SUBASH
Privacy

Privacy Policy

Effective date: 1 March 2026

1. Introduction

Subash (“we”, “our”, “us”) is committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, and share information when you use our platform at subash.app.

2. Information We Collect

We collect the following categories of information:

Account Information

Your name, email address, and profile photograph, collected when you register via email or a third-party OAuth provider (Google, GitHub).

Authentication Data

We use NextAuth.js for session management. OAuth tokens are managed securely and are never stored in plain text. Passwords for email/password accounts are hashed with bcrypt before storage.

User-Generated Content

Reviews, fragrance ratings, wardrobe collections, Fragram posts, and any other content you voluntarily submit to the Platform.

Usage Data

Page views, search queries, and feature interactions collected automatically to improve the Platform. This data is anonymised and aggregated.

Device & Technical Data

Browser type, operating system, IP address, and referral URLs, collected automatically for security and debugging purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Platform.
  • Authenticate your identity and manage your session.
  • Display your public profile, reviews, and community contributions.
  • Send transactional emails (e.g., email verification, newsletter confirmation).
  • Analyse usage patterns to improve the Platform's features and performance.
  • Detect, investigate, and prevent fraudulent activity and abuse.

4. Cookie Usage

We use cookies and similar tracking technologies solely for the purpose of session management. Specifically:

Session Cookies

Used by NextAuth.js to maintain your authenticated session. These are strictly necessary and expire when you close your browser or sign out.

CSRF Tokens

Short-lived tokens used to protect against cross-site request forgery attacks on form submissions.

We do not use advertising cookies, tracking pixels, or third-party analytics trackers such as Google Analytics.

5. How We Share Your Information

We do not sell, rent, or lease your personal data to third-party data brokers, advertisers, or marketing companies under any circumstances.

We may share information only in the following limited circumstances:

  • With service providers who assist in operating the Platform (e.g., email delivery via Resend), bound by strict data processing agreements.
  • When required by applicable law, court order, or governmental authority.
  • In connection with a merger, acquisition, or asset sale, where you will be notified in advance.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Platform. If you delete your account, we will permanently delete your personal information within 30 days, except where retention is required by law.

7. Data Security

We implement industry-standard security measures, including TLS/SSL encryption for data in transit, bcrypt hashing for passwords, and role-based access controls. However, no method of transmission over the internet is 100% secure. We cannot guarantee the absolute security of your data.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to access — request a copy of the data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request deletion of your personal data.
  • Right to restriction — request that we limit the processing of your data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to our processing of your personal data.

To exercise any of these rights, contact us at [email protected].

9. Children's Privacy

The Platform is not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this Policy periodically.

11. Contact

For privacy-related inquiries, contact our team at: [email protected]

Terms of ServiceLicensing & API← Back to Subash