriate safeguards.
8. What Rights do you have over your Personal Data
To the extent permitted by applicable laws, you may have certain rights relating to your Personal Data, including but not limited to the following:
- have the right to access or copy your Personal Data we maintain about you
- transfer your Personal Data to the designated Personal Data processor
- request that we update or correct your inaccurate or incomplete Personal Data
- object or restrict to our use of your Personal Data
- request that we delete your Personal Data
- request that we provide a copy of your Personal Data
- request that we explain the Personal Data processing rules
To submit a request to exercise the above rights or solve your trouble in exercising such rights, you may contact us via the contact information provided in this Policy and we will help you upon verification of your identity within the proper period or the period prescribed by the law of your jurisdiction. In certain cases, we might require additional information from you in order to address your request or to verify your identity. We will look into your requests and respond within the timelines prescribed under applicable law. Occasionally, taking into account the nature of the request we receive, we might, to the extent permitted under applicable law and subject to conditions therein, either seek for additional time or reject your request. In such cases, we endeavor to keep you informed.
In cases where you object to or opt-out of certain types of processing, We will retain your Personal Data to the extent required to ensure we do not reach out to you or process your information for such purposes, such as adding it to an opt-out or do-not-disturb list.
9. How we use cookies and other tracking technologies
We or our third-party partners may obtain and use your information through cookies and web beacon and save this information as log information. For more details, please refer to our
Cookie Policy.
By using cookies, we offer users a personalized web experience that is simple and user-friendly. Cookies are small data files sent from a web server to your browser and stored on your computer's hard drive. We use cookies to benefit users, such as speeding up the login process for the Service. Cookies help us determine your connection to web pages and content, the time spent on certain services, and the services you select.
You should have control over whether and how your browser accepts cookies. Please consult your browser's documentation for more information.
Your browser or device may include “Do Not Track” functionality. Because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to "Do Not Track" signals. However, we provide you with the ability to opt-out of the use of tracking technologies to send you interest-based advertising.
10. Changes to our Privacy Policy
We may update this Privacy Policy to reflect changes to our privacy practices. If we make any material changes adversely affecting your rights, we may notify you by means of a notice on this website prior to the change becoming effective, or where you are a Subotiz User, by sending communication to the email address to the administration console of your Account. You can see when this policy was last updated by checking the "last updated" date displayed at the top of this Policy. We encourage you to periodically review this page for the latest information on our privacy practices.
11. Contact us
If you have any question, comment, complaint,request or advice regarding this Privacy Policy or any other privacy-related matters, please contact us at:
Subotiz
Attn: Legal Department
Address: 407 W Duarte Rd, Unit 3, Arcadia, California 91007
Email: service@subotiz.com
Upon receiving your query or request, we will, upon verification of your identity, reply to you within the period prescribed by the applicable law. We will endeavor to deal with your request as soon as possible. This is without prejudice to your right to make a complaint with a relevant data protection authority, where applicable.
