sub-trackersub-trackerHome

Privacy Policy

Last updated: April 15, 2026

Who we are

sub-tracker is a personal subscription tracking tool operated by Pho Huynh (p@ccly.dev). It is a hobby project, not a commercial service.

What we collect

When you sign in with Google, we collect:

  • Your basic profile: name, email address, and profile picture — used to identify your account in the app.
  • Gmail messages (read-only): when you click "Scan inbox", we fetch messages matching specific subscription-receipt patterns (e.g. "Your receipt from X", "invoice+statements@") for the last ~90 days. We only read the messages returned by these filters. We do not read your entire inbox.
  • Extracted billing data: vendor name, amount, currency, billing cycle, renewal date, and the receipt message ID — stored in our database so we can show you your subscriptions.
  • OAuth tokens: an access token and refresh token from Google, stored in our database so we can fetch Gmail receipts on your behalf when you click Scan.

What we don't do

  • We do not send email on your behalf.
  • We do not read messages that don't match our subscription filters.
  • We do not sell, share, or rent your data to anyone.
  • We do not use Google user data for training any machine learning or AI models.
  • We do not serve ads.
  • We do not track you across the web.

How we use your data

The Gmail receipts we read are passed through a deterministic regex-based extractor that runs entirely on our own servers. No email content is sent to any third-party LLM or external analytics service. The extractor produces structured data (vendor, amount, cycle, etc.) that gets stored in our Postgres database alongside a cached copy of the receipt's sender, subject, and snippet so we can show you the original source of each subscription.

Where your data lives

  • Application: hosted on Vercel (privacy policy), serverless functions run in Singapore (sin1).
  • Database: Railway-managed PostgreSQL (privacy policy), hosted in asia-southeast1.
  • Authentication: better-auth running in-process, storing session cookies in your browser.

Deleting your data

Email p@ccly.dev and your account, OAuth tokens, subscriptions, and ingested email log rows will be permanently deleted within 7 days.

You can also revoke sub-tracker's access to your Google account at any time via your Google permissions page.

Google API Services User Data Policy

sub-tracker's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Contact

Questions? Reach out at p@ccly.dev.