Privacy Policy
Privacy Policy
Finelo: Subpilot is an online subscription management service owned and operated by Suberlis Tech Corp, doing business as Finelo™ (“Finelo,” “we,” “us,” or “our”). We value your privacy and are committed to being transparent about how we handle your personal information.
This Privacy Policy explains how we collect, use, share, and safeguard your information when you interact with our services, including our mobile applications, the Finelo: Subpilot website located at https://subpilot.finelo.com/ (“Website”), and any related features, content, or platforms (collectively referred to as the “Services”) and is an integral part of our Terms of Use.
BY USING THE SERVICES, YOU PROMISE US THAT (I) YOU HAVE READ, UNDERSTAND AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE OVER 16 YEARS OF AGE (OR HAVE HAD YOUR PARENT OR GUARDIAN READ AND AGREE TO THIS PRIVACY POLICY FOR YOU). If you do not agree, or are unable to make this promise, you must not use the Services. In such case, you must (a) contact us and request deletion of your data; and (b) cancel any subscriptions using the functionality provided by instructions on the Website; (c) leave the Website and not access or use it.
“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“EEA” includes all current member states of the European Union and the European Economic Area. For the purpose of this policy EEA shall include the United Kingdom of Great Britain and Northern Ireland.
“Process”, in respect of personal data, includes to collect, store, and disclose to others.
Some states may provide additional privacy rights. Please refer to the Additional State Privacy Rights section to learn more.
TABLE OF CONTENTS
3. For what purposes we process your personal data
4. Online analytics and advertising
5. Under what legal bases we process your personal data (Applies only to EEA-based users)
6. With whom we share your personal data
9. International data transfers
10. Changes to this privacy policy
11. Additional State Privacy Rights
12. Right to Limit Processing of Sensitive Personal Information
1. Personal Data Controller
Suberlis Tech Corp, a company registered under the State of Delaware, United States of America, having its registered office at 3500 South Dupont Highway, Dover, DE 19901 will be the controller of your personal data.
2. What data do we collect
We collect data you give us voluntarily (for example, when you enter your gender or email). We also collect data automatically (for example, your IP address) and use third-party service providers for such collection.
Data you give us:
You provide us information about yourself when you register for and/or use the Services. The specific information we collect depends on the context in which you provide it, and could include:
1. Identification Data:
Full Name
Email address
Postal address
Phone number
Any other information you provide
2. Commercial information
When you make payments through the Services, you need to provide financial account data, such as your credit card number, to our third-party service providers that serve us as data and payments processors. We do not collect or store, or have access to full credit card number data, though we may receive some limited information, including credit card-related data (including a secure token reflecting your payment method), data about products or services purchased, date, time and amount of the purchase, the type of payment method used, limited digits of your card number.
3. Comments you provide with your requests
You may also provide us with some personal information using our “Contact us” forms or by sending emails on our email addresses. This information may include any comments you log in when you send your inquiry.
Data we collect automatically:
Data about how you found us: we collect data about your referring URL (that is, the place on the Web where you were when you tapped on our ad).
Device and Location data: we collect data from your device. Examples of such data include: language settings, IP address, time zone, type and model of a device, device settings, operating system and its version.
Usage data: we record how you interact with our Services. For example, we log your taps/clicks on certain areas of the interface, the features, and content you interact with, how often you use the Services, how long you are in the Services, and your subscription orders. We also record the ads in our Website with which you interact (and the Internet links to which those adds lead).
Cookies: a cookie is a small text file that is stored on a user's computer for record-keeping purposes. Cookies can be either session cookies or persistent cookies. A session cookie expires when you close your browser and is used to make it easier for you to navigate our Services. A persistent cookie remains on your hard drive for an extended period of time. We also use tracking pixels that set cookies to assist with delivering online advertising.
Cookies are used, in particular, to automatically recognize you the next time you visit our Website. As a result, the information, which you have earlier entered in certain fields on the Website may automatically appear the next time when you use our Services. Cookie data will be stored on your device and most of the times only for a limited time period.
Data we collect from third party providers:
We may collect information about you from third-party sources in certain circumstances. Our Services may offer or require integration with third-party platforms (such as Plaid), allowing you to connect your account and securely import information, like your bank account details, directly into our system, so you don’t have to enter it manually.
