Privacy Policy
Effective Date: 24/11/2025
1. Our approach to privacy
1.1 Subtraid Inc. (“Subtraid “, “we“, “our“, or “us“) is committed to protecting your privacy. This privacy policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you (“personal information“) and information regarding our use of cookies and similar technologies.
1.2 Subtraid operates a cloud-based surety and bond management solution available via our websites (our “Websites”) including at https://insurance.subtraid.com/ as well as other products and services that we make available (the “Subtraid Service”).
1.3 This privacy policy applies to the Subtraid Service.
1.4 Before accessing or using the Subtraid Service, please ensure that you have read and understood our collection, storage, use and disclosure of your personal information as described in this privacy policy. By accessing or using the Subtraid Service, you are accepting and consenting to the practices described in this privacy policy.
2. Our role as Data Controller and Data Processor
2.1 This Privacy Policy applies to the data for which Subtraid is the Data Controller. This includes information we collect to manage your account (such as Administrator contact details and billing information) and data we collect on our marketing websites.
2.2 This Privacy Policy does not apply to the "Content" (as defined in our Terms of Service) that our Subscribers (and their Authorized Users and Registered Clients) upload into the Subtraid Service. For this data, the Subscriber is the Data Controller, and Subtraid is the Data Processor.
2.3 Subtraid will process this "Customer Data" only on the written instruction of the Subscriber, as outlined in our Terms of Service and Data Processing Addendum (Exhibit B). If you are a Registered Client, you must contact the Subscriber (the organization that invited you to the Service) to exercise any of your data rights (such as a request for access or deletion).
3. Personal information we collect about you and how we use it
3.1 Information you give to us. We collect personal information about you when you voluntarily submit information directly to us by filling in forms on our Website or by corresponding with us by phone, email or other means. This includes information you provide when you register to use our Website, subscribe to the Subtraid Service, participate in any discussion boards, forums or other social media functions on our site or enter a competition, promotion or survey and when you report a problem with our Website, or use some other feature of the Subtraid Service as available from time to time.
3.2 If you choose not to provide personal information, we may not be able to provide the Subtraid Service to you or respond to your other requests.
3.3 Information we receive from other sources. We may receive personal information about you from individuals or corporate entities which are subscribers to the Subtraid Service (“Subscribers“) where you are to be designated a user of the Subtraid Service. We may receive personal information about you if you use any of the other websites we operate or the other services we provide from time to time. We also work closely with third parties (including, for example, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them, subject to your agreements with them.
3.4 The table at Annex 1 below sets out the categories of personal information you provide to us and that we receive from other sources and how we use that information. The table also lists the legal basis which we rely on to process the personal information and information as to how we determine applicable retention periods.
3.5 We also automatically collect personal information about you indirectly about how you access and use the Subtraid Service and information about the device you use to access the Subtraid Service.
3.6 The table at Annex 2 sets out the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information and information as to how we determine applicable retention periods.
3.7 We may link or combine the personal information we collect and/or receive about you and the information we collect automatically. This allows us to provide you with a personalized experience regardless of how you interact with us.
3.8 We may anonymize and aggregate any of the personal information we collect (so that it does not identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, improving the Subtraid Service and developing new products and features. We may also share such anonymized information with others.
4. Disclosure of your personal information
4.1 We may share your personal information with any member of our group, which includes our subsidiaries. We will not share your personal information with any third parties except as described in this privacy policy or in connection with the Service. We may share your information with selected third parties, including:
Business partners, vendors, suppliers, and subcontractors who perform services on our behalf (these companies are authorized to use your personal information only as necessary to provide these services to us);
Analytics and search engine providers that assist us in the improvement and optimization of our Website;
Payment processors for the purpose of fulfilling relevant payment transactions;
4.2 In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet law enforcement requirements.
We may disclose personal information in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of service and other agreements; or to protect the rights, property, or safety of Subtraid, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
4.3 Publicly accessible blogs. Our Website includes publicly accessible blogs or community forums. Any information you provide in these areas may be read, collected and used by others who access them. This includes information posted on our public social media accounts. To request removal of your personal information from our blog or community forum, contact us at privacy@subtraid.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
4.4 Testimonials. With consent, we may display personal testimonials of satisfied customers on our site, along with other endorsements. If you wish to update or delete your testimonial, you can contact us at privacy@subtraid.com.
