End User Privacy Policy
Explore our guides, examples, and API reference to build with Subtotal.
Effective date: February 28, 2025
Thanks for using Subtotal! At Subtotal, we take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use, and disclose your information as described in this Privacy Policy.
Remember that your use of Subtotal’s Services is at all times subject to our Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service.
As we continually work to improve our Services, we may need to change this Privacy Policy from time to time. We will alert you of material changes by placing a notice on the Subtotal website, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.
What this Privacy Policy Covers
This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” or “sensitive personal information” under applicable data privacy laws, rules, or regulations. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.
Personal Data
Categories of Personal Data We Collect
This chart details the categories of Personal Data that we collect and have collected over the past 12 months:
| Category of Personal Data | Categories of Third Parties With Whom We Disclose this Personal Data |
|---|---|
| Account Credentials (username, email, phone number, password) | This data is end-to-end encrypted and never disclosed with any third parties. |
| User Profile or Contact Data (name, email, phone number, mailing address) | Parties You Authorize, Access, or Authenticate, Service Providers, Business Partners |
| Physical Addresses (billing, shipping, mailing address) | This data is end-to-end encrypted and never disclosed with any third parties. |
| Commercial Data (purchase history, items, store locations, consumer profiles) | Service Providers, Business Partners, Parties You Authorize, Access, or Authenticate |
| Device/IP Data (IP address, device ID, domain server, OS/browser type) | Service Providers, Business Partners, Parties You Authorize, Access, or Authenticate |
| Web Analytics (web page interactions, referring webpages, statistics) | Service Providers, Business Partners, Parties You Authorize, Access, or Authenticate |
| Geolocation Data (IP-based location information) | Service Providers, Business Partners, Parties You Authorize, Access, or Authenticate |
| Other Identifying Information You Voluntarily Provide | Service Providers, Business Partners, Parties You Authorize, Access, or Authenticate |
Our Commercial or Business Purposes for Collecting Personal Data
- Providing, Operating, and Improving the Services
- Marketing the Services
- Corresponding with You
- Other Permitted Purposes for Processing Personal Data
Categories of Sources of Personal Data
- You (when you provide such information directly to us)
- Third Parties (vendors, advertising partners, third-party credentials)
How We Disclose Your Personal Data
- Service Providers (hosting, analytics, fraud prevention, support vendors)
- Business Partners (partners offering related services)
- Legal Obligations (law enforcement, court orders, regulatory requirements)
- Business Transfers (mergers, acquisitions, bankruptcy)
- Data that is Not Personal Data (aggregated, de-identified data)
Tracking Tools, Advertising, and Opt-Out
The Services use cookies and similar technologies. These include:
- Essential Cookies (required for secure login and core functionality)
- Functional Cookies (store preferences and personalize content)
- Performance/Analytical Cookies (analyze user interaction, measure performance)
For managing cookie preferences, visit allaboutcookies.org.
Data Security
We protect your Personal Data using security measures, but no method of transmission over the internet is entirely secure.
Data Retention
We retain Personal Data for as long as necessary to fulfill our services and legal obligations.
Personal Data of Children
We do not knowingly collect data from children under the age of 16. If we discover that we have, we will delete it immediately. Contact us at support@typecastle.com if you believe we have collected data from a child under the age of 16.
State Law Privacy Rights
California Resident Rights
Under California law, you can request that we do not share your data with third parties for direct marketing. Contact us at support@typecastle.com to opt out.
Nevada Resident Rights
We do not currently sell Personal Data as defined in Nevada law.
Contact Information
For any questions, please contact us at:
Subtotal
support@typecastle.com
100 Church Street, Suite 800, New York, NY 10007