Privacy Policy

Joy Subscription Pte. Ltd. (“Joy Subscription,” “we,” “us,” or “our”) is committed to protecting your privacy and handling your personal information with transparency and care. This Privacy Policy explains how we collect, use, share, and protect personal information in connection with our subscription management platform and related services.

1. SCOPE AND APPLICATION

1.1 What This Policy Covers

This Privacy Policy applies to personal information we collect through:

  • Our subscription management platform (“Joy Subscription Platform”)
  • Our websites, including joysubscription.com and related domains
  • Customer support interactions and communications
  • Direct use of our subscription management services
  • Payment processing and billing operations

1.2 Our Role in Data Processing

Joy Subscription operates in different capacities depending on your relationship with us:

  • As a Data Processor/Service Provider: When merchants use our platform, we process their subscribers’ data on their behalf according to the merchant’s instructions
  • As a Data Controller/Business: When you interact directly with us (as a merchant, website visitor, or job applicant), we determine how your personal information is processed

1.3 What This Policy Does Not Cover

  • Merchant Privacy Practices: Each merchant using our platform has their own privacy policy governing their subscriber relationships
  • Third-Party Services: External websites, applications, or services linked from our platform
  • Anonymized Data: Information that has been de-identified and cannot reasonably be linked back to an individual

2. INFORMATION WE COLLECT

2.1 Subscriber Data (When Acting as Processor)

When merchants use our platform, we may process the following categories of their subscribers’ personal information:

  • Identity Information: Names, usernames, subscriber IDs, account details
  • Contact Information: Email addresses, phone numbers, billing and shipping addresses
  • Subscription Data: Active plans, billing cycles, subscription history, plan changes
  • Payment Information: Payment methods, billing details, transaction history
  • Usage Data: Service usage patterns, feature utilization, engagement metrics
  • Preference Information: Subscription preferences, communication settings, plan customizations

2.2 Merchant and User Data (When Acting as Controller)

When you interact directly with Joy Subscription, we may collect:

  • Account Information: Email addresses, passwords (encrypted), profile details, business verification data
  • Business Information: Company name, industry, contact details, team member information, tax information
  • Platform Usage Data: Login records, feature usage, subscription management activities, performance metrics
  • Support Communications: Messages, chat logs, support tickets, feedback
  • Financial Data: Payment processing setup, payout information, transaction processing details
  • Marketing Data: Newsletter subscriptions, event participation, communication preferences

2.3 Website Visitor Data

When you visit our websites, we automatically collect:

  • Technical Information: IP addresses, browser type, device information, operating system
  • Usage Information: Pages visited, time spent, click patterns, referral sources
  • Location Data: General geographic location based on IP address
  • Cookie Data: As described in our Cookie Notice below

2.4 Employment-Related Data

For job applicants and employees:

  • Application Information: Resumes, cover letters, interview notes, references
  • Employment Records: Personnel files, performance evaluations, compensation details
  • Background Information: As permitted by applicable law and with appropriate consent

3. HOW WE USE PERSONAL INFORMATION

3.1 Subscription Management and Service Delivery

  • Providing and maintaining our subscription management platform
  • Processing recurring billing and managing subscription lifecycles
  • Handling subscription modifications, upgrades, downgrades, and cancellations
  • Managing payment processing and financial transactions
  • Providing customer support and technical assistance
  • Monitoring platform performance and troubleshooting issues

3.2 Business Operations and Analytics

  • Analyzing subscription patterns and churn prevention
  • Developing new features and functionality for subscription businesses
  • Conducting research and analytics on subscription models
  • Managing merchant relationships and onboarding
  • Processing payments and managing merchant payouts
  • Generating subscription performance reports and insights

3.3 Communications

  • Sending transactional emails and subscription notifications
  • Providing customer support responses
  • Delivering marketing communications (with appropriate consent)
  • Sharing platform updates and important announcements
  • Sending billing and payment notifications

3.4 Legal and Compliance

  • Complying with applicable laws and regulations, including financial regulations
  • Responding to legal requests and court orders
  • Protecting against fraud, chargebacks, and security threats
  • Enforcing our terms of service and other agreements
  • Maintaining records for tax and accounting purposes

4. LEGAL BASIS FOR PROCESSING

We process personal information based on the following legal grounds:

  • Contract Performance: To fulfill our obligations under agreements with merchants and users
  • Legitimate Interests: To operate our business, improve our services, prevent fraud, and protect our systems
  • Legal Compliance: To comply with applicable laws and regulations, including financial and tax obligations
  • Consent: Where required by law or for specific purposes like marketing communications
  • Vital Interests: To protect the safety and well-being of individuals

5. INFORMATION SHARING AND DISCLOSURE

5.1 We Do Not Sell Personal Information

Joy Subscription does not sell personal information as defined by applicable privacy laws, including the California Consumer Privacy Act (CCPA).