The information we receive from such third parties varies depending on the information made available by those entities. Examples of the types of information we receive include financial account information, information about account balance, information about account transactions, iidentifiers and information about account owners.
Plaid Technologies
We enable you to use Plaid Technologies, Inc. to gather data from financial institutions. By using the Services, you acknowledge and agree that your information will be processed in accordance with the Plaid Privacy Policy and you grant Finelo and Plaid the same rights, power and authority as specified therein.
Email Account Integrations
We may allow you to connect your email account in order to enable subscription tracking functionality.
For supported email providers other than Microsoft, we connect to your email account through our own integration using the relevant provider’s authorization process. For Microsoft email accounts, we may use Nylas, Inc. as our email integration provider.
If you choose to connect your email account, we will be provided with read-only access to your email account. For Microsoft email accounts connected through Nylas, Nylas may also process your information as our email integration provider. This access is limited solely to identifying and analyzing emails relevant to subscriptions and billing, such as payment receipts, billing statements, and subscription, renewal, or cancellation notifications, for the purpose of providing the Service.
The information we receive may include:
Service or merchant names
Subscription amounts and currencies
Billing frequency (for example, monthly or annual)
Sender email addresses
We do not store or retain the full content of your emails and do not access personal or unrelated communications.
Where you choose to use the “Cancel For Me” feature, we will process your personal data only with your explicit consent and solely to cancel the subscriptions you select. By enabling this feature, you authorize us to act as your limited authorized agent for this specific purpose only.
To complete a cancellation on your behalf, we may need to authenticate into your third-party subscription accounts. We do not request or store passwords, limit processing to subscription-related actions, use verification codes and session data once before deleting them, and do not access your accounts without your explicit consent.
We also may use information from your emails to improve our automated subscription detection technology. This includes processing provider details and transaction data to enhance the accuracy of our service. No other personal data or private communications are used.
When you request us to cancel a subscription or terminate a service on your behalf, we process your request through automated systems in order to execute your instruction. Under certain data protection laws, this may qualify as a decision based solely on automated processing, as it results in the termination of a service contract. This processing is carried out strictly to perform the contract with you and to give effect to your explicit request.
For Microsoft email accounts connected through Nylas, your information will be processed in accordance with the Nylas Privacy Policy for the purposes described above.
You can revoke email access at any time by contacting us at legal@suberlis.io or in your account settings using the “Delete my account” button. Please note that revoking email access may limit or prevent the availability of certain core features of the Services, including subscription tracking and cancellation.
3. For what purposes we process your personal data
We process your personal data:
*To provide our Services
* As part of our Services, we may process your information to help you to cancel unwanted subscriptions, secure eligible refunds or reimbursements across third-party services - such as streaming platforms, delivery apps and other providers you engage with. This includes enabling you to use the Services in a seamless manner and preventing or addressing Services errors or technical issues.
To host personal data and enable our Website to operate and be distributed we use Amazon Web Services, which are hosting and backend services provided by Amazon
*To manage your account and provide you with customer support
* Using your personal data to respond to your requests, provide technical support, service information, and send you important notifications, email, updates about the performance of our Services, your account, security, payments, or our Terms of Use and policies.
*To communicate with you regarding your use of our Services
* Communicating with you and maintaining the history of communication.
FreshDesk provides us with message and customer service tools, which enable us to communicate with you within the Services. When you chat with us via in-Service chat, some of your information is automatically transferred to FreshDesk. The transfer is required to enable us to identify (if you shared any name related data with us) and to communicate with you in the in-Service chat. Thus, FreshDesk uses these data to provide and fulfill its services (as set forth in their terms of service).
Note: To opt-out of receiving emails, you should click the unsubscribe link in the footer of our email. The services that we use for these purposes may collect data concerning the date and time when the message was viewed by our users, as well as when they interacted with it, such as by clicking on links included in the message.
*To research and analyze your use of the Services*
Сonducting internal research and analysis aimed at enhancing the quality of our Services, improving how you interact with our Website, mobile applications, revising our marketing strategies and improving our offers to better meet your needs based on the results obtained from processing of data.
*To analyze how visitors use our Services and to measure effectiveness of some ads we use Google Analytics, a web analysis program of Google
* Using tools like Google Analytics and Amplitude to better understand how people use our Services and improve your experience.
