Subletopia

Privacy Policy

Last updated: June 5, 2026

This Privacy Policy explains how Subletopia ("we", "us") collects, uses, and shares information when you use our website and services (the "Service"). We aim to collect as little as we need to run the Service.

1. Information we collect

  • Account information: your email address, which you provide to sign in via a one-time magic link. We do not store passwords.
  • Usage information: records of listings you open (to enforce free-tier daily limits) and search alert criteria you create.
  • Billing information: if you subscribe to Subletopia Premium, our payment processor (Stripe) handles your payment details. We store a Stripe customer identifier and your subscription status; we do not store your full card number.
  • Technical information: standard server logs (such as IP address, browser type, and timestamps) used for security, debugging, and abuse prevention.

2. Cookies

We use a single, strictly-necessary cookie to keep you signed in: an httpOnly session cookie set after you use a magic link. It is required for the Service to function and is not used for advertising or cross-site tracking, so no consent banner is required. We do not currently use third-party advertising or analytics cookies. If that changes, we will update this policy and, where required, request your consent.

3. How we use information

  • to provide and operate the Service (sign-in, alerts, limits);
  • to process subscriptions and payments through Stripe;
  • to send transactional emails (such as magic-link sign-in and, if you opt in, listing alerts);
  • to maintain security, prevent abuse, and comply with legal obligations.

4. Service providers we share with

We share information only with providers that help us run the Service, under their respective privacy terms:

  • Stripe — payment processing and subscription management;
  • Resend — sending transactional email;
  • Cloudflare — DNS, CDN, and security;
  • Our hosting provider — running the application servers and database.

We do not sell your personal information.

5. Data retention

We keep your information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You can request deletion of your account and associated data at any time (see Contact below).

6. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal information, and to withdraw consent. To exercise these rights, reach us through our . We will respond within a reasonable timeframe.

7. Security

We use reasonable technical and organizational measures to protect your information, including encryption in transit (HTTPS) and restricted access to data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

8. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from them.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, for material changes, provide additional notice where appropriate.

10. Contact

Questions or requests about your privacy? Reach us through our .