Privacy Policy

Last updated: February 23, 2026

1. Who We Are

sub-gone ("we," "us," or "our") is a subscription tracking web application operated by sub-gone. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services at sub-gone.com (the "Service").

For privacy-related inquiries, contact us at sub-gone@protonmail.com.

2. Information We Collect

sub-gone is designed with a local-first architecture. By default, your data is stored entirely on your device in your browser's local storage (IndexedDB). We do not have access to locally stored data unless you explicitly opt in to cloud sync.

2.1 Data You Provide Directly

  • Account information: Email address and password when you create an account.
  • Subscription records: Service names, prices, billing cycles, start dates, payment dates, status, and notes you enter about your subscriptions.
  • Usage ratings: Star ratings (1–5) you assign to your subscriptions.
  • Preferences: Monthly budget, currency preference, and other settings you configure.
  • Payment information: When you purchase the paid tier, payment details are collected and processed by Stripe (see Section 6). We do not receive or store your full credit card number.

2.2 Data Generated by the Service

  • Spend snapshots: Monthly aggregated totals derived from your subscription data, used to display spending trends.
  • Subscription events: Timestamped records of changes to your subscriptions (e.g., price changes, cancellations), used for your personal history.
  • Sync queue metadata: If you enable cloud sync, timestamps and record identifiers are generated to synchronize data between your devices.

2.3 Data We Do Not Collect

  • We do not use third-party analytics or advertising trackers.
  • We do not collect browsing history, IP addresses for profiling, or device fingerprints.
  • We do not access your actual subscription accounts with third-party services. All subscription information is entered manually by you.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Display your subscriptions, calculate spending insights, detect overlapping services, and generate savings recommendations.
  • Authentication: Verify your identity and maintain your session.
  • Cloud sync: If you opt in, synchronize your data across devices.
  • Process payments: Complete your one-time purchase through Stripe.
  • Communicate with you: Respond to support requests or send essential service notices (e.g., changes to these terms). We do not send marketing emails unless you opt in.
  • Improve the Service: Diagnose technical issues and improve reliability. We do not use your personal subscription data for this purpose.

4. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

  • Performance of a contract (Article 6(1)(b)): Processing your account information, subscription data, preferences, and payment data is necessary to provide the Service you signed up for.
  • Consent (Article 6(1)(a)): Cloud sync is optional and activated only with your explicit consent. You may withdraw consent at any time by disabling cloud sync in Settings.
  • Legitimate interest (Article 6(1)(f)): We may process limited technical data (e.g., error logs) to maintain service reliability and security, where our interest does not override your rights.

5. Data Storage and Security

5.1 Local Storage

By default, all your subscription data, preferences, and snapshots are stored in IndexedDB within your browser. This data remains on your device and is not transmitted to our servers. We do not have access to locally stored data.

5.2 Cloud Storage

If you enable cloud sync, your data is transmitted over TLS (encrypted in transit) and stored in a Supabase-hosted PostgreSQL database with encryption at rest. Supabase infrastructure is hosted on Amazon Web Services (AWS). For current Supabase data center locations, see Supabase's Privacy Policy.

5.3 Security Measures

We implement commercially reasonable security measures including TLS encryption for all data in transit, encryption at rest for cloud-stored data, and hashed passwords. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Third-Party Services

We share your personal data only with the following third-party service providers, and only to the extent necessary to operate the Service:

  • Supabase — Authentication and cloud database (only if you enable cloud sync). Privacy Policy
  • Stripe — Payment processing for one-time purchases. Stripe collects and processes your payment information directly; we receive only a confirmation of payment and a truncated card identifier. Privacy Policy
  • Vercel — Application hosting and content delivery. Privacy Policy

We do not sell your personal information. We do not share your data with advertisers or data brokers. We do not use your subscription data to serve you ads or build advertising profiles.

7. Cookies and Local Storage Technologies

sub-gone uses minimal browser storage technologies:

  • IndexedDB: Stores your subscription data, preferences, and snapshots locally. This is essential to the Service's operation.
  • localStorage: Stores authentication session tokens (managed by Supabase Auth) and UI preferences (e.g., theme, sidebar state). These are essential for the Service to function.
  • Cookies: We do not set first-party tracking cookies. Our hosting provider or authentication service may set essential session cookies.

We do not use any analytics cookies, advertising cookies, or third-party tracking pixels. Because all browser storage used by sub-gone is strictly necessary for the Service to function, no cookie consent banner is required under the ePrivacy Directive.

8. Data Retention

  • Local data: Persists on your device until you clear your browser data, uninstall the app, or delete your data through the Settings page.
  • Cloud-synced data: Retained for as long as your account is active. Upon account deletion, cloud data is deleted within 30 days.
  • Payment records: Transaction records are retained for 7 years as required by tax and financial regulations, after which they are deleted.
  • Authentication logs: Session and authentication data is retained for up to 90 days after your last sign-in, then automatically purged.

9. Your Rights

9.1 All Users

Regardless of your location, you may:

  • Access your data at any time through the Service (your subscription data is always visible to you).
  • Export your data from the Settings page.
  • Delete your locally stored data from the Settings page.
  • Delete your account and all associated cloud data by contacting us at sub-gone@protonmail.com.

9.2 European Economic Area and United Kingdom Residents

Under the GDPR, you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate personal data.
  • Erasure — Request deletion of your personal data ("right to be forgotten").
  • Restriction — Request that we restrict processing of your data in certain circumstances.
  • Portability — Receive your data in a structured, machine-readable format.
  • Object — Object to processing based on legitimate interest.
  • Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise these rights, email sub-gone@protonmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

9.3 California Residents

Under the California Consumer Privacy Act (CCPA/CPRA), you have the right to:

  • Know — Request disclosure of the categories and specific pieces of personal information we collect.
  • Delete — Request deletion of your personal information.
  • Correct — Request correction of inaccurate personal information.
  • Opt out of sale or sharing — We do not sell or share your personal information for cross-context behavioral advertising. No opt-out action is required.
  • Non-discrimination — We will not discriminate against you for exercising your rights.

To exercise these rights, email sub-gone@protonmail.com. We will respond within 45 days.

10. International Data Transfers

If you are located outside the United States and enable cloud sync, your personal data will be transferred to and processed in the United States where our service providers (Supabase, Stripe) maintain infrastructure.

For transfers of personal data from the EEA/UK, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission, as implemented by our sub-processors. You may request a copy of the applicable SCCs by contacting us.

11. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in jurisdictions where a higher age of consent applies). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under the applicable age, we will delete that information promptly. If you believe a child has provided us with personal data, please contact us at sub-gone@protonmail.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will notify you by posting a notice within the Service or sending an email to the address associated with your account at least 30 days before the changes take effect. Your continued use of the Service after the updated policy takes effect constitutes acceptance of the changes.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

sub-gone
sub-gone@protonmail.com

See also: Terms of Service