In order to provide us with analytics, Google Analytics places cookies on your device. On Google Analytics we get, in particular, aggregated information on the data you enter on our Service and users’ interactions within the Service. Google allows you to influence the collection and processing of information generated by the Google, in particular, by installing a browser plug-in, available here.
We also use Amplitude, which is an analytics service provided by Amplitude Inc. We use this tool to understand how customers use our Service. Amplitude collects various technical information, in particular, time zone, type of device (phone or tablet), unique identifiers. Amplitude also allows us to track various interactions that occur on the Website. As a result, Amplitude helps us to decide what features should we focus on. Amplitude is EU-US Privacy Shield certified. Amplitude provides more information on how they process data in its Privacy Policy.
To send you marketing communications
Processing personal data for our marketing campaigns. We may add your email address to our marketing list, provided we receive consent or otherwise establish a legal basis for sending you marketing communications. As a result, you will receive information about our products, such as for example, special offers. If you do not want to receive marketing emails from us, you can unsubscribe following instructions in the footer of the marketing emails.
To communicate with you we use ActiveCampaign, which is a message sending service. We integrate Amplitude to create analytics-based audiences and track opening and conversion events.
*To personalize our ads
* In cooperation with Meta and Google using your information to tailor your experience on our Website such as showing you content and suggestions that match your preferences, interests, and past activity.
To process your payments
** Using third-party services (SolidGate) for payment processing. As a result of this processing, you will be able to make a payment for our Services and we will be notified that the payment has been made and will provide you with Services.
Note: We will not store or collect your payment card details ourselves. This information will be provided directly to our third-party payment processors.
To enforce our Terms of Use and to prevent and combat fraud
Using personal data to enforce our agreements and contractual commitments, to detect, prevent, and combat fraud. As a result of such processing, we may share your information with others, including law enforcement agencies (in particular, if a dispute arises in connection with our Terms of Use).
To comply with legal obligations
Processing, using or sharing your personal data to comply with applicable laws, regulations, legal processes, and responding to governmental requests or court orders by available legal means.
4. Online analytics and advertising
How to opt out or influence personalized advertising
IOS: On your iPhone or iPad, go to “Settings,” then “Privacy” and tap “Advertising” to select “Personalized Ads”. In addition, you can reset your advertising identifier (this also may help you to see less of personalized ads) in the same section.
Android: To opt-out of ads on an Android device, simply open the Google Settings app on your mobile phone, tap “Ads” and enable “Opt out of interest-based ads”. In addition, you can reset your advertising identifier in the same section (this also may help you to see less of personalized ads).
macOS: On your MacBook, you can disable personalized ads: go to System Preferences > Security & Privacy > Privacy, select Apple Advertising, and deselect Personalized Ads.
Windows: On your laptop running Windows 10, you shall select Start > Settings > Privacy and then turn off the setting for Let apps use advertising ID to make ads more interesting to you based on your app activity. If you have other Windows version, please follow the steps here.
To learn even more about how to affect advertising choices on various devices, please look at the information available here. In addition, you may get useful information and opt out of some interest-based advertising, by visiting the following links:
Network Advertising Initiative – http://optout.networkadvertising.org/
Digital Advertising Alliance – http://optout.aboutads.info/
Digital Advertising Alliance (Canada) –http://youradchoices.ca/choices
Digital Advertising Alliance (EU) – http://www.youronlinechoices.com/
We value your right to influence the ads that you see, thus we are letting you know what service providers we use for this purpose and how some of them allow you to control your ad preferences.
We use Meta pixel on the Services. Meta pixel is a code placed on the Service collecting data that helps us track conversions from Meta Ads, build targeted audience and remarket to people who have taken some actions on the Services (for example, made a purchase).
We use Meta Ads Manager together with MetaCustom Audience, which allows us to choose audiences that will see our ads on Meta or other Meta’s products (for example, Instagram). Through Meta Custom Audience we may create a list of users with certain sets of data to choose users that have completed certain actions in the Services (for example, bought it). As a result, we may ask Meta to show some ads to a particular list of users. As a result, more of our ads may show up while you are using Meta or otherMeta’s products (for example, Instagram). You may learn how to opt out of advertising provided to you through Meta Custom Audience here. Meta also allows its users to influence the types of ads they see on Meta. To find how to control the ads you see on Meta, please go here or adjust your ads settings on Meta.