4.5 We may disclose personal information to third parties in connection with a business transaction. Personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership that impacts the use of your personal information, as well as any choices you may have regarding your personal information.
5. Marketing and advertising
5.1 From time to time we may contact you with relevant information about the Subtraid Service and our other products and services. Most messages will be sent electronically. For some messages, we may use personal information we collect about you to help us determine the most relevant information to share with you.
5.2 If you do not want to receive such messages from us, you will be able to follow the unsubscribe link at the bottom of our emails.
6. Storing and transferring your personal information
6.1 Security. Subtraid has implemented administrative, technical, and physical safeguards to protect its and its customers’ information. We have given you (or where you have chosen) a password which enables you to access certain parts of our Service, you are responsible for keeping this password confidential. Subscribers should not share their password with anyone.
6.2 While no transmission of information via the internet is completely secure, we take reasonable measures to protect your personal information. We cannot guarantee the security of your personal information transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
6.3 International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the European Union (“EU“) or the United Kingdom (“UK”, your personal information may be processed outside of the EU including in the United States; these international transfers of your personal information are made pursuant to appropriate safeguards, and, we will take suitable steps to ensure that your personal data is treated just as safely and securely as it would be within the EU and under the General Data Protection Regulation (“GDPR”) or the UK General Data Protection Regulation (“UK GDPR”). Such measures shall include, but are not limited to, having Data Processing Agreements with applicable subprocessors and ensuring that such subprocessors have adequate security and data protection procedures in place aligned with the GDPR or any other applicable data protection law. For a list of subprocessors, please see Subtraid Authorized Subprocessors.
If you wish to inquire further about these safeguards used, please contact us using the details set out at the end of this policy.
7. Retaining your information
7.1 We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements.
7.2 To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.
8. Your rights in respect of your personal information
8.1 In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:
Right of access and portability. The right to obtain access to your personal information along with certain information, and to receive that personal information in a commonly used format and to have it ported to another data controller.
Right to rectification. The right to obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete.
Right to erasure. The right to obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you or the sale of your personal information for a period enabling us to verify the accuracy of that personal information.
Right to object. The right to object, on grounds relating to your particular situation, to the processing of your personal information, and to object to the processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing.
Right to non-discrimination.. The right to non-discrimination for exercising your rights as outlined in this policy. This includes, but is not limited to, denying you goods or services, charging you different prices for similar services, or providing a different level or quality of service.
8.2 If you wish to exercise any of these rights, you may do so by contacting us at any time at privacy@subtraid.com. Upon request, we will provide you with information about whether we hold any of your personal information. We may request that you verify your identity prior to transferring personal information. You may also access, correct or request deletion of your personal information by logging into your Subtraid Service account. We will respond to your request within 30 days.
8.3 Subtraid does not sell personal information shared by you. Subtraid has not sold personal information shared by you in the 12 months preceding the modification date for this policy. All use of personal information is done for the delivery, use, and improvement of the Service, as listed in 3.1.
8.4 If you reside in the EU or UK, Subtraid is the Data Controller (as defined in Section 2.1) of your personal information for purposes of EU or UK data protection legislation. You also have the right to lodge a complaint to your local data protection authority. Information about how to contact your local data protection authority is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK residents may lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/data-protection-complaints/.
9. Cookies and similar technologies
9.1 Our Service uses cookies and similar technologies (collectively referred to as cookies) to distinguish you from other users of our Service. This helps us to provide you with good service. This helps us enhance and personalize your user experience, to monitor and improve our Website and services, and for other internal purposes. As is true of most websites, we gather certain information automatically. This information we may collect is described in detail in Annex 2 below.
9.2 We use the following types of cookies:
Strictly necessary cookies. These cookies are required for the essential operation of our Service such as to authenticate you and prevent fraudulent use.
Analytical/performance cookies. These cookies allow us to recognize and count the number of visitors and to see how visitors move around our Service when they are using it. This helps us to improve the way our Service works, for example, by ensuring that you can find information easily.
