Subluceo
Menu

Privacy Policy

Effective April 25, 2026 · Operated by Atomic Software

In short

We collect what we need to run your account and the API, and nothing else. We do not sell your data. We do not run advertising. We do not embed third-party trackers. The data we process is mostly about public records, not about you.

What we collect

Account information

When you create an account: email address, hashed password, the timestamps of account events (signup, login, plan changes), and your subscription status.

Billing information

Stripe handles all card data. We never see or store your card number. We do store the Stripe customer ID, subscription ID, plan, and invoice history needed to manage your subscription.

Usage data

For each API call: timestamp, endpoint, response status, and bytes returned. For dashboard sessions: page views and basic request metadata. Used for billing, quota enforcement, and debugging — not for behavioral profiling.

Saved searches & alerts

If you create saved searches, alerts, or watchlists, we store them. They're tied to your account and visible only to you and the engineers who maintain the system.

How we use it

  • Authenticate you and keep your session secure.
  • Bill you correctly and prevent quota abuse.
  • Deliver alerts and digests you've subscribed to.
  • Diagnose problems and improve the service.
  • Comply with legal obligations.

We don't profile you across sites. We don't sell or rent your data. We don't use your account data to train AI models.

What we share

We use a small set of vendors to operate the service:

  • Stripe — payment processing
  • DigitalOcean — server hosting
  • An email delivery provider — transactional email (login codes, receipts, alerts)

We do not share your data with anyone else. If we receive a valid legal demand for your data we will comply and, where the law allows, notify you.

Cookies & tracking

We use a single first-party session cookie to keep you logged in, and a CSRF token cookie to protect form submissions. That's it. No analytics cookies, no advertising cookies, no third-party cookies.

We don't run Google Analytics, Facebook Pixel, or similar. Public pages have no embedded trackers.

Retention

  • API usage logs: 12 months, then aggregated and individual records purged.
  • Account data: kept while your account is active. Deleted within 30 days of account closure (except where retention is required for tax or legal reasons).
  • Billing records: 7 years (US tax requirement).
  • Backups: encrypted, 35-day rolling window.

Your rights

Wherever you are, you can:

  • Request a copy of the data we hold about you.
  • Correct anything that's wrong.
  • Delete your account and the data tied to it.
  • Export your saved searches, alerts, and API key history.

Email privacy@subluceo.com and we'll respond within 30 days. If you're in California, the EU, the UK, or another jurisdiction with specific privacy law, those rights apply too — same email.

Security

Passwords are hashed (bcrypt). API keys are hashed (SHA-256) — the raw key is shown to you exactly once and we cannot retrieve it after. All traffic is HTTPS. Database backups are encrypted at rest.

If we discover a breach affecting your data we will notify you promptly with what we know and what we're doing about it.

Changes to this policy

If we make material changes we'll email account holders at least 14 days before the change takes effect, and update the effective date at the top of this page. Minor edits (typos, clarifications) we'll just make.

Contact

Privacy questions, requests, or concerns: privacy@subluceo.com

General contact: hello@subluceo.com

Subluceo is operated by Atomic Software.