Privacy Policy - Subly
Last updated: January 17, 2025
Extension: Subly - Smart Netflix Subtitles
Effective Date: January 17, 2025
Subly ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.
1. Data Collection
1.1 Account Information
What we collect:
- Email Address: Collected via Google OAuth for account creation, authentication, and communication
Why we collect it: To create and manage your Subly account, enable multi-device synchronization, and provide customer support.
1.2 Language Learning Preferences
What we collect:
- Target Language: The language you're learning (Portuguese or French)
- Native Language: Your preferred native language (13 languages supported)
- Vocabulary Level: Result of your vocabulary assessment (ranging from 100 to 5,000 words)
Why we collect it: To personalize subtitle switching based on your vocabulary knowledge and provide an optimal language learning experience.
1.3 Netflix Subtitles (Temporary Processing Only)
What we collect:
- Subtitle Files: Netflix subtitle files from shows you watch (public data available to all Netflix users)
Processing: Subtitles are processed in real-time by our API to create personalized bilingual subtitles and are immediately deleted after processing. We do NOT store subtitle files on our servers.
What we do NOT collect:
- Show names, titles, or content metadata
- Viewing history or watch times
- Netflix account credentials or passwords
2. How We Use Your Data
We use your data for the following purposes:
- Personalized Subtitles: Creating intelligent bilingual subtitles that automatically switch between your target and native languages based on your vocabulary level
- Multi-Device Sync: Synchronizing your language preferences and vocabulary level across all your devices
- Subscription Management: Managing your Subly Premium subscription, billing, and payment processing
- Service Improvements: Improving subtitle processing algorithms and user experience
- Customer Support: Responding to your questions and providing technical assistance
3. Data Sharing & Third-Party Services
Subly uses trusted third-party services to provide our service. We share limited data with the following providers:
3.1 Supabase (Database & Authentication)
Data shared with Supabase:
- Email address (via Google OAuth)
- Language preferences (target language, native language)
- Vocabulary levels
- Subscription status
Purpose: Account management, authentication, multi-device data synchronization, and secure data storage.
Security: Supabase uses Row Level Security (RLS) to ensure users can only access their own data. Data is stored in GDPR-compliant EU data centers.
Privacy Policy: supabase.com/privacy
3.2 Stripe (Payment Processing)
Important: Stripe is a third-party payment processor that collects data independently from Subly. We do NOT have access to your complete payment card details.
What Subly shares with Stripe:
- Email address (to create Stripe customer account)
What Stripe collects directly (not accessible by Subly):
- Payment Information: Credit/debit card number, expiration date, CVV code
- Billing Information: Name, billing address
- Technical Data: IP address, browser type, device information, operating system
- Behavioral Data: Checkout page interactions, mouse movements, form completion behavior (for fraud prevention)
What Subly stores from Stripe:
- Stripe Customer ID (unique identifier)
- Stripe Subscription ID (for subscription management)
- Subscription Status (active, canceled, past_due)
Purpose: Secure payment processing, subscription billing, fraud prevention, and compliance with financial regulations.
Security: Stripe is PCI-DSS Level 1 certified (the highest security standard for payment processing). All payment card data is encrypted and securely stored by Stripe.
Privacy Policy: stripe.com/privacy
3.3 Smart Subtitles API (Subtitle Processing)
Data shared: Netflix subtitle files (temporary)
Purpose: Processing subtitles to create personalized bilingual versions
Retention: Subtitle files are processed in-memory and immediately deleted after processing. No long-term storage.
We do NOT:
- Sell your personal data to third parties
- Share your data with advertisers or marketers
- Use your data for purposes other than providing the Subly service
4. Data Security
We implement the following security measures to protect your data:
4.1 Infrastructure Security
- HTTPS Encryption: All communications between your browser, our webapp, extension, and API use industry-standard TLS/SSL encryption
- Row Level Security (RLS): Supabase database policies ensure users can only access their own data
- Password-Free Authentication: Google OAuth eliminates password-related vulnerabilities (no passwords to store or leak)
- API Authentication: Secure API keys protect our subtitle processing service
4.2 Data Storage
- Account Data: Stored securely in Supabase (PostgreSQL database with encryption at rest)
- Payment Data: Stored exclusively by Stripe (PCI-DSS compliant), never by Subly
- Subtitle Files: Never stored (processed in real-time only)
5. Your Rights (GDPR Compliance)
You have the following rights regarding your personal data:
5.1 Right to Access
How to access your data:
- View your language preferences and vocabulary level in the extension popup
- View your subscription status in the webapp dashboard at subly-extension.vercel.app
- Contact us at unducamp.pro@gmail.com to request a complete copy of all data we store about you
5.2 Right to Modify
How to modify your data:
- Change your target language and native language anytime via the extension popup
- Retake the vocabulary test to update your vocabulary level
- Update your email address through your Google account settings
5.3 Right to Delete (Right to Erasure)
How to delete your data:
- Uninstalling the extension: Removes the extension from your browser but does NOT delete your account data stored in Supabase
- Complete account deletion: Contact us at unducamp.pro@gmail.com to request permanent deletion of your account and all associated data (settings, vocabulary levels, subscription information). We will delete all your data within 30 days of your request.
5.4 Right to Withdraw Consent
You can stop using Subly at any time by uninstalling the extension. To delete your stored account data, contact us at unducamp.pro@gmail.com.
5.5 Right to Object
You have the right to object to the processing of your personal data. Contact us at unducamp.pro@gmail.com to exercise this right.
6. Data Retention
- Account Data: Stored as long as your Subly account is active
- Subtitle Files: Never stored (processed in real-time and immediately deleted)
- Payment Data: Stored by Stripe according to their retention policy and financial regulations
- Account Deletion: When you request account deletion, all your data is permanently deleted within 30 days
7. Third-Party Privacy Policies
Subly uses the following third-party services. Please review their privacy policies to understand how they handle your data:
By using Subly, you acknowledge and agree to the privacy policies of these third-party services.
8. Cookies and Local Storage
Subly uses the following browser storage technologies:
- Chrome Local Storage: Stores your language preferences locally in your browser for offline access
- Session Cookies: Used by Supabase for authentication (automatically deleted when you close your browser)
- No Tracking Cookies: We do not use advertising or analytics cookies
9. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States (Stripe servers) and the European Union (Supabase servers). These transfers are protected by:
- GDPR-compliant Data Processing Agreements with our service providers
- EU-US Data Privacy Framework (Stripe)
- Standard Contractual Clauses approved by the European Commission
10. Children's Privacy
Subly is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at unducamp.pro@gmail.com, and we will delete the data.
11. Regulatory Compliance
This Privacy Policy complies with:
- GDPR (General Data Protection Regulation) - European Union
- UK GDPR - United Kingdom
- Chrome Web Store Developer Program Policies
- California Consumer Privacy Act (CCPA) - United States
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:
- Updating the "Last updated" date at the top of this policy
- Displaying a notification in the extension or webapp
- Sending an email to your registered email address (for significant changes)
Your continued use of Subly after such changes constitutes your acceptance of the updated Privacy Policy.
This Privacy Policy ensures that Subly respects your privacy and complies with applicable data protection laws while providing you with a personalized language learning experience on Netflix.