Functionality cookies. These cookies are used to recognize you when you return to our Service. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our Service, the pages you have visited and the links you have followed. We will use this information to make our Service and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
9.3 Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
9.4 You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our site.
9.6 Social Media. Our Website includes social media features, such as Facebook Like button and widgets such as the Share button. These features may collect your IP address, which page you are visiting on our Website, and may set a cookie to enable the feature to function properly. Social media features and widgets are hosted on our site or by a third party, and your interactions with these features are governed by the privacy policy of the company providing it.
10. Links to third party sites
10.1 The Subtraid Service may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
10.2 Some of the pages on our Website may utilize framing techniques to serve content to/from our partners while preserving the look and feel of our Website. Please be aware that you are providing your personal information to these third parties and not to Subtraid.
11. Our policy towards children
11.1 The Subtraid Service is not directed at persons under 18 and we do not intend to collect personal information from children under 18 in our capacity as a controller. If you become aware that a child has provided us with personal information without appropriate consent, then please contact us using the details below so that we can take the appropriate steps in accordance with our legal obligations and this privacy policy.
12. Changes to this policy
12.1 We may update this privacy policy from time to time and so you should review this page periodically. When we change this privacy policy in a material way, we will update the “last modified” date at the end of this privacy policy. Changes to this privacy policy are effective when they are posted on this page.
13. Notice to you
13.1 If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Website. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this privacy policy.
14. Contacting us
14.1 Regardless of your location, any questions, comments, and requests regarding this privacy policy are welcome and should be addressed to our Data Protection Officer, [insert name], at privacy@subtraid.com. Communication can also be addressed to:
Subtraid Inc.
29 Queensbury Avenue, Scarborough, Ontario, M1N 2X8
Annex 1 – Personal information we collect
All disclosures listed below are made with service providers only and done in accordance with Subtraid’s Terms of Service and Privacy Policy respectively.
| Category of Personal Information | How we use it | Legal Basis for Processing | CCPA Categorization | Previous 12-Month Disclosures |
|---|---|---|---|---|
| Contact information and basic personal details | Communicating with you; sending statements, alerts, and marketing communications; customer service requests; operating and providing features of the Subtraid Service. | Legitimate interests (communication & marketing); performance of contract; compliance with legal requirements (ID verification). | Identifiers | Yes |
| Email account username & password | Importing contacts from your email provider to invite them to Subtraid. | Performance of contract (Terms of Service). | Identifiers | Yes |
| Correspondence & comments | Addressing questions, issues, and customer service concerns. | Legitimate interests (support & communication). | Audio/electronic information | Yes |
| Payment information | Facilitating payments; detecting and preventing fraud. | Performance of contract; legitimate interests (fraud prevention). | Customer Records Statute information | Yes |
| Recruiting details | Assessing suitability for roles with Subtraid. | Legitimate interests (recruitment). | Employment / Education information | Yes |
| Basic business & financial information | Providing workflows, generating application forms, and financial analysis. | Performance of contract; legitimate interests (platform operation & improvement). | Customer Records Statute information | Yes |
| Business operation & non-financial information | Providing workflows for generating applications and financial analysis. | Performance of contract; legitimate interests. | Customer Records Statute information | Yes |
| All personal information above | Operating, maintaining, analysing, improving, and securing the Subtraid Service; internal analytics; product development. | Legitimate interests (administer & improve the Subtraid Service). | Commercial information | Yes |
Annex 2 – Personal information collected automatically
| Category of Personal Information | How we use it | Legal Basis for Processing | CCPA Categorization | Previous 12-Month Disclosures |
|---|---|---|---|---|
| Information about how you access and use the Subtraid Service |
Monitor how the service is used and conduct market analysis; improve our business and develop new products and services; generate marketing leads and determine news, alerts, and other products and services that may be of interest to you. |
Legitimate interests, namely to conduct relevant analysis to improve the Subtraid Service generally and for marketing purposes. |
Geolocation information; Internet activity; Inferences about personal preferences and attributes. |
Yes |
| Information about your device |
Enable the Subtraid Service to be presented on your device; operate, maintain, and provide features and functionality; monitor and improve the Subtraid Service and business and help develop new products and services. |
Performance of a contract (our Terms of Service); legitimate interests, namely tailoring and improving the Subtraid Service generally. |
Internet or other electronic network activity information | Yes |