5.2 Service Providers and Sub-Processors

We share personal information with trusted service providers who assist in our operations:

  • Google Cloud Platform provides cloud infrastructure and data storage services in the United States, with Data Processing Agreement and security measures in place
  • Stripe handles payment processing and billing operations in the United States, with PCI DSS compliance and data protection obligations
  • SendGrid manages email delivery services in the United States, with Data Processing Agreement and security protocols
  • Intercom provides customer support and communications in the United States, with Data Processing Agreement and privacy controls
  • Mixpanel offers analytics and performance monitoring services in the United States, with Data Processing Agreement and privacy settings
  • Chargebee provides subscription billing infrastructure in the United States, with Data Processing Agreement and security measures

All service providers are contractually required to protect personal information and use it only for specified purposes.

5.3 Payment Processors and Financial Partners

We work with payment processors and financial institutions to handle subscription billing:

  • Payment processors for credit card and other payment method processing
  • Banking partners for merchant payouts and settlements
  • Tax service providers for compliance and reporting
  • Fraud prevention services for transaction security

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of the transaction, subject to appropriate protections.

5.5 Legal Requirements

We may disclose personal information when required by law, legal process, or to:

  • Comply with court orders, subpoenas, or regulatory requests
  • Protect our rights, property, or safety, or that of others
  • Investigate or prevent fraud, chargebacks, or illegal activities
  • Enforce our terms of service or other agreements

5.6 Merchant Data Sharing

When acting as a processor, we may share subscriber data with merchants as necessary to provide our services, always in accordance with merchant instructions and applicable data protection agreements.

6. INTERNATIONAL DATA TRANSFERS

6.1 Cross-Border Processing

Personal information may be transferred to and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate.

6.2 Transfer Safeguards

For transfers of personal information subject to European data protection laws, we rely on:

  • Adequacy Decisions: Recognized by the European Commission or UK authorities
  • Standard Contractual Clauses: EU-approved transfer mechanisms
  • Additional Safeguards: Supplementary measures to ensure adequate protection

7. DATA RETENTION

7.1 Retention Principles

We retain personal information only for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal obligations and resolve disputes
  • Maintain business records as required by law
  • Provide ongoing services to merchants and subscribers

7.2 Specific Retention Periods

  • Subscriber Data (as Processor): Retained according to merchant instructions and legal requirements
  • Merchant Account Data: Retained for the duration of the business relationship plus 7 years
  • Payment and Billing Data: Retained for 7 years for tax and accounting purposes
  • Subscription Transaction Data: Retained for 7 years for financial record-keeping
  • Website Analytics: Typically retained for 26 months
  • Support Communications: Retained for 3 years after resolution
  • Marketing Data: Retained until consent is withdrawn or 3 years of inactivity

7.3 Secure Deletion

When personal information is no longer needed, we securely delete or anonymize it using industry-standard methods, including secure deletion of payment data in compliance with PCI DSS requirements.

8. DATA SECURITY

8.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Payment Security: PCI DSS Level 1 compliant payment processing
  • Access Controls: Role-based access with multi-factor authentication
  • Infrastructure Security: Secure cloud hosting with Google Cloud Platform
  • Network Security: Firewalls, intrusion detection, and monitoring systems
  • Database Security: Encrypted databases with access logging and monitoring

8.2 Organizational Safeguards

  • Employee Training: Regular privacy and security awareness training
  • Access Limitation: Personal information access limited to authorized personnel
  • Incident Response: Established procedures for security breach response
  • Vendor Management: Due diligence and contractual protections for service providers
  • Compliance Monitoring: Regular security audits and compliance assessments

8.3 Payment Data Security

  • PCI DSS Compliance: Full compliance with Payment Card Industry Data Security Standards
  • Tokenization: Sensitive payment data is tokenized and stored securely
  • Secure Processing: Payment transactions processed through certified payment processors
  • Monitoring: Continuous monitoring for fraudulent activity and security threats

8.4 Security Limitations

While we implement robust security measures, no system is completely secure. Users should protect their account credentials and report suspected security issues promptly.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 Types of Cookies We Use

  • Essential Cookies: Required for platform functionality and security
  • Analytics Cookies: Help us understand usage patterns and improve our services
  • Marketing Cookies: Used for advertising and measuring campaign effectiveness (with consent)
  • Preference Cookies: Remember your settings and customizations
  • Security Cookies: Used for fraud prevention and account security

9.2 Cookie Management

You can control cookies through your browser settings. However, disabling essential cookies may affect platform functionality.

