Legal documents
GDPR
Information for users in the European Economic Area and other regions with similar data-protection rules.
Updated: April 30, 2026
Controller and processors
SubSchool determines the purposes and means of processing data needed to operate the platform, while infrastructure, payment, communication, and support providers may act as data processors.
Legal bases
Processing may be based on contract performance, legitimate interest in security and service improvement, legal obligations, or user consent where consent is required.
GDPR rights
Users may request access, correction, deletion, data portability, restriction of processing, object to processing, or withdraw consent where processing is based on consent.
International transfers
If data is transferred outside the user region, SubSchool applies reasonable contractual and technical safeguards, including access restrictions and requirements for service providers.
Data requests
GDPR and personal-data requests can be sent through account support or the contacts listed on the contacts page. We may request identity verification before fulfilling a request.