Effective date: April 22, 2025

We at Subtotal, Inc. (together with our affiliates, “Subtotal,” “we,” “our,” or “us”) take your privacy seriously. This Privacy Policy sets forth our policies and practices with respect to data that we collect from or about you (“Personal Data”) when you use our website, online tools, applications, and services (collectively, “Services”) — for example, when you use Subtotal to connect and share your information with the apps and websites you use. These apps and websites are owned and maintained by our business customers (“Developers”).

By using or accessing our Services, you accept the practices and policies outlined below, and you consent to our collection, use, and disclosure of your Personal Data as set forth in this Policy.

Remember that your use of Subtotal’s Services is at all times subject to our Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service.

What this Privacy Policy Covers

This Policy describes the data we collect when you access or use our Services and explains how we use and share that information. This Policy does not cover the policies or practices of companies we don’t own or control or people we don’t manage, such as Developers. You should review the privacy policies and terms of service for those Developers’ apps and websites for information about their practices.

This Policy also does not apply to personal information we collect from and about Developers, which is governed by our Developer Privacy Policy.

Collection, Use, and Disclosure of Personal Data

Personal Data We Collect

We collect your Personal Data as follows:

  • Data you provide;
  • Data from businesses you use, transact with, or purchase or order from, including retailers, marketplaces, shopping providers and platforms, and delivery services (“Merchants”), when you connect your Merchant accounts;
  • Data from the device you use to connect your Merchant accounts or otherwise use the Services;
  • Data from Developers of the apps and websites you have connected your Merchant accounts to; and/or
  • Data from other sources, including our partners, service providers, and identity verification and fraud prevention services.

Personal Data You Provide: When you use our Services (for example, when you use Subtotal to connect a Merchant account to a Developer app or website), we collect the following Personal Data:

  • Identifiers such as your name, address, email address, phone number, and date of birth;
  • Login information associated with your Merchant account, including your username and password and any other information needed to connect your account;
  • Information related to your communications with us — for example, when you communicate with us via email or our social media pages — such as your name, contact information, and the contents of your communications;
  • Information related to your use of our Services, including which Merchants and Developers you connect using our Services; and/or
  • Other information that you may provide to us — for example, when you provide information in free-form text boxes in connection with our Services, participate in our events, or respond to our surveys or questionnaires.

Personal Data from Merchants: If you use our Services to connect a Merchant account to a Developer app or website, we collect the following Personal Data from the Merchant:

  • Identifiers and data about the account owner(s), including name, address, email address, phone number, and date of birth; and/or
  • Data about your commercial transactions, purchases, and orders with the Merchant, including but not limited to amount paid, items purchased, date, payment method, device used, and store location.

Personal Data Collected Automatically when You Use the Services: When you visit, use, or interact with the Services (including through a Developer app or website), we automatically collect the following information about your visit, use, or interaction:

  • Log Data: We collect information that your browser or device automatically sends when you use our Services. Log data includes your internet protocol (“IP”) address, browser type and settings, the date and time of your request, and how you interact with our Services.
  • Usage Data: We collect information about your use of our Services, including which Merchant accounts and Developer apps and websites you connect using Subtotal.
  • Device Information: When you use a device to interact with our Services, we collect information about that device, such as the name of the device, hardware model and operating system, IP address, domain server, the date and time of your interaction with the Services, timezone setting and location, and other technical information about the device. The information we collect may depend on the type of device you use and its settings.
  • Location Information: We may determine the general area from which your device accesses our Services based on information such as its IP address.
  • Cookies and Similar Technologies: As described more fully in our Cookie Policy, we use cookies and other related technologies in operating our Services⁠.

Personal Data from Developers: If you use Subtotal to connect a Merchant account to a Developer app or website, we may collect identifiers and commercial information about you, including your name, system-specific identiers (such as a customer ID), address, email address, phone number, and information about your commercial transactions.

Personal Data from Other Sources: We receive Personal Data and other information from our partners, including service providers, analytics providers, advertising partners, and security partners — for example, to help us provide you with customer support, to generate leads, and to prevent fraud, abuse, and security threats.

Information Derived from Personal Data: We may derive additional information about you from the Personal Data we collect. For example, we may infer your geolocation from your IP address or your purchasing patterns from your commercial transactions.

How We Use Your Personal Data

We use your Personal Data for the following business and commercial purposes:

Providing, Operating, and Improving the Services: To operate, provide, improve, modify, and further develop our Services, including:

  • Connecting to and accessing your Merchant accounts on your behalf;
  • Connecting your Merchant accounts with the apps and websites you use;
  • Creating and managing your account and profile on our system;
  • Providing you with the products, services, and information you request;
  • Providing support and assistance for the Services, including to both you and Developers;
  • Improving the Services, including through testing, research, internal analytics, and product development;
  • Personalizing the Services and our website content and communications based on your preferences; and
  • Carrying out other business purposes stated when collecting your Personal Data or as otherwise permitted under applicable data privacy laws.

