Subloop

Privacy

Keys are used once and never stored.

When you run a Ghost report, Subloop uses the Admin API key from a dedicated Ghost custom integration only for that report request. Ghost does not offer read-only Admin keys, so you can delete that integration right after the report to revoke access completely. The key is not saved, returned, or logged.

Report data is not retained unless you explicitly consent to share an anonymized snapshot for benchmarking and product learning. Without that consent, the report is generated for the session and no raw member rows are kept.

Early-access form submissions are used to understand which platforms creators want next and to follow up when that platform is ready.

Your subscribers' emails

Member emails are used only to match signups to payments inside the analysis. They are never retained after the report, never visible to anyone, never used to contact your subscribers, and never included in anonymized benchmarks.

Concierge runs (CSV exports)

Same rules as API runs: your export is used for the one analysis and deleted after the run. Ask and we'll confirm deletion in writing.

Where processing happens, and your rights

Subloop runs on US-hosted infrastructure (Railway and Vercel). If your audience includes EU or UK residents, you're the controller and Subloop acts as your processor — we'll sign a standard data-processing agreement (DPA) before your run, just ask. For California, Subloop operates as a service provider and does not sell or share personal information. Deletion requests: sam@getsubloop.to, honored and confirmed.

Effective: July 2026. If this policy changes, the date changes with it.

Back to Subloop