Software EngineeringMarketingSalesFinanceDesignHRCustomer ServiceData & AnalyticsAll Domains >

Cubbie Privacy Policy

Effective: May 7, 2026 · Last updated: May 7, 2026

This policy explains what personal information Cubbie collects, why, who we share it with, how long we keep it, and the rights you have. If you process personal data through Cubbie on behalf of others (for example, an enterprise managing employee subscription data), our Data Processing Addendum applies in addition to this policy.

1. Who we are

Cubbie is operated by 50Pros Inc., a Delaware corporation (“Cubbie,” “we,” “us”). For most personal information described in this policy, we act as the controller. For personal information processed on behalf of business customers (e.g., subscription data uploaded by an enterprise about its employees), we act as processor for that customer; the relevant DPA governs.

2. Information we collect

2.1 Information you give us

  • Account & profile. Name, email address, phone (optional), employer / organization, job title, profile photo, time zone, and authentication identifiers.
  • Identity verification. For Vendors, KYB documentation (legal entity, beneficial ownership), tax forms (e.g., W-9 / W-8), and bank / payout account details collected by our payment service providers.
  • Commercial information. Orders, contracts, refunds, disputes, credits, payouts.
  • Buyer-supplied data. Subscription registry entries, owner / cancellation contact emails, contracts you upload, RFP content, vendor relationship notes.
  • Reviews & product feedback. Ratings, written reviews, structured pros / cons / use case fields.
  • Communications. Emails, support tickets, in-product chat, and survey responses.

2.2 Information we collect automatically

  • Device & log data. IP address, browser, operating system, device type, referrer, pages viewed, timestamps, and approximate location derived from IP.
  • Usage events. Clicks, searches, navigation, feature interactions, and outcome states (e.g., onboarding milestones).
  • Cookies & similar technologies. Identifiers stored in cookies, localStorage, or tags. See Section 8.
  • Performance & reliability. Real User Monitoring (Web Vitals: LCP, INP, CLS), error reports, slow-query logs, and rate-limit events.

2.3 Information from third parties

  • Identity providers. If you sign in with Google, Microsoft, Okta, JumpCloud, or another IdP we support, we receive the profile fields you authorize and group / role data when applicable.
  • Connected systems. If you connect billing, accounting, or spend platforms (e.g., Stripe, NetSuite, QuickBooks, Brex, Ramp), we receive the data scopes you authorize.
  • Payment processors. Stripe (and any successor) processes card and bank details; we receive transaction metadata, tokenized identifiers, and risk signals — not full card numbers.
  • Public sources & data partners. Vendor catalog data, company firmographics, security and compliance signals, and public review data.

3. How we use information

We use information for the following purposes and on the legal bases shown:

PurposeExamplesLegal basis (GDPR)
Provide and operate the ServiceAccount creation, checkout, subscription management, search, AI advisorContract; legitimate interests
Improve and personalizeRecommendations, ranking, A/B tests, analyticsLegitimate interests; consent (where required)
Security and fraud preventionAuth, abuse detection, dispute review, audit loggingLegitimate interests; legal obligation
Compliance and reportingKYB / AML, tax (1099, sales / VAT), audit retentionLegal obligation
Marketing and communicationsLifecycle emails, newsletters, surveys, transactional noticesConsent (marketing); legitimate interests (transactional)
Customer supportTickets, escalations, account changesContract; legitimate interests

4. AI processing

Our AI advisor and other AI features process inputs and produce outputs using third-party foundation models (currently including Anthropic’s Claude family). We:

  • Send only the inputs needed for the requested feature.
  • Strip or redact obvious secrets where feasible (e.g., tokens, keys).
  • Do not authorize the model provider to train its foundation models on Buyer Content unless you opt in.
  • Apply per-organization budget caps to limit cost, scope, and abuse.
  • Log inputs, outputs, and metadata for security, debugging, abuse review, and audit.

5. How we share information

We share information in the following situations:

  • Vendors and Buyers. Information necessary to complete transactions (e.g., a Vendor sees the company name, contact, and order details for a Buyer who places an Order).
  • Service providers (sub-processors). Hosting, payment processing, email delivery, analytics, AI inference, observability, e-signature, and similar service providers, all under written contracts that limit their use of personal information.
  • Affiliates. Subsidiaries and corporate affiliates, under terms consistent with this policy.
  • Legal and safety. Where required by law, valid legal process, or to protect rights, safety, and property of Cubbie or others.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, with notice as required by law.
  • With your consent. Any other sharing you direct or authorize.

