Privacy Policy

Last updated: February 2026

1. Information We Collect

When you use Subscription Director, we collect:

Account information: Name, email address, and profile picture provided through Google OAuth authentication
API keys: Generated API keys and their associated metadata (creation date, last used, status)
Subscriber data: Email addresses of your end-users who complete checkout sessions through the API
Transaction data: Subscription status, checkout session identifiers, and billing portal access logs
Usage data: API call volumes, endpoint usage patterns, and error rates for service monitoring

2. Stripe Data

Subscription Director uses Stripe Connect to process payments. When you connect your Stripe account, we store your Stripe account identifier to route API calls. We do not store credit card numbers, bank account details, or other sensitive financial information. All payment processing is handled directly by Stripe.

3. How We Use Your Information

We use collected information to:

Authenticate API requests and enforce access controls
Process transactions and calculate platform fees
Provide dashboard analytics and subscriber management
Monitor API performance and prevent abuse
Communicate service updates and important notices

4. Data Sharing

We do not sell your personal information or your subscribers’ information. Data is shared only in the following circumstances:

Stripe: Transaction and subscriber data is shared with Stripe to process payments
Service providers: We use cloud infrastructure providers to host the service
Legal requirements: We may disclose information if required by law or to protect our rights

5. API Key Security

API keys are stored using one-way cryptographic hashing. We cannot retrieve your full API key after creation. If an API key is compromised, revoke it immediately through the dashboard and generate a new one.

6. Data Retention

Account data and API keys are retained while your account is active. Subscriber and transaction data is retained for 12 months after the last API call for audit and dispute resolution purposes. Upon account deletion, all data is permanently removed within 90 days.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal information. You can manage your API keys and view subscriber data through the developer dashboard. Contact us to exercise additional data rights.

8. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via the email associated with your developer account.

9. Contact

For privacy-related inquiries, contact us at cody.marcel@gmail.com.