Privacy Policy

Last updated: March 3, 2026

This Privacy Policy describes how SubGrow (“we”, “us”, or “our”) collects, uses, and protects your information when you use our AI-powered Reddit marketing platform (“the Service”).

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address and name (via Clerk authentication)
  • Google or Microsoft account details if you use social sign-in

Reddit Account Data

When you connect your Reddit account, we access:

  • Reddit username and karma score
  • OAuth tokens (encrypted at rest) to post and read analytics on your behalf
  • Post performance metrics (upvotes, comments, engagement)

Product Information

Information you provide about your products, including URLs, descriptions, target audiences, and keywords.

Usage Data

We collect data about how you use the Service, including pages visited, features used, posts generated, and scheduling activity.

Billing Information

Payment information is processed by Paddle (our Merchant of Record). We do not store credit card numbers. We receive your Paddle customer ID and subscription status.

2. How We Use Your Information

  • Provide the Service: Generate content, manage publishing schedules, track analytics, and deliver insights
  • Improve the Service: Analyze usage patterns to improve features and AI quality
  • AI Training: Your content and performance data may be used to improve our content generation algorithms. Generated content is processed by Anthropic's Claude API per their usage policies
  • Communications: Send transactional emails (alerts, billing) and occasional product updates (you can opt out)
  • Security: Detect and prevent fraud, abuse, or violations of our Terms

3. Data Sharing

We share your data with:

  • Reddit: Content you approve for publishing is posted to Reddit via their API
  • Anthropic: Product descriptions and subreddit context are sent to Claude API for content generation
  • Paddle: Billing and subscription management
  • Clerk: Authentication services
  • Supabase: Database hosting (data encrypted at rest)
  • Vercel: Application hosting

We do not sell your personal information to third parties.

4. Data Security

  • Reddit OAuth tokens are encrypted at rest using AES-256 encryption
  • All data transmitted over HTTPS
  • Database access restricted via Row Level Security policies
  • Service role keys never exposed to client-side code

5. Data Retention

We retain your data for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as billing records).

6. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Delete your account and associated data
  • Portability: Export your data in a machine-readable format
  • Disconnect: Revoke Reddit OAuth access at any time

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies may be used to understand Service usage and can be disabled in your browser settings.

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service.

11. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@subgrow.co.