Marketing the Services: To market and sell the Services — for example, by sending marketing emails related to the Services, which you may opt out of using provided unsubscribe links.

Preventing Fraud: To investigate and help protect you, Developers, Subtotal, and others from fraud, malicious activity, and other privacy and security-related concerns, including by validating your identity and preventing fraud on your account.

Developing Insights: To develop insights based on the Personal Data we’ve collected. This includes but is not limited to your transaction data, data about which Merchant accounts you have connected to which Developer apps and websites, and data from other sources, including Developers and other third parties.

Communicating with You: To communicate with you — for example, to respond to emails and other communications we receive from you and to send you legal notices, system updates, and other information about Subtotal or the Services.

For Legal Purposes: To meet legal obligations and protect legal rights under applicable law, including:

  • Detecting and preventing potential security incidents and other unlawful or prohibited activities;
  • Investigating any misuse of our Services or Developer apps and websites;
  • Protecting the rights, property, and safety of you, Subtotal, and other parties;
  • Enforcing any agreements with you; and
  • Establishing and defending against claims.

How We Share Your Personal Data

We share your Personal Data as follows:

  • With service providers, partners, agents, and contractors that help us provide the Services and perform business functions for us or Developers — for example, hosting and storage providers, analytics and communication providers, and customer support providers;
  • With Developers and Merchants, in relation to the connections you’ve chosen to make between your Merchant accounts and the Developer apps and websites you use;
  • With advertisers and other third parties who use cookies and related technologies to collect information about your use of the Services and use that information to serve online ads that they think will interest you (please see our Cookie Policy for more details);
  • To comply with our legal obligations and with legal or regulatory processes (such as subpoenas);
  • To prevent fraud, malicious activity, and other privacy and security-related concerns or otherwise protect the rights, property, and safety of you, Developers, Merchants, Subtotal, and others;
  • With third parties in relation to a change in ownership or control of all or a part of our business, such as a merger, acquisition, bankruptcy, or reorganization; and/or
  • Between and among Subtotal and our current and future parents, affiliates, and subsidiaries.

As defined under state privacy laws that may apply to you, some of these disclosures may constitute “sales” of your Personal Data. For more information, please refer to the State Law Privacy Rights section of this Policy, below.

We may also create, use, and share aggregated, de-identified, or anonymized data that does not identify you personally for any purpose permitted by law.

Data Security

We seek to protect your Personal Data from unauthorized access, use, and disclosure. We make reasonable efforts to maintain physical, technical, and administrative security measures appropriate to the risk associated with the processing of your Personal Data. Unfortunately, no data transmission or storage system is completely secure.

Data Retention

We retain Personal Data for as long as necessary to provide our Services and to fulfill the purposes for which we collected the data, including for the purposes of complying with our legal obligations, resolving disputes, and collecting fees. When establishing a retention period for specific categories of data, we consider who we collected the data from, our need for the data, our reason for collecting the data, and the amount and sensitivity of the data.

If we aggregate, de-identify, or anonymize data such that it can no longer be used to identify you personally, we may use that information indefinitely without further notice to you.

Your Rights and Choices

Your Rights: No matter where you live, we recognize, and you may exercise, the following rights with respect to your Personal Data, subject to applicable exceptions provided by law:

  • Information. To request information about the categories of Personal Data we have collected, the sources from which we collected the data, and how we have used and shared your Personal Data during the past 12 months;
  • Access. To access a copy of the Personal Data we have collected from and about you during the past 12 months;
  • Deletion. To request that we delete the Personal Data we have collected from and about you;
  • Opt Out. To request that we limit the use and disclosure of your Personal Data; and
  • Nondiscrimination. To exercise these rights free from discrimination.

Exercising Your Rights: You can exercise the rights described in this section by submitting a request to support@subtotal.com⁠. You may be required to provide additional information to confirm your identity before we can respond to your request. If an authorized agent submits a request on your behalf, we may ask for a valid power of attorney to verify that the agent has written authority to submit requests on your behalf. In certain cases, we may be required or permitted by law to deny your request.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date on this page and provide additional notice as required by law — for example, by sending you an email. If you’ve opted not to receive emails from us, or you haven’t given us your email address, our notices about this Policy will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to this Policy have been posted, that means you consent to the changes.

Personal Data of Children

We do not knowingly collect or solicit Personal Data from children under 16 years of age. If you are a child under the age of 16, please do not register for or otherwise use the Services or send us any Personal Data. If we learn that we have collected any Personal Data from a child under 16 years of age, we will take steps to delete that information. If you believe that a child under 16 years of age has provided us with Personal Data, please contact us at support@subtotal.com.

Do Not Track

Your browser may offer you the option to send “Do Not Track” signals to operators of the online services you use and visit. Our Services do not support “Do Not Track” requests at this time. To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com.

State Law Privacy Rights

California Resident Rights

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at support@subtotal.com.

Nevada Resident Rights

Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.

Contact Information

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, or your choices and rights regarding such collection and use, please do not hesitate to contact us at:

support@subtotal.com
100 Church Street, Suite 800
New York, NY 10007