9.3 Other Tracking Technologies

  • Web Beacons: Used in emails to track delivery and engagement
  • Log Files: Automatically collected server logs for security and performance
  • Local Storage: Browser-based storage for user preferences and session data
  • Session Identifiers: Used to maintain secure sessions during platform use

9.4 Do Not Track

Our platform does not currently respond to Do Not Track browser signals, as there is no universal standard for how to interpret such signals.

10. YOUR PRIVACY RIGHTS

10.1 Rights Under European Law (GDPR/UK GDPR)

If you are in the European Economic Area or United Kingdom, you have the right to:

  • Access: Request a copy of your personal information
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal information
  • Restriction: Limit how we process your information
  • Portability: Receive your information in a portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: For processing based on consent

10.2 Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know: What personal information we collect, use, and share
  • Delete: Request deletion of your personal information
  • Correct: Request correction of inaccurate information
  • Opt-Out: Opt-out of the sale or sharing of personal information
  • Non-Discrimination: Equal service regardless of privacy choices
  • Limit Sensitive Information: Restrict use of sensitive personal information

10.3 Rights Under Other Laws

We respect privacy rights under other applicable laws and will respond to valid requests according to legal requirements.

10.4 Exercising Your Rights

To exercise your privacy rights:

  • Email: [email protected]
  • Include: Your name, contact information, and specific request
  • Verification: We may request additional information to verify your identity

10.5 Response Timeline

We will respond to privacy requests within the timeframes required by applicable law, typically within 30 days.

10.6 Authorized Agents

You may designate an authorized agent to make privacy requests on your behalf. The agent must provide written authorization and you may need to verify your identity directly with us.

11. SUBSCRIBER RIGHTS AND MERCHANT RESPONSIBILITIES

11.1 Subscriber Data Rights

When we process subscriber data on behalf of merchants:

  • Subscribers should contact the merchant directly for data requests
  • We will assist merchants in responding to subscriber rights requests
  • Merchants are responsible for ensuring subscriber consent and providing privacy notices

11.2 Merchant Obligations

Merchants using our platform must:

  • Obtain appropriate consent for data processing
  • Provide clear privacy notices to their subscribers
  • Respond to subscriber data rights requests
  • Ensure lawful basis for processing subscriber data
  • Comply with applicable data protection laws

12. MARKETING COMMUNICATIONS

12.1 Types of Communications

  • Transactional Emails: Account notifications, security alerts, service updates, billing notifications
  • Marketing Emails: Product announcements, newsletters, promotional offers, subscription business insights
  • In-App Notifications: Platform updates and feature announcements
  • SMS Notifications: Important security alerts and payment notifications (with consent)

12.2 Consent and Opt-Out

  • Marketing communications require opt-in consent
  • You can unsubscribe using links in emails or by contacting us
  • Transactional communications cannot be disabled but are limited to essential information

13. CHILDREN'S PRIVACY

13.1 Age Restrictions

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16 without verifiable parental consent.

13.2 Parental Rights

If you believe we have collected information from a child under 16, please contact us immediately at [email protected] so we can delete such information.

14. PRIVACY POLICY UPDATES

14.1 Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws.

14.2 Notification of Changes

  • Material Changes: We will provide prominent notice and may seek additional consent
  • Minor Updates: Posted on our website with an updated “Last Modified” date
  • Communication: Important changes may be communicated via email or in-app notifications

14.3 Continued Use

Your continued use of our services after policy updates constitutes acceptance of the revised terms.

15. CONTACT INFORMATION

15.1 Privacy Team

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Joy Subscription Privacy Team
Email: [email protected]
Website: https://joysubscription.com/privacy-policy

Request a demo

🐶️ Check your mail!

We just sent your pawsome eBook straight to your inbox.
Please also check Spam & Promotion just in case 🐕