SUBLAKE Holdings LLC ("SUBLAKE", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business automation platform.
1. Introduction
This Privacy Policy applies to all information collected through our website (sublake.com), our application platform, and any related services, sales, marketing, or events (collectively, the "Service").
By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. We will not use or share your information with anyone except as described in this policy.
3. Google User Data
Google API Services Disclosure
SUBLAKE's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
When you connect your Google account to SUBLAKE, we access the following data:
- Gmail: Email messages to enable AI-powered email responses, contact extraction, and inbox management
- Google Calendar: Calendar events for scheduling, appointment management, and availability detection
- Google Business Profile: Reviews and business information for automated reputation management
How we use Google data: We use Google data solely to provide our AI automation services to you. We do not sell, share, or use Google user data for advertising purposes. We do not use Google user data to train general-purpose AI models.
Data retention: Google user data is retained only as long as necessary to provide our services or as required by applicable law. You can revoke access and request deletion at any time.
4. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process transactions and manage your subscription
- Power AI features including automated responses, contact enrichment, scheduling, and marketing campaigns
- Personalize your experience and improve our platform
- Communicate with you about your account, updates, and promotions (with consent)
- Respond to your support requests and inquiries
- Monitor and analyze usage patterns to improve performance and security
- Detect, investigate, and prevent fraudulent or unauthorized activities
- Comply with legal obligations and enforce our Terms of Service
5. AI Data Processing
SUBLAKE uses artificial intelligence to process your business communications and data. This includes:
- Contact Extraction: AI analyzes incoming messages to identify and create contact records
- Sentiment Analysis: Messages are analyzed for tone and urgency to prioritize responses
- Response Generation: AI generates suggested replies based on conversation context and your business information
- Engagement Scoring: Customer interactions are scored to identify high-value relationships and churn risk
AI Data Use Commitment
Your business data is never used to train general-purpose AI models. AI processing is performed exclusively within your account context to provide personalized services to you.
6. Information Sharing
We do not sell your personal information. We may share your information only in these limited circumstances:
- Service Providers: With trusted third parties who assist us in operating the Service (hosting, payments, analytics), bound by strict data protection agreements
- AI Processing: With our AI infrastructure provider (Anthropic) to process your data — subject to their enterprise data protection terms that prohibit training on customer data
- Legal Requirements: When required by law, subpoena, or government request
- Safety: To protect the rights, property, or safety of SUBLAKE, our users, or the public
- Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
- With Your Consent: In any other circumstance where you provide explicit consent
7. Data Security
We implement enterprise-grade security measures to protect your information:
Encryption
- All data encrypted in transit using TLS 1.3
- All data encrypted at rest using AES-256 encryption
- OAuth tokens encrypted with AES-256 before storage
- Database connections secured with SSL certificates
Infrastructure
- Hosted on SOC 2 Type II certified cloud providers (AWS, Supabase, Railway)
- Designed for high availability with redundant systems
- Automated database backups with point-in-time recovery
- Geographically distributed data centers via our cloud providers
Access Controls
- Role-based access control (RBAC) for all data
- Row-level security (RLS) ensuring workspace isolation
- Multi-factor authentication (2FA) support
- Principle of least privilege for internal access
- Comprehensive audit logging of all data access
Monitoring & Response
- Continuous security monitoring of authentication and authorization events
- Defined incident response process with internal escalation procedures
- Webhook verification using HMAC-SHA256 signatures
- Immutable audit logs for security-relevant events
Compliance Posture
SUBLAKE is built to align with the following frameworks. Specific certifications and BAAs are available for customers that require them — please contact us for our latest compliance documentation.
GDPR
EU data protection rights respected
CCPA
California privacy rights respected
HIPAA-ready
BAA available for healthcare customers
SOC 2
Hosted on SOC 2 Type II cloud providers
8. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:
- Account data: Retained while your account is active, plus 30 days after deletion
- Business data (CRM, messages): Retained while your account is active; exportable upon termination
- Usage analytics: Aggregated and anonymized after 24 months
- Server logs: Retained for 90 days for security and debugging
- Billing records: Retained as required by tax law (typically 7 years)
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of your personal data in a portable format
- Correction: Update or correct inaccurate personal information
- Deletion: Request permanent deletion of your personal data
- Restriction: Limit how we process your data in certain circumstances
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests or direct marketing
- Withdraw Consent: Revoke consent for optional data processing at any time
- Non-Discrimination: Exercise your rights without penalty or reduced service quality
To exercise any of these rights, contact us at contact@sublake.com. We will respond within 30 days (or sooner where required by law).
10. International Data Transfers
Our servers are located in the United States. If you are accessing the Service from outside the US, your information may be transferred to, stored, and processed in the US. We protect international transfers through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements (DPAs) with all sub-processors
- EU-US Data Privacy Framework certification (where applicable)
11. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.
12. Policy Changes
We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by email and by posting the updated policy on our website at least 30 days before the changes take effect.