Privacy Policy

Last updated: January 2026

1. Introduction

SubRadio CMS ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our cloud-hosted radio management platform.

2. Information We Collect

We collect the following categories of personal data:

• Account information: Name, email address, and password (hashed with bcrypt) when you register or purchase a licence.
• Licence data: Your licence key, selected plan, and associated station details.
• Payment information: When purchasing through Stripe, your payment details are processed directly by Stripe. We store only your Stripe customer ID and subscription ID — never your card number.
• Usage data: Listener counts, page views, and station activity statistics for your dashboard.
• Technical data: IP addresses, browser type, and device information for security and troubleshooting.

3. How We Use Your Information

We use your personal data for the following purposes:

• To provide and maintain the SubRadio CMS platform and its features.
• To process licence purchases and manage subscriptions.
• To send you your licence key and important service notifications via email.
• To generate listener statistics and analytics for your station dashboard.
• To detect and prevent fraud, abuse, and security threats.
• To improve our platform based on aggregated, anonymised usage patterns.

4. Legal Basis for Processing

We process your personal data based on: (a) the performance of our contract with you (providing the CMS service), (b) your consent (where applicable), (c) our legitimate interests in operating and improving the platform, and (d) compliance with legal obligations.

5. Data Sharing

We do not sell your personal data. We share data only with:

• Stripe: For payment processing. Stripe acts as an independent data controller. See Stripe's Privacy Policy.
• Email provider: To deliver licence keys and service notifications via SMTP.
• Law enforcement: When required by applicable law, court order, or legal process.

6. Data Storage & Security

Your data is stored securely on our cloud infrastructure. We implement industry-standard security measures including: HTTPS encryption for all data in transit, bcrypt password hashing, JWT-based authentication, rate limiting on all API endpoints, and input sanitisation to prevent injection attacks. Database backups are encrypted.

7. Data Retention

We retain your personal data for as long as your licence is active and your account exists. If you cancel your subscription, we retain basic account data for up to 90 days to allow for reactivation, after which it is permanently deleted. Aggregated and anonymised statistics may be retained indefinitely.

8. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

• Access your personal data and receive a copy.
• Rectify inaccurate or incomplete data.
• Erase your personal data ("right to be forgotten").
• Restrict or object to processing of your data.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us through the Owner Panel or email your station administrator.

9. Children's Privacy

SubRadio CMS is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of SubRadio CMS after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests, please contact us through the Owner Panel or reach out to your station administrator.