Privacy Policy

This privacy policy explains what information SubsHub ("SubsHub", "we", "us") collects when you use the SubsHub service at https://www.subshub.io, how we use it, who we share it with, and the rights you have over it. By creating an account or using the service you agree to the practices described here.

For privacy questions, data-export requests, or to delete your account, contact us at legal@subshub.io.

SubsHub holds three categories of information about you:

Account & authentication

• Your email address - used as your login identifier and for transactional messages (renewal reminders, billing receipts, account changes).
• Display name and avatar URL if you sign in with Google - supplied by Google OAuth, used to personalise the UI. Never shared.
• Password for email/password signups - hashed by Supabase Auth (bcrypt). We never see or store the plaintext.
• Authentication metadata - sign-up date, last sign-in time, and multi-factor settings if you enable them.

Subscription data you enter

• Vendor and product names, billing amounts, currencies, billing cycle, lifecycle, next renewal date, notes, and any tags or attribution labels you add.
• Payment account metadata - type (credit card, debit card, bank account, UPI…), nickname, last four digits, expiry month/year, currency, ownership label. We never see, store, or transmit full card numbers, CVVs, or PINs.Card processing is handled exclusively by Stripe - see Stripe's privacy policy.
• Identity records - emails, phone numbers, or usernames you record as sign-in identities for tracked subscriptions, plus their status (active, deprecated, compromised).
• Auth methods on each subscription - type (password, SSO, passkey, API key, etc.), MFA configuration, last-rotated timestamp, optional notes about where the credential is stored.

Billing data (Pro tier only)

• Stripe customer ID, subscription ID, status, current period end - set when you subscribe and updated by Stripe webhook events. Card details themselves never touch SubsHub; they live in Stripe.
• Invoice metadata - date, amount, status, hosted invoice URL - fetched from Stripe on demand when you view Settings → Billing → Invoices.

Operational telemetry

• HTTP server logs (IP address, request path, response status, user agent) for debugging and abuse prevention. Retained 30 days, then automatically rotated.
• Aggregated, non-identifying usage analytics (e.g. number of subscriptions created per day) - used internally to prioritise improvements.

• Operate the service - show you your subscriptions, run the renewals queue, surface attention items on the dashboard, enforce tier quotas, send the renewal reminders you opted into.
• Bill you - only on the Pro tier, only via Stripe.
• Authenticate you - issue session tokens, verify your email on signup, challenge MFA if configured.
• Improve the service - read aggregated, non-identifying telemetry to understand which features are useful.
• Communicate operationally - service notices, security advisories, policy updates. We do not currently send marketing email; if that ever changes, you will be asked to opt in explicitly.
• Comply with law - respond to lawful requests from courts and regulators where compelled.

We do not sell your data. We do not share your data for advertising.

SubsHub depends on a small set of well-known infrastructure providers. Your data flows through them as needed for the service to work:

• Supabase - database hosting, authentication, storage, edge functions. Your account row, subscription records, and authentication credentials are stored in Supabase Postgres. Their policy: supabase.com/privacy.
• Stripe - handles all billing, card processing, subscription lifecycle, and customer portal. Card details, billing addresses, and payment history live in Stripe. Their policy: stripe.com/privacy.
• Google (only if you choose Sign-in with Google) - provides identity verification. Google sees your sign-in event; SubsHub receives your email, display name, and avatar URL. Their policy: policies.google.com/privacy.
• Hosting (Microsoft Azure Static Web Apps) - the SubsHub web application is served from Azure Static Web Apps. Microsoft sees request headers (IP, user-agent) but not your application data. Their policy: privacy.microsoft.com.
• Azure Communication Services (Microsoft) - sends transactional email (renewal heads-ups, billing notices, password reset). Each message contains your email address and the relevant context (e.g. a subscription nickname). Their policy: privacy.microsoft.com.
• Microsoft 365 - receives inbound email at SubsHub aliases (legal@, hello@, privacy@). When you write to us, the message and any details you include sit in our M365 mailbox. Their policy: privacy.microsoft.com.
• GitHub Actions - runs scheduled jobs (FX refresh, notification generation). Holds operational secrets, not user PII. Their policy: github.com (general privacy statement).

