← Back to SubSurrender

Privacy Policy

Last updated: May 2025

1. Who We Are

SubSurrender is operated as a sole proprietorship based in Norway. We are committed to protecting your privacy and handling your data responsibly in accordance with the General Data Protection Regulation (GDPR) and Norwegian law.

Contact: contact@subsurrender.com

2. Data We Collect

When you register and use SubSurrender, we collect:

• Username, email address, and password (encrypted)
• No-go zones you specify
• Task completion data, proof texts, and confessions
• XP, streak, and level progress
• Payment information (processed by Stripe — we never store card details)
• Basic usage data (login times, activity)

3. How We Use Your Data

We use your data to:

• Operate your account and provide the service
• Generate personalised AI tasks based on your profile and no-go zones
• Display your activity in the community feed and leaderboard
• Process payments for premium features
• Send service-related emails (inactivity reminders, account notices)
• Improve the Platform

We do not sell your data to third parties. We do not use your data for advertising.

4. Sensitive Data

SubSurrender processes content that may be considered sensitive in nature (lifestyle preferences, no-go zones). This data is used solely to personalise your experience and is never shared with third parties. You are always in control of what you share.

5. Data Sharing

We share data only with:

• Stripe — for payment processing
• Anthropic — AI task generation (prompts only, no personal identifiers)
• Railway.app — hosting infrastructure

All third-party providers are GDPR-compliant.

6. Community Content

Proof texts and task completions you post are visible to other users in the community feed. Your username is displayed publicly. You can control visibility settings from your profile. Confessions submitted via "I Failed" are private and not shared publicly.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days. Anonymised usage statistics may be retained for analytics.

8. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to processing of your data
• Data portability
• Lodge a complaint with Datatilsynet (the Norwegian Data Protection Authority)

To exercise these rights, contact us at: contact@subsurrender.com

9. Cookies

SubSurrender uses only essential functional storage (localStorage) to keep you logged in. We do not use tracking cookies or third-party analytics cookies.

10. Security

Passwords are stored encrypted. All data is transmitted over HTTPS. We take reasonable technical and organisational measures to protect your data.

11. Changes to This Policy

We may update this policy occasionally. Significant changes will be communicated via email. Continued use of the Platform after changes constitutes acceptance.

12. Contact

Privacy questions or requests: contact@subsurrender.com

Norwegian Data Protection Authority: datatilsynet.no