Privacy Policy

How Track-Subs handles your data. Transparent, secure, and privacy-first.

📅 Last updated: March 28, 2026

Our privacy commitment: Track-Subs is built on a privacy-first philosophy. We use read-only email access, we never sell your data, we don't run tracking pixels, and we don't use cookies for advertising. Your subscription data belongs to you.

1. Who We Are

Track-Subs is operated by ALYAS GROUP. We are a subscription intelligence platform that helps people find, manage, and cancel recurring charges.

Contact: support@track-subs.com

Website: track-subs.com

2. What Data We Collect

Data type	What exactly	Why
Account info	Email address, name (if provided via OAuth), authentication provider	Account creation and login
Email metadata	Sender address, subject line, date, and billing-related snippets from subscription emails	Detect and classify subscriptions
Subscription data	Service name, price, billing cycle, renewal date, category, cancellation status	Core product functionality
Notification preferences	Email, phone number (optional), notification channels and timing	Send renewal reminders
Payment data	Paddle customer ID, subscription status, plan type	Manage Pro subscription billing
Usage data	Scan count, scan timestamps, features used	Enforce plan limits, improve the product

3. How We Access Your Email

Critical: Track-Subs requests read-only access to your Gmail or Outlook account. We cannot send, delete, modify, or forward your emails. This is enforced at the API level by Google and Microsoft.

3.1 What we read

Our AI scan engine searches your inbox for emails matching subscription-related patterns: receipts, invoices, billing confirmations, renewal notices, and payment confirmations from known services. We process:

Sender address and name
Email subject line
Email body content (to extract price, billing cycle, service name)
Email date

3.2 What we do NOT read

Personal conversations
Attachments (beyond checking if an invoice PDF exists)
Email drafts or sent mail
Contacts or calendar data

3.3 Email processing

Emails are processed in real-time during a scan. The full email content is not stored permanently. We extract only the structured subscription data (name, price, cycle, date) and discard the raw email content after processing. The extracted data is stored in your secure user profile.

3.4 Gmail API compliance

Track-Subs' use of the Gmail API adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Gmail data for providing and improving Track-Subs features directly requested by you.

4. How We Store Your Data

4.1 Infrastructure

Your data is stored on Supabase (built on PostgreSQL), hosted on secure cloud infrastructure. All data is encrypted at rest and in transit (TLS 1.2+).

4.2 Row-level security

Every database table uses Row-Level Security (RLS) policies. This means each user can only access their own data — not other users' subscriptions, scan results, or account information. Even if our application code had a bug, the database would still enforce isolation.

4.3 Authentication tokens

Gmail/Outlook access tokens are stored encrypted in the database. Refresh tokens are used to maintain your email connection without requiring you to re-authenticate. You can disconnect your email account at any time from Settings.

5. How We Use Your Data

We use your data exclusively for:

Subscription detection — scanning your email for recurring charges
Dashboard functionality — displaying your subscriptions, spending, and renewal dates
Renewal reminders — sending notifications before you're charged
Cancellation assistance — providing guides and auto-drafted cancellation emails
Savings tracking — calculating money saved from cancelled subscriptions
Product improvement — understanding usage patterns to improve features (aggregated, not individual)
Account management — billing, support, and communication about the Service

We will NEVER: Sell your data to third parties. Use your email content for advertising. Share your subscription list with anyone. Target you with ads based on your subscriptions. Give any third party access to your email.

6. Third-Party Services

Track-Subs uses the following third-party services to operate:

Service	Purpose	Data shared
Google (Gmail API)	Email scanning	OAuth tokens; Google accesses your email on our behalf
Supabase	Database, authentication	All stored data (encrypted, RLS-protected)
Paddle	Payment processing (Merchant of Record)	Email, payment method (handled entirely by Paddle — we never see your card number)
Resend	Email notifications	Your email address, notification content
Vercel	Frontend hosting	No user data — static file serving only
AI providers (Groq, Gemini, Mistral)	Subscription classification (Layer 2)	Anonymized email snippets for classification — no personal identifiers sent

7. Cookies and Tracking

Track-Subs uses zero tracking cookies and no third-party analytics. We do not use Google Analytics, Facebook Pixel, or any advertising trackers.

We use localStorage (browser-side only) for:

Theme preference (dark/light mode)
Session tokens (for authentication, managed by Supabase)

This data never leaves your browser and is not transmitted to any server.

8. Data Retention

Active accounts: Data is retained as long as your account is active.
Cancelled Pro subscriptions: Your data is preserved (you revert to Free plan). Nothing is deleted.
Account deletion: Upon request, we delete all your personal data within 30 days. This includes subscription records, scan history, notification settings, and connected account tokens.
Scan logs: Raw email processing logs are retained for 7 days for debugging, then automatically purged.

9. Your Rights

Depending on your jurisdiction, you have the right to:

Access — Request a copy of all data we hold about you
Rectification — Correct inaccurate data
Erasure — Request deletion of your data ("right to be forgotten")
Portability — Export your subscription data (CSV export is built into the app)
Restriction — Ask us to limit how we process your data
Objection — Object to certain processing activities
Withdraw consent — Disconnect your email or delete your account at any time

To exercise any of these rights, contact support@track-subs.com. We will respond within 30 days.

10. Data Security

We implement industry-standard security measures:

All data encrypted in transit (TLS 1.2+) and at rest
Row-Level Security on every database table
OAuth 2.0 for email access (no password storage)
Paddle handles all payment card data (PCI DSS compliant)
Regular security audits of our codebase and infrastructure
Access tokens rotated automatically via refresh token mechanism

No system is 100% secure. If we discover a data breach affecting your personal data, we will notify you and relevant authorities within 72 hours.

11. Children's Privacy

Track-Subs is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

12. International Data Transfers

Your data may be processed in countries outside your own (our infrastructure providers operate globally). We ensure appropriate safeguards are in place, including compliance with applicable data protection regulations.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent version.

14. Contact

For privacy questions, data requests, or concerns:

Email: support@track-subs.com
Website: track-subs.com