We also rely on Frankfurter / European Central Bank as a non-PII data source for daily foreign-exchange rates. No personal data is sent to them.

On your first visit you'll see a cookie banner with three options. SubsHub works fully whichever you pick - only the optional analytics differ. You can change your choice any time from Settings → Cookie preferences.

Essential - always on

• Authentication session token - a Supabase-issued JWT stored in your browser's localStorage. Required for sign-in to persist; deleting it signs you out.
• Stripe checkout cookies - set by Stripe when you start a paid-tier checkout. Required for the payment flow to complete. Stripe is disclosed in section 04.
• UI preference state - recently-used commands, last-viewed tab, cookie-consent choice - stored in localStorage. Contains no personal data.

Extended - only if you pick "Allow extended"

• Microsoft Application Insights - anonymous performance and usage analytics. If you opt in, two cookies (ai_user, ai_session) link your visits so we can see funnel drop-off and slow pages. We do not receive your name, email, or subscription details through this channel; if you sign in we link the anonymous identifier to your user ID so we can investigate issues you report. Microsoft is the data processor; data is held in the same Azure tenant that runs the rest of SubsHub.

Disallow - declines all optional categories

Picking "Disallow" records your decline so we don't prompt again until our cookie policy changes. Essential cookies still apply because the app can't work without them.

What we don't do

• No advertising or retargeting cookies, no Google Analytics, no Facebook Pixel, no third-party behavioural-analytics SDKs beyond what is listed above.

• Active accounts - retained as long as your account exists.
• Sample data you imported - flagged on every row; deletable in one click from Settings → Data → Wipe sample data.
• Account deletion request - we delete your account and all associated records within 30 days of your written request to legal@subshub.io. Stripe-side billing records remain in Stripe for the period required by their compliance obligations.
• Server logs - 30-day rotating retention.

You can exercise the following rights at any time:

• Access - email legal@subshub.io to request a copy of the data we hold about you. We will respond within 30 days, typically with a JSON or CSV bundle. (Self-serve export from Settings → Data is on the roadmap.)
• Correction - most fields are editable directly in the app; if a field is not, contact us.
• Deletion - email legal@subshub.io from the address on file. We delete your account and associated records within 30 days, save what billing law forces us to retain. Settings → Profile has a one-click button that opens a deletion request email pre-filled with your account email.
• Portability - same channel as Access, above.
• Object / restrict processing - for users in the EU/UK, you may object to processing or request that we restrict it to specific purposes.
• Withdraw consent - where processing relies on consent (it generally does not for SubsHub - most processing is contractual), you may withdraw at any time.

To exercise these rights, email legal@subshub.io. We'll respond within 30 days.

For users in the EU/UK: you also have the right to lodge a complaint with your national data-protection authority. For users in California: the California Consumer Privacy Act (CCPA) gives you the rights above plus a right not to be discriminated against for exercising them. We do not sell personal information.

Supabase typically hosts data in AWS US-East or EU-Central regions. Stripe processes payments globally per the rules of the card networks. Where data crosses borders out of the EU/UK, transfers are made under standard contractual clauses or equivalent safeguards.

SubsHub is not directed at children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us their information, contact us and we'll delete it promptly.

We rely on Supabase row-level security to ensure each user can only read and write their own data. Authentication uses industry-standard JWTs with rotating refresh tokens. Card-data handling is delegated entirely to Stripe (PCI-DSS Level 1 certified). All traffic between your browser and SubsHub is served over HTTPS with modern TLS.

No service is perfectly secure. If you suspect a vulnerability or breach, contact us at legal@subshub.io.

We may update this policy. The "Last updated" date at the top of this document will reflect the most recent change. For material changes (new categories of data, new third parties, new uses), we will notify you by email at least 14 days before they take effect.

SubsHub - legal@subshub.io