Security & Privacy
How SubJolt protects your data, secures gateway credentials, and supports your privacy obligations.
How SubJolt Handles Your Data
SubJolt collects the minimum data needed to run your cancel flow and generate retention analytics. This includes cancellation reasons selected by subscribers, offer interaction data (which offers were presented, accepted, or declined), and subscriber identifiers used to match visitors against your payment gateway's records. SubJolt does not collect or store cardholder data — no card numbers, CVVs, expiry dates, or bank account details ever pass through our systems. Your payment gateway handles all financial transactions directly. Data is stored in a managed PostgreSQL database with encryption at rest and in transit. Access is scoped to your account — no other SubJolt customer can see your data, and our internal access is restricted to support and infrastructure operations. We retain cancellation event data for as long as your account is active.
Payment Gateway Credentials
SubJolt connects to your payment gateway using either OAuth tokens (Stripe, Shopify) or API keys (Chargebee, Recharge, Recurly). These credentials are stored server-side in our database, encrypted at rest, and never exposed to client-side code. The widget running on your site has no access to your gateway credentials — all gateway operations are executed through our server-side API. For OAuth gateways, SubJolt receives a scoped access token during the authorization flow. If the token is revoked from your gateway's dashboard, the connection breaks and you'll need to re-run the setup wizard to reconnect. For API key gateways, your key is validated during setup and stored server-side. If you rotate the key in your gateway dashboard, update it in SubJolt by re-running setup. There is no automated token refresh — if credentials expire, re-run setup to provide fresh ones.
Widget Security
The SubJolt widget loads via a script tag with the defer attribute, meaning it never blocks your page from rendering. It runs as an ES module, which provides its own scope — the widget's variables and functions don't leak into your page's global namespace and won't conflict with your existing JavaScript. No payment credentials or card data appear in the client-side code. Subscriber identifiers (subscription IDs, customer IDs) do pass through the client during identity resolution, since the widget needs to match the current visitor against your gateway's records. For Content Security Policy (CSP) compatibility, add the SubJolt script domain to your script-src directive. The widget makes API calls to SubJolt's servers over HTTPS only — no insecure connections are used. If your site enforces strict CSP rules, you may also need to allow the SubJolt API domain in your connect-src directive.
GDPR and Data Privacy
SubJolt supports your GDPR obligations as a data processor. We offer a Data Processing Agreement (DPA) for customers who need one — request it through the DPA page on our website. Our privacy policy details what data we collect, how it's stored, and your rights regarding that data. For data deletion requests, contact our support team. We can delete all cancellation event data, subscriber identifiers, and configuration data associated with your account. Deletion requests are processed promptly and cover all data in our primary database and any backups within our retention window. SubJolt does not sell or share your data with third parties. Analytics data is only visible to you and is used solely to power your dashboard and retention metrics. For details, review our privacy policy and DPA.
Security & Privacy FAQ
Have security questions?
Our team is happy to discuss security, privacy, and compliance in detail.