Privacy policy

This Privacy Policy describes how SubOps collects, uses, and shares information when you visit subops.ai or use any SubOps product or service (collectively, the “Service”). It applies to information about account holders, authorized users within an account, and visitors to our marketing site.

We act as a service provider (data processor) for the business information you submit into your tenant — settlement, payroll, and fuel data. Your business (or you, if you are an individual contractor) remains the controller of that information.

Account information. Name, business name, email address, phone number, and billing address.

Tenant business data. Settlement statements, payroll registers, fuel transaction exports, and any other documents you upload. Includes financial figures and, where you upload payroll, employee identifiers and pay detail.

Usage data. IP address, browser type, pages viewed, timestamps, and feature interactions, collected through standard server logs and product analytics tooling.

Cookies. Strictly-necessary session cookies for authentication. Optional analytics cookies require consent in jurisdictions that require it.

• Provide, operate, and improve the Service.
• Compute Owner Briefs, anomaly flags, and dispute drafts from data you upload.
• Authenticate users and protect against fraud and abuse.
• Respond to support inquiries and send service announcements.
• Bill for paid plans and comply with tax and accounting obligations.
• Comply with applicable law and respond to lawful requests.

We do notuse customer business data to train artificial intelligence models, ours or any third party's. AI provider calls are configured zero-retention where the provider supports it.

We share information only as described here:

• Sub-processors. Infrastructure providers (cloud hosting, managed database, object storage), AI inference providers, payment processors, email delivery, and product analytics. Each sub-processor is bound by a written data processing agreement.
• Within your tenant. Other authorized users you invite into your SubOps account can access data consistent with the role you assign them.
• Legal compliance. To comply with applicable law, court order, subpoena, or to protect rights, property, or safety. Where legally permitted, we will notify you before responding.
• Business transfers. In connection with a merger, financing, acquisition, or sale of assets, we may transfer information to the successor entity under equivalent privacy commitments.

We do not sell personal information, and we do not share it with FedEx, any parent Logistics Service Provider, or any other contractor.

Tenant business data is retained for the life of the account plus 30 days after termination, after which it is deleted or anonymized. You can export all of your data as CSV or PDF at any time, including during the termination grace period.

Audit-log entries are retained for the life of the account and may be retained longer where required for legal, accounting, or security purposes.

We use commercially reasonable administrative, technical, and physical safeguards to protect information, including encryption at rest, TLS 1.3 in transit, tenant isolation, audit logging, and access controls. See our full security overview for details.

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal information, to object to or restrict certain processing, or to withdraw consent. You can exercise most rights directly in your account settings; for anything else, write to [email protected]. We will respond within the time required by applicable law.

California residents:you may have additional rights under the CCPA/CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of “sharing” (as defined by the CCPA). We do not sell personal information.

The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal information from children.

SubOps is operated from the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States and in the Canadian jurisdictions where our sub-processors operate.

We may update this policy from time to time. We will post the revised version with an updated “Last updated” date and, for material changes, give reasonable advance notice through the Service or by email.

Questions about this policy or our privacy practices? Write to [email protected] or by post to:

MahumTech LLC
Attn: Privacy
Delaware, United States