Last updated: April 12, 2026
SubDiet (subdiet.org) is operated as an individual business based in the Republic of Korea. For all privacy-related inquiries, contact us at contact@subdiet.org. As a small-scale operator processing minimal personal data, we are not required to appoint a Data Protection Officer (DPO) under GDPR Article 37 or Korean PIPA. However, all privacy inquiries are handled promptly at the contact address above.
SubDiet stores your preferences and subscription data locally in your browser using localStorage. Data stored locally includes: language preference, theme preference, subscription selections, Body Scan results, visit count, and cookie consent status. This data never leaves your device and is not transmitted to our servers.
When you purchase a digital product, we receive your email address and transaction confirmation from Polar.sh solely to fulfill your order. We do not maintain user accounts or store personal information on our servers beyond what is necessary for order fulfillment.
If you are in the EU/EEA, we process your data under the following legal bases per GDPR Article 6:
You may withdraw consent at any time by clearing cookies or adjusting your cookie preferences.
When you purchase a digital product (such as the AI Subscription Insight report), your payment is processed by Polar.sh, our Merchant of Record. Polar.sh collects and processes your payment details (credit card information, billing address) and email address. SubDiet does not directly collect, store, or have access to your full payment card details. We receive only your email address and transaction confirmation from Polar.sh to fulfill your order. For details on how Polar.sh handles your payment data, please refer to Polar.sh's privacy policy.
We use localStorage (not cookies) to save your preferences and subscription data — this is essential for site functionality and does not involve tracking. We do not use first-party tracking cookies.
Third-party services (Google Analytics, Microsoft Clarity) may set non-essential cookies for traffic analysis and session recording; these are only activated if you accept cookies via our consent banner. You can reject non-essential cookies through the cookie banner or manage them via your browser settings. Rejecting non-essential cookies does not affect the core functionality of SubDiet.
SubDiet integrates the following third-party services:
Each service operates under its own privacy policy. We do not sell, rent, or trade your personal information to any third party.
Your data may be processed outside your country of residence. Polar.sh (payment processing), Cloudflare (hosting), Google (analytics, fonts, advertising), and Microsoft (Clarity) operate globally and may transfer data to the United States or other countries. These transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards adopted by each provider. By using SubDiet and making purchases, you acknowledge these international data transfers.
Local data (preferences, subscription selections) is retained in your browser until you clear it manually via the Settings page or your browser's storage controls. Email addresses collected for order fulfillment are retained for up to 12 months for customer support purposes, then deleted. Payment and transaction records are retained by Polar.sh in accordance with their data retention policy and applicable financial regulations (typically 5-7 years for tax compliance).
Depending on your location, you have the following rights:
EU/EEA (GDPR): Right of access, rectification, erasure ("right to be forgotten"), data portability, restriction of processing, and objection to processing. You may also lodge a complaint with your local Data Protection Authority.
California (CCPA/CPRA): Right to know what personal information is collected and how it is used, right to delete, and right to opt-out of the sale of personal information. SubDiet does not sell your personal information.
South Korea (PIPA): Right to access, correct, delete, and suspend processing of your personal information under the Personal Information Protection Act. You may also file a complaint with the Personal Information Protection Commission (PIPC).
To exercise any of these rights, email contact@subdiet.org. For payment-related data held by Polar.sh, we will forward your request to Polar.sh on your behalf. We will respond to verified requests within 30 days (or sooner if required by applicable law).
SubDiet is not directed at children under 16 (or under 14 in South Korea per PIPA). We do not knowingly collect personal information from children. If you believe a child has provided personal data through a purchase, please contact us at contact@subdiet.org and we will promptly delete such information and process a refund if applicable.
We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. For material changes that significantly affect how we handle your personal data, we will provide prominent notice on our website. Continued use of SubDiet after changes constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy, wish to exercise your data rights, or need to file a complaint, please contact us at contact@subdiet.org. We aim to respond to all inquiries within 5 business days.