Information We Collect
Account Information
When you create an account, we collect your name, email address, and a hashed password. If you sign in with Google, we receive your name, email, and profile photo from Google — we never see your Google password.
Subscription Data
All subscription entries you create — names, amounts, billing cycles, renewal dates, categories, and notes — are stored and associated with your account so we can provide the tracking and insights you signed up for.
Usage & Analytics
We collect anonymous, aggregated usage signals (page views, feature interactions) to understand how Subsense is used and to improve the product. This data cannot be linked back to you individually.
How We Use Your Information
To Power the Product
Your data is used exclusively to provide Subsense's core functionality: tracking subscriptions, calculating spend, sending renewal reminders, and generating insights on your spending patterns.
To Send You Notifications
With your explicit permission, we send email digests, renewal reminders, and price change alerts. You can adjust or disable these at any time in your notification settings.
To Improve Subsense
Anonymised, aggregated data helps us understand which features are most useful and where we should invest in improvements. We never sell your personal data or use it for third-party advertising.
Data Sharing & Third Parties
Infrastructure Partners
We use Convex for our database and real-time backend, and Resend for transactional email delivery. Both are processed under strict data processing agreements and are used solely to operate Subsense.
Google OAuth
If you choose to sign in with Google, authentication is handled by Google's OAuth 2.0 service. We only receive the basic profile scopes (name, email, profile picture). We do not receive access to your Google account, Gmail, Drive, or any other Google service.
No Data Sales
We do not sell, rent, or trade your personal information to any third party under any circumstances.
Cookies & Local Storage
Session Cookies
We use a single session cookie to keep you logged in. This cookie is HttpOnly, Secure, and expires when your session ends or after 30 days of inactivity.
Preferences
Your theme preference (light/dark) is stored in local storage on your device. This data never leaves your browser.
No Tracking Cookies
We do not use any third-party advertising, analytics, or tracking cookies. There are no pixel trackers or fingerprinting scripts on Subsense.
Data Security
Encryption
All data is encrypted in transit via TLS 1.2+ and at rest using AES-256. Passwords are hashed using bcrypt and are never stored in plain text.
Access Controls
Your subscription data is strictly scoped to your account. No other user can query, view, or modify your data. Our team accesses production data only when required for support, and only with your consent.
Incident Response
In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours via the email on your account.
Your Rights & Data Deletion
Access & Export
You have the right to know what data we hold about you. Contact us at hello@unbuilt.studio and we will provide a full export of your account data within 7 days.
Account Deletion
You can permanently delete your account at any time from Settings → Account. Deletion is immediate and irreversible — all your subscriptions, payment logs, categories, notifications, and personal information are permanently erased from our systems within 30 days.
GDPR & CCPA
If you are located in the European Economic Area or California, you have additional rights under GDPR and CCPA respectively, including the right to data portability and the right to object to processing. To exercise any of these rights, contact us at hello@unbuilt.studio.
Questions?
If you have any questions about this Privacy Policy or how we handle your data, reach out to us at hello@unbuilt.studio. We typically respond within 1–2 business days.