Privacy Policy

1. Introduction

Welcome to SubTrack ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our subscription tracking application and related services (collectively, the "Service").

By using SubTrack, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address used for authentication via magic link sign-in
• Subscription Data: Names, prices, renewal dates, and categories of subscriptions you manually add to track
• User Preferences: Reminder settings, notification preferences, and display preferences

2.2 Information Collected Automatically

• Usage Data: How you interact with the Service, features used, and actions taken
• Device Information: Browser type, operating system, and device identifiers
• Log Data: IP address, access times, and pages viewed

2.3 Information from Third-Party Services

If you choose to connect your Gmail account, we access your email data solely to scan for subscription-related emails. We use Google OAuth 2.0 for secure authentication. We only read email metadata and content necessary to identify subscriptions. We do not store your full email content—only extracted subscription information (service name, price, dates).

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Send you subscription renewal reminders via email
• Authenticate your identity and maintain your account security
• Scan connected email accounts to automatically detect subscriptions (with your permission)
• Analyze usage patterns to improve user experience
• Respond to your requests and provide customer support
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party services that help us operate the Service (e.g., email delivery via Resend, hosting via Render)
• Legal Requirements: When required by law, court order, or governmental authority
• Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you would be notified)

5. Google API Services User Data Policy

SubTrack's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request access to Gmail data necessary for the subscription scanning feature
• We do not use Gmail data for advertising purposes
• We do not share Gmail data with third parties except as necessary to provide the Service
• We do not allow humans to read your emails unless required for security purposes, investigating abuse, or complying with applicable law
• You can revoke Gmail access at any time through your Google Account settings or within SubTrack

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using HTTPS/TLS
• Secure authentication using magic links (no passwords stored)
• OAuth 2.0 for third-party service connections
• Regular security assessments and updates
• Limited access to personal data by authorized personnel only

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain certain information for legal or legitimate business purposes.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a machine-readable format
• Withdraw Consent: Withdraw consent for data processing at any time
• Opt-out: Opt out of receiving marketing communications

To exercise these rights, please contact us at the email address provided below.

9. Cookies and Tracking

We use essential cookies and local storage to maintain your session and preferences. We do not use third-party tracking cookies or advertising cookies. You can configure your browser to refuse cookies, but this may limit your ability to use certain features of the Service.

10. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our website: