Privacy Policy

Last Updated: 13 May 2026
Effective Date: 13 May 2026

Introduction

Subtrack-App ("we", "us", or "our") is a subscription management application that helps users track, manage, and cancel their recurring subscriptions and free trials. We are committed to protecting and respecting your privacy and to providing clear information about the use of your data.

We are the data controller for the purposes of the personal data we collect via our website and application (together, the "Services"). We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

๐Ÿ“Œ Summary for UK Users: Subtrack-App is a UK-based subscription tracking service. We do not access your bank accounts, process payments directly (we use Stripe), or share your data with third parties for marketing purposes. We only collect the minimum data required to help you manage your subscriptions.

Definitions

For the purposes of this policy, the following definitions apply:

  • Personal Data: Any information relating to an identified or identifiable individual. This includes, for example, your name, email address, and subscription details you manually enter.
  • Service Data: Information you provide about your subscriptions, including service names, costs, renewal dates, billing cycles, categories, and free trial end dates.
  • Usage Data: Information about how you interact with our application, including pages visited, features used, and time spent on the platform.

Collection of Personal Data

When you use our Services, we collect personal data that you voluntarily submit to us. This includes:

  • Account Information: Your email address, name, and hashed password (we never store plain-text passwords).
  • Subscription Data: Service names, costs, billing cycles, renewal dates, categories, and any notes you add to your subscriptions.
  • Free Trial Data: Trial service names, trial end dates, and cancellation URLs you provide for tracking purposes.
  • Payment Information: If you upgrade to Subtrack-App Pro, payment details are collected and processed securely by Stripe. We do not store your full credit card details on our servers.
  • Shared Subscription Data: When you use the Shared Subscription Splitter (Pro feature), we store the service name, total cost, number of people sharing, and split amounts to provide you with calculation history.
  • User Contributions: When you use our "Report outdated price" feature, we collect the service name you select, your suggested corrected price, the billing cycle, and your account identifier (email address or user ID). This data is used solely to improve the accuracy of our subscription pricing database for all users.

Unlike financial management apps, Subtrack-App does not access your bank accounts or use open banking. All subscription information is manually entered by you.

Email Scan Feature (Gmail & Outlook)

Subtrack-App offers an optional Email Scan feature that can detect subscription-related emails in your inbox. This feature requires you to explicitly connect your email account via OAuth.

How It Works

  • Gmail: You authorise Subtrack-App via Google OAuth with read-only access to your Gmail. We use the Gmail API to scan for subscription receipts, invoices, and renewal notices. We request only the gmail.readonly scope โ€” we cannot send, delete, or modify your emails.
  • Outlook/Microsoft: You authorise Subtrack-App via Microsoft OAuth with read-only access to your Outlook mail. We use the Microsoft Graph API (Mail.Read scope) to perform the same detection.

What We Store

  • We store an OAuth token to enable scanning. This token is encrypted and can be revoked by you at any time via your Google or Microsoft account settings, or by clicking "Disconnect" in Subtrack-App.
  • We do not store the content of your emails on our servers. Only detected subscription metadata (service name, amount, date, confidence score) is extracted and displayed to you.
  • We do not read, access, or scan personal emails. Our detection algorithm only looks for patterns matching subscription receipts and invoices.

Your Control

  • Email scanning is entirely optional. You can use all other Subtrack-App features without connecting any email account.
  • You can disconnect your email at any time, which immediately revokes our access and deletes the stored OAuth token.
  • You can also revoke access directly from your Google Account or Microsoft Account security settings.

How We Use Your Personal Data

Your personal data is used for the purposes described in this policy, including to:

  • Provide and manage your account and our services
  • Process your Pro subscription payments via Stripe
  • Send you renewal reminders and free trial expiration notifications
  • Display your subscription analytics and health score
  • Provide savings opportunities, overlap detection, and spending forecasts based on your subscription data and our pricing database
  • Provide the Cancel Assistant feature to help you cancel unwanted subscriptions
  • Provide the Email Scan feature to detect subscriptions from your inbox (when connected)
  • Provide the Shared Subscription Splitter to calculate fair cost divisions
  • Maintain and improve the accuracy of our subscription pricing database using user-submitted price reports
  • Improve and customise our application and services
  • Monitor for and prevent fraudulent activity
  • Track and fix technical errors via Sentry error monitoring
  • Comply with legal and regulatory requirements

Legal Bases for Processing

Subtrack-App processes your personal data only where it has a lawful basis to do so, as required under the UK GDPR and Data Protection Act 2018. The legal bases we rely on are:

  • Contract: To provide you with our services and fulfil our obligations to you.
  • Legal Obligation: To comply with applicable laws and regulatory requirements.
  • Legitimate Interests: To operate and improve our services, provided these interests do not override your rights and interests.
  • Consent: Where required, we will seek your explicit consent (for example, for connecting your email account via OAuth, or for optional marketing communications). You may withdraw your consent at any time.

