FairSubs - Find the Cheapest Subscription Prices Worldwide

Last updated: 16 October 2025

This Privacy Policy explains how FairSubs ("we", "us", "our") processes information when you visit our website, submit forms, or join the waitlist.

1) Controller and Contact

Controller: Robin Majoor (sole proprietor), trading as "FairSubs"

Robin Majoor

Calle Rector Ramon Martin Mateo 2

03550 San Juan de Alicante (Alicante)

Spain

Email: privacy@fairsubs.com

We have not appointed a Data Protection Officer.

2) What data we collect and why

a) Website analytics (Umami — cookieless)

What: aggregated pageviews, referrers, approximate country, device type, and UTM parameters. No cookies, no persistent IDs, no cross-site tracking.

Why (purpose): understand which pages and campaigns work; improve the site.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

b) Waitlist (Double Opt-In)

What: email address (required), campaign metadata (UTM, referrer), timestamps, verification token (hashed), double-opt-in status, policy version; truncated IP (/24 IPv4 or /64 IPv6) and user-agent for consent proof.

Why: send the confirmation email and notify you at launch / important product updates related to your waitlist request.

Legal basis: consent (Art. 6(1)(a) GDPR). You can withdraw at any time.

c) Optional marketing emails

What: email address and your separate marketing consent (with timestamp).

Why: occasional product updates and offers.

Legal basis: consent (Art. 6(1)(a) GDPR). Independent from the waitlist consent; you can unsubscribe anytime.

d) Feature & feedback forms

What: Requested subscriptions, preferred countries, free-text price feedback messages, plus technical metadata your browser sends (IP address, user agent) for abuse prevention.

Why: To review your suggestions, follow up with you if needed, and correct inaccurate pricing data.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in improving the service and preventing abuse.

e) Contact form

What: Name, email address, subject, message content, and technical metadata (IP, user agent) for rate limiting.

Why: To respond to your request and prevent spam.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

f) Cloudflare Turnstile (security check)

What: When you submit selected forms, Cloudflare Turnstile processes your IP address, browser metadata, and the challenge result.

Why: To detect automated abuse, spam, and bot requests.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in securing our service.

g) Server logs & security

What: IP address, user-agent, request URL, date/time, and error logs collected by our hosting/network providers.

Why: operate the service, prevent abuse, and fix issues.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

h) Performance monitoring

We use Vercel Speed Insights to gather anonymised performance data (e.g., load times, device type). No cookies are set.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in improving stability and user experience.

3) Cookies

We do not use cookies for analytics or advertising. Essential cookies (if any) are used only to operate the site (e.g., theme preference) and do not track you across sites.

4) Processors and recipients

We use trusted service providers under data-processing agreements where required:

DNS/CDN/WAF: Cloudflare — network security, traffic routing, and Turnstile bot protection.
Database: Supabase (managed Postgres) — stores waitlist records.
Email inbox (contact): Zoho Mail — receives and stores emails sent to us.
Performance: Vercel Speed Insights — processes anonymised performance metrics.
Email delivery (waitlist/transactional & optional marketing): Resend — used to send double opt-in and product emails. EU data residency configured (eu-west-1).
Analytics: Umami — self-hosted open-source analytics without cookies, aggregated data.

Where services operate outside the EEA/UK/CH, we rely on GDPR safeguards (e.g., Standard Contractual Clauses).

Consent records

We keep proof of consent, including timestamps, a truncated IP (/24 for IPv4 or /64 for IPv6), user-agent, and the policy version agreed to. Verification tokens are stored hashed.

5) International transfers & data residency

We aim to keep data in the EU where possible (e.g., Resend EU region, EU analytics). Email delivery and global networking may involve international data transit. For third-country processing we apply appropriate safeguards (e.g., SCCs).

6) Retention

Waitlist data: until you unsubscribe or 24 months after your last interaction — whichever comes first.
Marketing data: until you unsubscribe (withdraw consent). We may retain minimal suppression data (email + 'unsubscribed') to honor your opt-out.
Forms (feature requests, price feedback, contact): up to 12 months to follow up on your request; longer retention only where we have a legitimate interest (e.g., legal defence).
Server logs: typically ≤ 30 days.
Aggregated analytics: may be retained without personal identifiers.

7) Your rights

You can request access, rectification, erasure, restriction, data portability, and object to processing based on legitimate interests. Where processing is based on consent, you can withdraw consent at any time.

To withdraw consent, use the unsubscribe link in our emails or email privacy@fairsubs.com. For deletion requests, contact us at the same address.

You also have the right to lodge a complaint with your local supervisory authority.

8) Children

This site is not intended for children under 16.

9) Changes

We will update this Policy when we add features (e.g., accounts, paid plans). If changes are material, we will provide additional notice. The 'Last updated' date will always reflect the current version.

Policy version: 2025-10-16