Google Ads is an ad delivery service provided by Google that can deliver ads to users. In particular, Google allows us to tailor the ads in a way that they will appear, for example, only to users that have conducted certain actions with our Services (for example, show our ads to users who have purchased a subscription). Google allows its users to opt out of Google’s personalized ads and to prevent their data from being used by Google Analytics.
The TikTok pixel is a piece of JavaScript code that helps Advertisers measure the cross-device impact of Campaigns. Advertisers will be able to see how many TikTokers take action on their Website(s) after seeing their Ad.
TikTok Ads is the service provided by TikTok that can deliver ads to its users. The ads can be tailored to specific categories of users (for instance, based on their geographical location).TikTok’s Privacy Policy.
We may share, use or publish aggregated or de-identified information that cannot reasonably be used to identify you, for any purpose, including marketing and industry benchmarking.
5. Under what legal bases we process your personal data (Applies only to EEA-based users)
In this section, we are letting you know what legal basis we use for each particular purpose of processing. For more information on a particular purpose, please refer to Section 3. This section applies only to EEA-based users.
We process your personal data under the following legal bases:
Your consent: we will send you marketing emails upon your explicit consent. You have the right to withdraw your consent at any time by clicking on the unsubscribe link in the footer of our marketing emails.
To perform our contract with you: we will provide you with our Services and perform our obligations under the Terms of Use and other policies.
Legitimate interests: we will process your personal data to improve our Services and user experience, to promote our Services in a relevant and measured way, and personalize ads or tailoring your experience to better match your interests. We also may process and retain your personal data for purposes of legal compliance, dispute resolution, claims defense, or other legitimate business purposes. We rely on these interests only where they do not override your rights and freedoms, and you have the right to object to this type of processing at any time.
Legal obligations: we will process your personal data in order to comply with all and any applicable law.
6. With whom we share your personal data
We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Services with the following categories of third parties.
Operational service providers
cloud storage providers (Amazon Web Services)
payment processing providers (Solidgate, PayPal, ApplePay, GooglePay)
Business partners
data analytics providers (Meta, Google, Amplitude)
marketing partners (in particular, social media networks, marketing agencies, email delivery services, Meta, Google, ActiveCampaign)
We also share personal information with your consent or at your direction, including but not limited to through third-party integrations you choose to enable.
Regulatory authorities
We may use and disclose personal data to enforce our Terms of Use, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by law.
Affiliates
As we develop our business, we may buy or sell assets or business offerings. Customers’ information is generally one of the transferred business assets in these types of transactions. We may also share such information with any affiliated entity (e.g. parent company or subsidiary) and may transfer such information in the course of a corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
7. Your rights and choices
Right to be informed - to know how and why we collect and use your personal information.
Right of access - to request a copy of the personal data we hold about you.
Right to rectification - if any of your data is inaccurate or incomplete, you can ask us to correct it.
Right to erasure - to request that we delete your personal data.
Right to restrict processing - to limit how we use your data in specific circumstances.
Right to data portability - to receive your data in a structured, commonly used format, or ask us to transfer it to another provider.
Right to object - to object to how we use your data, particularly if it’s for direct marketing or profiling.
Note: You can request and exercise any of the above mentioned rights by sending us an email through legal@suberlis.io.
In some cases we may be legally required to keep some of the data for a certain time; in such an event, we will fulfill your request after we have complied with our obligations.
Automated decision making
You will not be subject to any decisions that will have a significant impact on you based solely on automated decision-making.
Marketing and Communication
You can choose whether to receive promotional emails or marketing messages from us. To opt out please refer to Section 4.
Note: even if you opt out of marketing communications, we may still contact you with important service-related messages - such as account updates, changes to our Terms of Use or Privacy Policy, and security notifications.
Managing your personal data
You can access, review your personal data through your account settings. You may request us to update or correct your personal data collected during your use of the Services through legal@suberlis.io.
If you are based in the EEA, you have the right to lodge a complaint with supervisory authority. We would love you to contact us directly, so we could address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside, work or where the alleged infringement has taken place.
