Privacy Policy

Last Updated: December 20, 2025

Our Privacy Commitment

Your subscription content is encrypted locally and never stored on our servers
We collect only the minimum data necessary to provide our services
We do not sell, rent, or share your personal data with third parties
You have full control over your data at all times

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address: For authentication and account recovery
User ID: Automatically generated for database management
Email verification status: To confirm account ownership

1.2 Subscription Data (Encrypted Locally)

Data you enter or that we detect:

Service names (e.g., Netflix, Spotify)
Subscription amounts and currencies
Billing cycles and review dates
Plan names and notes

Important: This data is encrypted using AES-256-GCM on your device before any storage. The raw content never reaches our servers.

1.3 Usage Metadata

AI page scan count (to enforce subscription limits)
Subscription activation date (for billing purposes)
Feature toggles (AI auto-detection, notification preferences)
Blocked URLs (sites you've opted out of scanning)

2. Information We DO NOT Collect

We explicitly do not collect:

❌ Credit card numbers or payment information
❌ Banking credentials or account passwords
❌ Full browsing history
❌ Personal documents or files
❌ Social security numbers or government IDs
❌ Phone numbers or physical addresses
❌ Unencrypted subscription data

3. How We Use Your Information

3.1 Core Service Functionality

Authenticate your account and maintain login sessions
Store and sync your encrypted subscription data across devices
Provide AI-powered subscription detection
Send email reminders for upcoming subscription payments
Track usage limits for subscription plans

3.2 Communications

Send account verification emails
Deliver subscription reminder notifications
Notify you of important service updates or policy changes
Respond to support requests

We will never send unsolicited marketing emails.

4. Data Storage and Security

                Local Encryption
                
                        Encryption Standard: AES-256-GCM (Advanced Encryption
                        Standard)
                    
                        Key Generation: Unique encryption keys generated on your
                        device
                    
                        Key Storage: Keys stored securely in browser local storage
                    
Process: Data is encrypted before leaving your browser

4.1 Remote Storage

Platform: Firebase Firestore (Google Cloud Platform)

Data Stored:

Email address (plaintext)
User ID (plaintext)
Encrypted subscription blobs
Usage metadata (plaintext)

4.2 Key Management

Encryption keys never leave your device
Keys are not transmitted to our servers
Only you can decrypt your subscription data
Lost keys cannot be recovered (data cannot be decrypted)

5. Third-Party Services

5.1 Firebase/Firestore (Google)

Purpose: Authentication, database storage
Data Shared: Email, encrypted subscription data, usage metadata
Privacy Policy: firebase.google.com/support/privacy

5.2 OpenAI/DeepSeek

Purpose: AI-powered subscription detection
Data Shared: Temporary HTML snippets from web pages
Data Retention: Not stored after processing

We Do NOT Share Data With:

❌ Advertisers or marketing companies
❌ Data brokers or analytics firms
❌ Social media platforms
❌ Any third party for profit

6. Your Privacy Rights

6.1 Access and Control

You have the right to:

✅ Access all your stored data
✅ Export your data to CSV format
✅ Modify or delete subscriptions at any time
✅ Delete your account and all associated data
✅ Opt out of email reminders

6.2 GDPR (EU Users)

Right to access personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to data portability
Right to object to processing

6.3 CCPA (California Users)

Right to know what data is collected
Right to delete personal information
Right to opt-out of data sales (we don't sell data)
Right to non-discrimination

7. Data Retention

Your data is retained as long as your account is active
Upon account deletion, encrypted data is removed within 30 days
Email and authentication records retained for 90 days for security auditing
Accounts inactive for 24+ months may be flagged for deletion

8. Cookies and Tracking

We use browser local storage for session management and encryption keys
We do not use third-party analytics cookies
We collect minimal anonymized usage statistics for service improvement
We respect "Do Not Track" browser signals

9. Children's Privacy

$ubwatch is not intended for users under 18 years of age
We do not knowingly collect data from children
If we discover a user is under 18, we will delete their account

10. Data Breach Notification

In the event of a data breach:

We will investigate and contain the breach immediately
Affected users will be notified within 72 hours
We will provide details on what data was affected
Serious breaches will be reported to relevant authorities

11. Contact Us

For privacy-related questions, concerns, or requests:

Email: [Your support email]
Subject Line: "Privacy Inquiry - $ubwatch"
Response Time: Within 48 hours for most inquiries

12. Updates to This Policy

We may update this Privacy Policy periodically
Material changes will be announced via email
Continued use after changes constitutes acceptance

$ubwatch - Your Privacy-First Subscription Tracker

Thank you for trusting $ubwatch with your subscription management.

Your trust is the foundation of our service.