Privacy Policy

Last updated: June 11, 2026

Subscription Manager ("we", "us") helps you find and manage your subscriptions. This policy explains what data we collect, why we collect it, how it is protected, and how you can delete it. The short version: we only read what we need, we encrypt what we store, we never sell your data, and you can erase everything at any time.

What we collect

  • Account information — your name, email address, and a salted password hash (or your Google sign-in identity if you use Google OAuth). Passwords are never stored in plain text.
  • Gmail access tokens — if you connect a Gmail account, we store OAuth tokens with read-only scope, encrypted at rest with AES-256-GCM. We never see or store your Google password.
  • Subscription data — the services, amounts, billing cycles, and renewal dates our AI extracts from your billing emails, plus limited source-email metadata (subject, snippet, date) so you can verify why an item was detected.
  • Billing information — if you upgrade to Pro, payments are processed by Stripe. We store your Stripe customer ID and plan status only; your card details never touch our servers.
  • Usage analytics — pseudonymous product analytics (pages viewed, features used) tied to a random account ID, never to your name or email address. No session recording, no ad trackers, "Do Not Track" is respected, and email contents never enter analytics.

How we use your data

  • To scan billing-related emails and extract your subscriptions.
  • To show spending analytics, budgets, forecasts, and renewal reminders you enable (email or Telegram).
  • To process Pro payments and manage your plan.
  • To keep the service secure (audit logs, rate limiting, abuse prevention).

AI processing

To detect subscriptions, relevant billing emails are processed by our AI provider (such as OpenAI) under their API data-usage terms, which do not permit training on this data. We send only what is needed to identify subscriptions and we do not use your email content for advertising or profiling.

Google API Limited Use disclosure

Subscription Manager's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Gmail data is used only to provide user-facing subscription detection features, is never sold, never used for advertising, and is never read by humans except with your explicit permission for support, for security purposes, or where required by law.

Security

  • OAuth tokens encrypted at rest (AES-256-GCM); TLS in transit.
  • Read-only Gmail scope — Subscription Manager cannot send, modify, or delete your email.
  • Optional two-factor authentication (TOTP) on your Subscription Manager account.
  • Login lockout protection, rate limiting, and a security audit trail.
  • You can disconnect Gmail at any time from Subscription Manager settings or your Google account.

Data retention & deletion

Pre-sync snapshots are kept for 30 days and sync logs for 14 days, then deleted automatically. You can export your data (CSV/JSON) anytime. Deleting your account permanently removes your profile, subscriptions, linked accounts, and encrypted tokens from our systems.

What we never do

  • We never sell or rent your personal data.
  • We never use your email content for advertising.
  • We never send, alter, or delete anything in your inbox.

Changes & contact

We will update this page if our practices change and note the date above. Questions or requests (access, export, deletion): support@devfamz.com.