Based on our registered office, our relevant supervisory authority is The Office of the Commissioner for Personal Data Protection in Cyprus with its address at 1682 Nicosia, Cyprus, P.O.Box 23378, Telephone +357 22818456 or email commissioner@dataprotection.gov.cy.
8. Age Limitation
We do not knowingly process personal data from persons under 16 years of age. If you learn that anyone younger than 16 has provided us with personal data, please contact us through legal@suberlis.io.
9. International data transfers
We may transfer personal data to countries other than the country in which the data was originally collected in order to provide the Services set forth in the Terms of Use and for purposes indicated in this Privacy Policy. If these countries do not have the same data protection laws as the country in which you initially provided the information, we deploy special safeguards.
In particular, if we transfer personal data originating from the EEA to countries with not adequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission (details available here), or (ii) the European Commission adequacy decisions about certain countries (details available here).
10. Changes to this privacy policy
We may modify this Privacy Policy from time to time. If we decide to make material changes to this Privacy Policy, you will be notified through our Services or by other available means and will have an opportunity to review the revised Privacy Policy. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.
11. Additional State Privacy Rights
This section provides additional details about how we process personal data of California consumers and the rights available to them under the California Consumer Privacy Act (“CCPA”) and California’s Shine the Light law. California’s Shine the Light law gives California residents the right to ask companies once a year what personal information they share with third parties for those third parties‘ direct marketing purposes. Learn more about what is considered to be personal information under the statute. We do not share your personal information with third parties for their own direct marketing purposes within the meaning of that law.
In addition, CCPA as other state privacy laws provides you with The Right to Opt Out of Sale or Sharing. We may share certain information about you with our partners for purposes of targeted advertising or data analytics, which could in certain circumstances be characterized as “selling,” “sharing,” or “targeted advertising” under California laws. You have the right to opt-out of such sale/sharing of your personal information.
Depending on the product you use, we will strive to provide a prominently link named “Your Privacy Choices” that would allow you to exercise this right. Most of the time it will be available to you in the footer, menu, profile, or similar place (depending on the product and device you use).
We will also strive to recognize and process your opt-out preference signal as soon as possible after receiving it
Other state privacy laws require certain disclosures for companies that "sell" personal information pursuant to the respective state's privacy law. Each state defines the "sale" of data differently. In some states, the "sale" of data means certain scenarios in which Finelo has shared personal information with third parties or Affiliates, in exchange for valuable consideration. Other states define the "sale" of data as Finelo exchanging personal information for monetary consideration with a non-affiliated third party. Under this definition, we do not "sell" your personal information.
12. Right to Limit Processing of Sensitive Personal Information
In California, you have the right to limit our processing of your Sensitive Personal Information to only uses which are necessary to perform the services or provide the goods reasonably expected by an average consumer who requests such goods or services. When we collect your Sensitive Personal Information, we collect and use that information to perform the services or provide the goods for which that information is necessary and as reasonably expected by you.
Under other state privacy laws, we are only permitted to collect certain pieces of Sensitive Personal Information after we have obtained your consent to do so. Where required, we get your agreement to collect and use Sensitive Personal Information.
13. Data Retention
We will store your personal data for as long as it is reasonably necessary for achieving the purposes set forth in this Privacy Policy (including providing the Services to you), which includes (but is not limited to) the period during which Finelo and you have an agreement and no longer than 5 years after termination of such agreement. We will also retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
14. Data Security
We implement industry-standard technical and organizational security measures to protect sensitive user data obtained through Google APIs. All data is encrypted in transit using TLS and sensitive data, including OAuth access and refresh tokens, is encrypted at rest using secure key management systems. Access to user data is strictly limited to authorized systems and personnel based on the principle of least privilege.
Email content is processed transiently to provide the requested functionality and is not stored after processing. We do not retain raw email content unless explicitly required for the service and disclosed to the user.
We maintain access controls, logging, and monitoring systems to detect and prevent unauthorized access. Administrative access to production systems is restricted and audited.
Users may revoke access at any time through their Google account settings, and may request deletion of their data by contacting us.
Date of Adoption: July 31, 2025
Last Updated: March 25, 2026
Contact Us
Suberlis Tech Corp
3500 South Dupont Highway, Dover, DE 19901
Email: legal@suberlis.io