Privacy Policy

Subsquat helps businesses identify vulnerabilities by providing online subdomain takeover vulnerability scanning services. This Privacy Policy outlines how we handle personal data, the ways in which we share it, and your rights and choices.

At Subsquat, we're committed to clarity and transparency regarding the data we gather and process. We have made every effort to ensure that this Privacy Policy is clear and easy to understand. If you have any concerns regarding privacy, please contact us via our contact form.

What is the scope of this Privacy Policy?

"Subsquat", "we", "our", "us" refers to Subsquat Ltd.

This Privacy Policy is applicable to all services provided by Subsquat ("Services"), encompassing the services available on the website, and other external services or websites that Subsquat states fall under this Policy.

"You" in this context may mean Subsquat User or Visitor:

  • "Subsquat User" refers to you when you create a Subsquat account to utilise the Services.
  • "Visitor" refers to you when you explore Subsquat without logging into a Subsquat account.

What personal information does Subsquat collect?

When you visit our website:

We monitor your usage, which may include your IP address, geolocation data, browser type, and information about your interaction with our website.

When you create a Subsquat account:

We ask for details like your email address, name, or company. In some instances, a phone number might be required for verification, and we collect billing information if you become a Premium subscriber.

When you use our services:

We track and log your usage, including information like IP address and browser used.

When you contact our support:

We maintain records of conversations and any data shared during interactions. Conversations are deleted up to 90 days after account removal.

How does Subsquat use your data?

  • To facilitate access to the Services.
  • To enhance user experience.
  • To provide customer assistance.
  • To combat fraud.
  • To distribute updates and educational content.

What are the legal bases for processing data?

Our legal bases for processing personal data vary depending on the purpose. This may include contractual necessity, legitimate interest, and consent where applicable.

Objective of Processing Type of Personal Information Legal Grounds
For Providing Access to the Services. Full Name, Contact Details, Billing Information. Contractual Obligation to fulfill our agreement with Subsquat Users.
For Enhancing User Experience. Usage of Features on the Site, Full Name, Contact Details, Subscription Type, Feedback from Users Our justifiable interest in understanding the usage of Services to better them. Supported by expressed consent during our surveys.
To Extend Customer Assistance. Usage Patterns, Full Name, Contact Details, Subscription Plan, Billing Records. Our legitimate concern in aiding Subsquat Users.
To Combat Fraudulent Activities. Full Name, Contact Details, Location & IP Address, Billing Information. Our lawful interest in overseeing and identifying fraudulent actions to protect our Services.
To Distribute Updates and Informative Content. Full Name, Ways to Contact. The justifiable interest of Subsquat in disseminating details about its Services. Contractual Requirement for some vital announcements.

Your rights and choices

You have various rights concerning your personal data, including:

  • Access, rectification, deletion, restriction, or blocking of your data.
  • Objecting to direct marketing or other processing.
  • Withdrawing consent, if processing is based on consent.

Update and delete your information

You can modify or permanently delete your account from within your account settings.

Use of cookies

We employ cookies to ensure proper functioning, analyze usage, save preferences, and provide targeted advertising. Learn more at:

Last updated: 12th August, 2023