Skip to main content
Legal

Privacy Policy

Effective date:
May 1, 2026
Last updated:
April 20, 2026

fntune, Inc. (“fntune,” “we,” “us,” or “our”) operates the Subport platform at subport.io and related services (collectively, the “Service”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have.

This policy applies to account holders, their authorized users, and visitors to our public websites. If you are an End User of a Customer that uses Subport to handle your support requests, your data is processed on behalf of that Customer under their agreement with us — please refer to that Customer’s privacy notice for how they handle your information.

1. Information we collect

Account information. When you create a Subport account we collect your name, work email, password (hashed), company name, and billing details. Billing details are processed by Stripe and we do not store full card numbers on our systems.

Customer content. Subport is a customer support platform. When you or your End Users interact with the Service, we process: support messages, tickets, chat transcripts, attachments, knowledge base articles, AI agent prompts and outputs, integration data from connected systems (e.g., Slack, WhatsApp, HubSpot), and related metadata. Customer content belongs to you.

Usage and device data. We automatically collect log data: IP address, browser type, pages visited, timestamps, referrer URLs, device identifiers, and approximate location derived from IP.

Cookies and similar technologies. We use strictly necessary cookies for session authentication and, where you consent, analytics cookies to understand product usage.

Communications with us. If you contact us for support, we retain your messages and any attachments you send.

2. How we use information

We use personal information to:

  • Provide, maintain, and improve the Service, including operating AI agents and workflow automation that you configure.
  • Authenticate users, secure accounts, and prevent fraud or abuse.
  • Process payments and manage subscriptions via our payment processor.
  • Communicate with you about product updates, security notices, billing, and support.
  • Send marketing communications you have opted into, with the ability to unsubscribe at any time.
  • Analyze aggregated, de-identified usage patterns to improve the product.
  • Comply with legal obligations and enforce our Terms of Service.

Model training. On Enterprise plans, we do notuse Customer Content to train our own or any third party’s generative AI models without your explicit written consent. On Starter, Pro, and Business plans, we may use de-identified and aggregated data derived from your use of the Service to improve our AI models, safety systems, and product quality. We never sell Customer Content, and identifiable Customer Content is never shared with third parties for their own model training.

3. Legal bases for processing (EEA / UK users)

Where GDPR applies, we process personal data on the following legal bases: performance of a contract (to deliver the Service you signed up for), legitimate interests (security, fraud prevention, service improvement), consent (marketing communications, non-essential cookies), and compliance with legal obligations.

4. How we share information

We share personal information only in the following circumstances:

Sub-processors

We use the following categories of sub-processors to operate the Service. Each is bound by a data processing agreement that restricts their use of your data to providing services to fntune.

  • Supabase (database, authentication hosting) — United States
  • Vercel (application hosting, CDN, file storage) — United States
  • Upstash (Redis cache, background job queue, rate limiting) — United States
  • Anthropic, OpenAI, and Google (LLM inference for AI agent features) — United States
  • Stripe (payment processing) — United States
  • Resend (transactional email delivery) — United States
  • Sentry (error monitoring) — United States
  • PostHog (product analytics) — United States

A current list, with each sub-processor’s purpose and the categories of data processed, is maintained at subport.io/sub-processors.

Other sharing

  • Your authorized users. Content in your workspace is shared with users you have invited to that workspace.
  • Integrations you enable. If you connect third-party tools (e.g., Slack, HubSpot, WhatsApp Business), we share the data necessary to operate the integration as configured by you.
  • Legal requests and safety. We may disclose information where required by law, to protect our rights, or to prevent harm.
  • Corporate transactions. In a merger, acquisition, or sale of assets, information may transfer subject to this policy.

We do notsell personal information, and we do not “share” personal information for cross-context behavioral advertising as defined under California law.

5. International data transfers

The Service is operated from the United States. If you access the Service from the EEA, UK, or other regions with data protection laws, your information will be transferred to, stored, and processed in the United States. For transfers of personal data from the EEA/UK, we rely on the European Commission’s Standard Contractual Clauses.

6. Data retention

We retain Customer content for as long as your account is active. On account cancellation, we retain Customer content for 30 days to enable recovery, then delete or anonymize it within 90 days, except where retention is required by law or for legitimate business purposes (e.g., fraud investigation, tax records).

Billing records are retained for 7 years to comply with financial regulations.

7. Security

We use industry-standard safeguards including TLS 1.2+ encryption in transit, encryption at rest, role-based access controls, least-privilege principles, and regular security reviews. No system is perfectly secure; you are responsible for safeguarding your account credentials.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to processing or withdraw consent. Residents of California, the EEA, the UK, and similar jurisdictions have these rights under their respective laws (CCPA/CPRA, GDPR, UK GDPR).

To exercise a right, email privacy@subport.iofrom the email address associated with your account. We will respond within the timeframe required by applicable law (generally 30–45 days). We may ask for verification information.

You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.

9. Children

The Service is not intended for individuals under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. We will post the revised policy at subport.io/privacywith an updated “Last updated” date. If changes are material, we will give prior notice by email or in-app.

11. Contact us

fntune, Inc.
Attn: Privacy
c/o Legalinc Corporate Services Inc.
131 Continental Dr, Suite 305
Newark, DE 19713, USA
privacy@subport.io

For data protection inquiries under GDPR, our contact point is privacy@subport.io.