Automated Decision Making and Profiling

Subtrack-App uses limited automated processing to enhance your experience:

  • Subscription Health Score: We automatically calculate a health score (0-100) based on your monthly spend, number of subscriptions, and category diversity compared to UK averages.
  • Savings Opportunities: We automatically compare your monthly subscriptions against our pricing database to identify potential savings from switching to annual billing.
  • Category Overlap Detection: We automatically identify when you have multiple subscriptions in the same category to help you spot potential duplication.
  • Email Scan Detection: When connected, our algorithm automatically scans for subscription-related emails and assigns confidence scores to detected subscriptions.
  • Renewal Reminders: Automated emails are sent based on renewal dates you provide.
  • Free Trial Expiry Alerts: Automated notifications are sent before your free trials end.

These automated processes do not produce legal or similarly significant effects. They are designed solely to provide helpful insights about your subscription habits.

Data Retention Schedule

  • Active Accounts: Data retained while your account remains active.
  • Deleted Accounts: Upon account deletion, all personal data is permanently deleted within 30 days of your request.
  • Inactive Accounts: We may delete accounts that have been inactive for more than 2 years, after providing reasonable notice.
  • Backup Archives: Encrypted backups are retained for a maximum of 30 days and are not publicly accessible.
  • OAuth Tokens: Stored only while your email account is connected. Deleted immediately upon disconnection.
  • Price Reports: Retained for up to 12 months, then anonymised.

Deletion of Personal Data

You can delete your account and all associated data at any time using the "Delete Account" feature in your Settings page. Alternatively, email us at privacy@subtrack-app.com.

Your data will be deleted within 30 days of your request. You will receive confirmation once the deletion process is complete.

๐Ÿ” Important Note: If you have an active Pro subscription, we may need to retain certain transaction records for tax and accounting purposes for up to 7 years, as required by UK law.

Disclosure of Personal Data

Essential Service Providers:

  • Stripe, Inc.: Payment processing for Pro subscriptions. Stripe's Privacy Policy
  • Resend: Email delivery for account verification, password resets, renewal reminders, and free trial notifications. Resend's Privacy Policy
  • Sentry: Error tracking to identify and fix technical issues. Only technical error data is collected. Sentry's Privacy Policy
  • Google: Gmail API access (only when you explicitly connect your Gmail account via OAuth). Google's Privacy Policy
  • Microsoft: Microsoft Graph API access (only when you explicitly connect your Outlook account via OAuth). Microsoft's Privacy Policy
  • Cloud Infrastructure Provider: Our application and database are hosted on secure servers located within the UK.

We DO NOT: Sell your personal data to third parties, share your data with advertisers or data brokers, or use your subscription data for any purpose other than providing the Subtrack-App service.

Keeping Your Personal Information Secure

Security measures include:

  • Passwords hashed using bcrypt (industry standard, never stored in plain text)
  • OAuth tokens encrypted at rest
  • All connections encrypted via TLS 1.2+ (HTTPS)
  • Regular security updates and vulnerability patches
  • Database backups encrypted at rest
  • Access restricted to authorised personnel only
  • Rate limiting to prevent brute force attacks

Your Rights Under UK GDPR

  • Right to be Informed: To know how we collect and use your data (as outlined in this policy).
  • Right of Access: To request a copy of the personal data we hold about you.
  • Right to Rectification: To correct inaccurate or incomplete data.
  • Right to Erasure: To request deletion of your data.
  • Right to Restrict Processing: To restrict how your data is used.
  • Right to Data Portability: To receive your data in a portable format.
  • Right to Object: To object to our use of your data.
  • Rights Related to Automated Decision Making: To challenge and request human review of significant decisions made solely by automated means.

To exercise any of these rights, email us at privacy@subtrack-app.com. We will respond within one month.

Should you be dissatisfied, you have the right to file a formal complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

Cookies Policy

Subtrack-App uses essential cookies for authentication and security. With your consent, we may also use analytics cookies. For full details, see our Cookie Policy.

Children's Privacy

Our service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13.

International Data Transfers

We store all primary user data within the United Kingdom. Some essential service providers may process data in the United States under appropriate safeguards including Standard Contractual Clauses (SCCs).

Changes To This Policy

If we change this policy, we will post the revised policy here with an updated effective date. Significant changes may be notified by email or in-app notice.

Contact Us

We aim to respond to all privacy-related inquiries within 2 business days.

By continuing to use Subtrack-App, you acknowledge that you have read and understood this Privacy Policy.