Privacy Policy

SubSee is a privacy-first subscription tracker. We are committed to protecting your personal information and being transparent about how we use it.

This Privacy Policy explains what data we collect, why we collect it, and how we protect it. By using SubSee you agree to this policy.

Account data: your name and email address, obtained via Google OAuth when you sign in.

Gmail access token: a short-lived OAuth token that allows SubSee to read your Gmail on your behalf. This token is stored encrypted and is only used to scan for subscription-related billing emails.

Subscription metadata: service name, billing amount, currency, billing cycle, and renewal dates — extracted from your emails by our AI parser.

Scan history: timestamps and counts of past scans, used to enforce daily scan limits.

We do NOT store the full content of your emails. Email bodies are processed in-memory by our AI model and immediately discarded — only the extracted subscription metadata is persisted.

To provide the core service: detecting, tracking, and displaying your active subscriptions.

To send you alerts: trial-ending reminders and annual-renewal notices via email (you can disable these in Settings).

To improve SubSee: aggregated, anonymized usage metrics may be used to improve features. We never sell individual data.

We do not use your data for advertising. We do not share your data with third parties for marketing purposes.

SubSee's use of Gmail data is limited to the readonly scope (https://www.googleapis.com/auth/gmail.readonly). We only read emails — we never send, delete, or modify any messages.

SubSee's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Gmail email content is never stored on our servers. It is fetched, processed in-memory to extract subscription metadata, and immediately discarded.

You can revoke SubSee's Gmail access at any time from your Google Account permissions page.

Your data is stored in Supabase (PostgreSQL), hosted in the EU region. Row-level security (RLS) policies ensure that each user can only access their own data.

OAuth tokens are stored encrypted at rest. We use industry-standard encryption in transit (TLS 1.2+).

We follow the principle of least privilege — only the service layer (not the public API) has write access to your subscription data.

We retain your data for as long as your account is active.

You can delete your account and all associated data at any time from Settings → Danger Zone. Deletion is permanent and irreversible.

OAuth tokens are automatically refreshed when they expire. Revoking access in Google removes our ability to scan new emails, but does not delete already-stored subscription metadata — use the in-app deletion for that.

Google OAuth — for authentication and Gmail access. Subject to Google's Privacy Policy.

Anthropic (Claude API) — email snippets are sent to Claude for subscription classification. Anthropic does not train on API data by default. See Anthropic's Privacy Policy for details.

Supabase — for database hosting. See Supabase's Privacy Policy.

Resend — for sending alert emails. Email addresses are shared only to deliver alerts you've opted into.

Vercel — for hosting and edge functions. See Vercel's Privacy Policy.

Access: you can view all stored subscription data in your dashboard at any time.

Deletion: delete your account and all data from Settings → Danger Zone.

Portability: contact us to export your data in JSON format.

Correction: scan again or contact us to correct inaccurate subscription data.

If you are in the EU/EEA, you have additional rights under GDPR. Contact us at privacy@subsee.app to exercise them.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before they take effect.

The "Last updated" date at the top of this page reflects the most recent revision.

If you have questions or concerns about this Privacy Policy, please contact us at privacy@subsee.app.