Privacy Policy

Last updated: March 10, 2026

This Privacy Policy explains how Subify, a product of [Radials Ltd] (company number: 17159201), collects, uses, stores, and protects your personal data when you use our video and audio transcription service.

We are committed to protecting your privacy and ensuring that your personal information is handled in accordance with the General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and other applicable data protection laws.

1. Data Controller

The data controller for your personal information is:

[Radials Ltd]
68-76 Kempston Street, Liverpool, England, L3 8HL
Company Number: 17159201
Email: contact@subify.co.uk

2. What Personal Data We Collect

We collect the following categories of personal data:

2.1 Information You Provide to Us

  • Email address: Used for account identification, communication, and billing (if applicable)
  • Username: Display name within the service (sanitized for security)
  • Encrypted password: Stored using industry-standard hashing algorithms
  • Subscription information: For paying customers, we store Stripe customer ID and subscription status

2.2 Data Generated Through Service Use

  • Usage data: Track your monthly transcription minutes usage
  • Account tier: Your subscription plan (free, solo, pro, audio_lite, etc.)
  • Billing dates: For managing subscription cycles
  • User identifier: A unique identifier used to organize your files in our storage system

3. How We Use Your Personal Data

We use your personal data for the following purposes:

3.1 Providing and Improving Our Service

  • To create and manage your account
  • To process your video/audio files and generate transcripts
  • To track your usage against your subscription limits
  • To provide customer support and respond to your inquiries
  • To improve our service and develop new features

3.2 Payment Processing (For Paid Subscriptions)

  • To manage your subscription and billing cycle
  • To process payments securely via Stripe
  • To generate invoices and billing history

3.3 Communications

  • To send service-related notifications (e.g., usage alerts, subscription updates)
  • With your consent, to send marketing communications about Subify (you can unsubscribe at any time)

3.4 Legal and Security

  • To comply with legal obligations
  • To detect and prevent fraud or abuse
  • To protect our service, users, and business interests

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Performance of a contract: Processing necessary to provide our service to you
  • Legitimate interests: For service improvement, fraud prevention, and business operations (your rights are not overridden)
  • Consent: For marketing communications (you may withdraw consent at any time)
  • Legal obligation: Where required to comply with tax, accounting, or other legal requirements

5. How We Handle Your Files

Your privacy is central to our service. Here's how we handle the files you upload:

5.1 File Uploads

  • Purpose: Your uploaded video or audio files are processed solely to generate transcripts or subtitles
  • Storage duration: Uploaded files are automatically deleted after 24 hours
  • Access: Only you (and our automated systems) can access your files. Files are stored in user-specific directories

5.2 Audio Extraction

  • For video files, we extract audio for transcription
  • Extracted audio files are automatically deleted after 6 hours
  • Audio extraction is performed locally within our system; no external audio analysis services are used

5.3 Transcript Outputs

  • Generated subtitle files (SRT, ASS) are available for download
  • Output files are automatically deleted after 48 hours
  • You may download and retain your transcripts indefinitely

5.4 Data Processing Location

All file processing (transcription, audio extraction, subtitle generation) is performed on our servers in [data centre location - e.g., United Kingdom / European Economic Area]. We do not transfer your files to third countries for processing.

6. Third-Party Service Providers

We work with the following trusted partners who process data on our behalf:

6.1 Stripe (Payment Processing)

  • Purpose: Secure payment processing and subscription management
  • Data shared: Email, subscription details, payment information (handled directly by Stripe's PCI-compliant systems)
  • Location: Stripe operates globally with appropriate safeguards (standard contractual clauses, EU-U.S. Data Privacy Framework)
  • Privacy Policy: https://stripe.com/en-gb/privacy

6.2 Rate Limiting and Task Queue

  • Purpose: Rate limiting, job queuing, and session management
  • Data stored: IP addresses, rate limit counters, task metadata
  • Location: Hosted within our infrastructure (not external service)
  • Retention: Temporary storage for operational purposes

6.3 Database Storage

  • Purpose: Secure storage of user accounts, usage data, and billing information
  • Location: Hosted within our infrastructure (not external service)
  • Security: Encrypted at rest, access-controlled

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We may disclose your information in the following limited circumstances:

  • Service providers: As described in Section 6, to trusted partners who assist our operations (Stripe for payments)
  • Legal requirements: If required by law, regulation, or court order
  • Protection of rights: To protect our rights, property, or safety, or that of our users or the public
  • Business transfers: In connection with a merger, acquisition, or sale of all or substantially all our assets (you will be notified)

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption: Passwords hashed using industry-standard algorithms; data transmitted over HTTPS
  • Access controls: Restricted access to personal data on a need-to-know basis
  • Authentication: Secure session management with protected cookies
  • Monitoring: Security logging and intrusion detection
  • File isolation: User files stored in separate directories

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your personal data only as long as necessary:

9.1 Account Data

  • Active accounts: Retained indefinitely while your account is active
  • Closed accounts: Deleted upon request (see Section 11) or after [X] months of inactivity

9.2 File Retention

  • Uploaded files: 24 hours
  • Extracted audio: 6 hours
  • Generated transcripts: 48 hours
  • Automated deletion: All files are automatically purged after these periods

9.3 Billing and Transaction Data

  • Retained for tax, accounting, and legal compliance (typically 6 years from the end of the financial year)

10. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights regarding your personal data:

10.1 Right to Access

You may request a copy of the personal data we hold about you.

10.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data, subject to certain exceptions (e.g., data needed for legal compliance).

10.4 Right to Data Portability

You may receive your personal data in a structured, commonly used format and transmit it to another controller.

10.5 Right to Restrict Processing

You may request we temporarily or permanently stop processing certain personal data.

10.6 Right to Object

You may object to processing based on legitimate interests or direct marketing.

10.7 Rights Related to Automated Decision-Making

We do not make automated decisions about you that produce legal or similarly significant effects.

10.8 California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you also have the right to:

  • Know what personal information is collected, sold, or disclosed
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

11. How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

Email: contact@subify.co.uk
Contact Form: https://subify.co.uk/contact.html

We will respond to your request within 30 days. We may require verification of your identity before fulfilling your request.

12. Cookies and Similar Technologies

We use only essential cookies necessary for the service to function:

  • Session cookie: Keeps you logged in during your session; expires after a limited duration of inactivity
  • Theme preference: Stores your dark/light mode choice (localStorage, not a cookie)

We do not use analytics cookies, advertising cookies, or third-party tracking technologies. You may block or delete cookies through your browser settings, but some service features may not function properly.

13. International Data Transfers

Your personal data is processed primarily in [UK/EEA]. When we transfer data outside this region (e.g., Stripe's global infrastructure), we ensure appropriate safeguards are in place:

  • Stripe relies on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses
  • All processors are bound by contract to provide equivalent protection

14. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete such information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a new "Last updated" date. We will notify you of material changes via email or by prominent notice on our service before the changes take effect. Continued use of the service after such modifications constitutes acceptance of the updated policy.

16. Contact and Complaints

If you have questions about this Privacy Policy or our data practices, please contact us at:

[Radials Ltd]
Email: contact@subify.co.uk
Contact Form: https://subify.co.uk/contact.html

If you are in the European Economic Area and believe your data protection rights have been infringed, you have the right to lodge a complaint with your local data protection authority. For UK residents, that is the Information Commissioner's Office (ICO).