Privacy Policy

This Privacy Policy explains what information SubRemind ("we", "us") collects when you use our web application (the "Service"), how we use it, and the choices you have. By using SubRemind you agree to the practices described here.

1. Information we collect

• Account data. Your email address and a securely hashed password, handled by our authentication provider (Supabase Auth).
• Subscription data you enter.Service names, prices, currencies, billing cycles, billing and trial dates, categories, and optional payment-method labels (e.g. "Visa · Main account"). We do not collect or store actual card numbers or bank credentials.
• Settings. Your chosen base currency, and your email-notification preferences (monthly digest opt-in, per-subscription renewal-reminder opt-in).
• Share links you create. If you create a public read-only share link for your subscription stack, we store the random token. Anyone with the link can view your stack until you revoke it from your dashboard.
• Technical data. Minimal logs from our hosting provider needed to operate the Service (IP address, user agent, request timing). These are not used to build user profiles.

2. How we use your data

• To authenticate you and keep you signed in.
• To display, calculate, and convert your subscription totals.
• To send transactional email — renewal reminders (2 days before billing, per-subscription opt-out) and an optional monthly spending digest (per-account opt-out). Both can be disabled in Settings or on the subscription itself.
• To maintain and secure the Service.

We do not sell your data, rent it, or use it for advertising. We do not run third-party analytics or tracking scripts.

3. Cookies

We use strictly necessary cookies to keep your authentication session active. No marketing or tracking cookies are set.

4. Third-party services (sub-processors)

• Supabase — hosts our database and authentication. Your data is stored on their infrastructure and protected by row-level security so only you can read your own rows.
• Vercel — hosts and serves the SubRemind web application. Receives request metadata (IP, user agent) needed to deliver pages. No subscription content is shared beyond what's required to render your own session.
• Resend — delivers our transactional emails (renewal reminders, monthly digest). Receives your email address and the message body so the email can be sent.
• Open Exchange Rates (open.er-api.com) — we fetch live currency conversion rates. Only the base-currency code is sent; no personal data is shared.
• Google favicons — we load a small icon for each service using its public domain name. Your browser requests the icon directly; no account data is sent.

5. Data retention and deletion

Your data is retained for as long as your account exists. You can delete your subscriptions at any time from the dashboard. To delete your account entirely (GDPR / DSGVO Art. 17), open Settings and use the "Delete account" button — this immediately and irreversibly removes your account along with every subscription, category, share link, and price history row associated with it. If you'd prefer we do it on your behalf, email the address below.

6. Security

Data is transmitted over HTTPS. Database access is protected by row-level security so each account can only read and modify its own rows. No system is ever perfectly secure, so please use a strong, unique password.

7. Children

SubRemind is not directed to children under 13 and we do not knowingly collect their data.

8. Changes to this policy

We may update this policy from time to time. Significant changes will be reflected in the "Last updated" date at the top of this page.

9. Contact

Questions or data requests: subremind@proton.me.