We do not sell personal information for monetary consideration. Some routine analytics or advertising vendor cookies may qualify as “sharing” or “selling” under certain U.S. state laws (e.g., the California Consumer Privacy Act as amended by CPRA); you can opt out via the cookie banner or the “Your Privacy Choices” link.

6. International data transfers

Cubbie is based in the United States. If you access the Service from outside the U.S., your personal information will be transferred to and processed in the U.S. and other countries where our service providers operate. For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (and the U.K. Addendum / Swiss equivalents where applicable), and apply additional technical and organizational measures where transfer impact assessments indicate they are warranted.

7. Retention

We retain personal information only as long as needed for the purposes described in this policy and to comply with our legal, accounting, and reporting obligations. Specific retention windows include:

  • Account records: for the life of the Account plus a reasonable wind-down window after closure.
  • Transaction and tax records: seven (7) years to satisfy financial and tax-reporting obligations.
  • Audit logs: at least one (1) year, longer where required for compliance.
  • Marketing preferences and opt-out lists: retained as long as you remain on or off lists.
  • Backups: rotated according to our backup policy and overwritten in due course.

8. Cookies and tracking

We use cookies and similar technologies in the following categories. You can manage these through the in-product cookie banner or browser settings. Disabling cookies may degrade some features.

CategoryPurposeExamples
Strictly necessaryAuthentication, session, security, load balancingSession cookies, CSRF tokens
FunctionalRemember preferences (locale, theme, dismissed banners)Locale cookies, dismissal flags
AnalyticsUsage measurement and improvementInternal RUM beacons; Google Analytics (when enabled)
AdvertisingAd attribution where you have opted inLinkedIn Insight Tag (when enabled)

9. Your rights

Depending on where you live, you may have the rights described below. To exercise a right, sign in to your Account and use the data export / deletion tools, or contact us at privacy@cubbie.com. We may verify your identity before responding and will respond within the time required by law.

9.1 EEA, U.K., and Switzerland

  • Access your personal data and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data (subject to legal retention requirements).
  • Restrict or object to processing based on legitimate interests.
  • Data portability for data you provided.
  • Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint with your supervisory authority.

9.2 California (CCPA / CPRA)

  • Know what personal information we collect, use, disclose, and (if applicable) sell or share.
  • Delete personal information, subject to exceptions.
  • Correct inaccurate personal information.
  • Limit use of sensitive personal information.
  • Opt out of sale or sharing — exercise via the cookie banner or by emailing us.
  • Non-discrimination for exercising rights.

We have not knowingly sold personal information of California consumers under 16 in the preceding 12 months.

9.3 Other U.S. state laws

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comparable laws have similar rights. We provide the same controls used for CCPA requests to residents of those states.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact privacy@cubbie.com.

11. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit (TLS) and at rest, access controls, audit logging, role-based permissions, secret-rotation tooling, and a tamper-evident audit chain for sensitive records. No system is perfectly secure; if you believe your Account has been compromised, contact security@cubbie.com.

12. Marketing communications

We send transactional emails (e.g., receipts, password resets, security alerts) without marketing-opt-in because they are necessary to operate the Service. For marketing emails, we rely on your consent or our legitimate interest as permitted by law and offer an unsubscribe link in every message. You can also manage preferences in your Account settings.

13. Third-party links

The Service may link to third-party websites and applications. We are not responsible for the privacy practices of those third parties. Review their privacy policies before providing personal information.

14. Changes to this policy

We may update this policy from time to time. If a change is material, we will provide reasonable advance notice (such as by email or in-product notice). The “Last updated” date at the top of this policy reflects the most recent changes.

15. Contact us

Questions, requests, and complaints can be sent to privacy@cubbie.com. For data processing on behalf of business customers, see our Data Processing Addendum. EEA / U.K. residents may identify a representative through the contact above.

© 2026 50Pros Inc. (operator of Cubbie). All rights reserved.

Privacy Policy | Cubbie