Privacy Policy
Last Updated: December 20, 2025
Our Privacy Commitment
-
Your subscription content is encrypted locally and never stored on our
servers
- We collect only the minimum data necessary to provide our services
- We do not sell, rent, or share your personal data with third parties
- You have full control over your data at all times
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address: For authentication and account recovery
- User ID: Automatically generated for database management
- Email verification status: To confirm account ownership
1.2 Subscription Data (Encrypted Locally)
Data you enter or that we detect:
- Service names (e.g., Netflix, Spotify)
- Subscription amounts and currencies
- Billing cycles and review dates
- Plan names and notes
Important: This data is encrypted using AES-256-GCM on your
device before any storage. The raw content never reaches our servers.
1.3 Usage Metadata
- AI page scan count (to enforce subscription limits)
- Subscription activation date (for billing purposes)
- Feature toggles (AI auto-detection, notification preferences)
- Blocked URLs (sites you've opted out of scanning)
2. Information We DO NOT Collect
We explicitly do not collect:
- ❌ Credit card numbers or payment information
- ❌ Banking credentials or account passwords
- ❌ Full browsing history
- ❌ Personal documents or files
- ❌ Social security numbers or government IDs
- ❌ Phone numbers or physical addresses
- ❌ Unencrypted subscription data
3. How We Use Your Information
3.1 Core Service Functionality
- Authenticate your account and maintain login sessions
- Store and sync your encrypted subscription data across devices
- Provide AI-powered subscription detection
- Send email reminders for upcoming subscription payments
- Track usage limits for subscription plans
3.2 Communications
- Send account verification emails
- Deliver subscription reminder notifications
- Notify you of important service updates or policy changes
- Respond to support requests
We will never send unsolicited marketing emails.
4. Data Storage and Security
Local Encryption
-
Encryption Standard: AES-256-GCM (Advanced Encryption
Standard)
-
Key Generation: Unique encryption keys generated on your
device
-
Key Storage: Keys stored securely in browser local storage
- Process: Data is encrypted before leaving your browser
4.1 Remote Storage
Platform: Firebase Firestore (Google Cloud Platform)
Data Stored:
- Email address (plaintext)
- User ID (plaintext)
- Encrypted subscription blobs
- Usage metadata (plaintext)
4.2 Key Management
- Encryption keys never leave your device
- Keys are not transmitted to our servers
- Only you can decrypt your subscription data
- Lost keys cannot be recovered (data cannot be decrypted)
5. Third-Party Services
5.1 Firebase/Firestore (Google)
5.2 OpenAI/DeepSeek
- Purpose: AI-powered subscription detection
- Data Shared: Temporary HTML snippets from web pages
- Data Retention: Not stored after processing
We Do NOT Share Data With:
- ❌ Advertisers or marketing companies
- ❌ Data brokers or analytics firms
- ❌ Social media platforms
- ❌ Any third party for profit
6. Your Privacy Rights
6.1 Access and Control
You have the right to:
- ✅ Access all your stored data
- ✅ Export your data to CSV format
- ✅ Modify or delete subscriptions at any time
- ✅ Delete your account and all associated data
- ✅ Opt out of email reminders
6.2 GDPR (EU Users)
- Right to access personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object to processing
6.3 CCPA (California Users)
- Right to know what data is collected
- Right to delete personal information
- Right to opt-out of data sales (we don't sell data)
- Right to non-discrimination
7. Data Retention
- Your data is retained as long as your account is active
- Upon account deletion, encrypted data is removed within 30 days
- Email and authentication records retained for 90 days for security auditing
- Accounts inactive for 24+ months may be flagged for deletion
8. Cookies and Tracking
- We use browser local storage for session management and encryption keys
- We do not use third-party analytics cookies
- We collect minimal anonymized usage statistics for service improvement
- We respect "Do Not Track" browser signals
9. Children's Privacy
- $ubwatch is not intended for users under 18 years of age
- We do not knowingly collect data from children
- If we discover a user is under 18, we will delete their account
10. Data Breach Notification
In the event of a data breach:
- We will investigate and contain the breach immediately
- Affected users will be notified within 72 hours
- We will provide details on what data was affected
- Serious breaches will be reported to relevant authorities
11. Contact Us
For privacy-related questions, concerns, or requests:
- Email: [Your support email]
- Subject Line: "Privacy Inquiry - $ubwatch"
- Response Time: Within 48 hours for most inquiries
12. Updates to This Policy
- We may update this Privacy Policy periodically
- Material changes will be announced via email
- Continued use after changes constitutes acceptance
$ubwatch - Your Privacy-First Subscription Tracker
Thank you for trusting $ubwatch with your subscription management.
Your trust is the foundation of our service.