← Back to Home

Privacy Policy

Introduction

Welcome to SubDupes (“we,” “our,” or “us”). We are committed to protecting your personal information and your right to privacy. Not only is it a legal requirement, but it is a core component of our business model to help you manage your subscriptions securely.

This Privacy Policy explains how your information is collected, used, and disclosed by SubDupes.

Information You Provide

Personal Information You Provide to Us: We collect personal information that you voluntarily provide to us when you register on the express interest in obtaining information about our products and services, when you participate in activities on the Website, or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the Website, the choices you make, and the products and features you use. The personal information we collect may include the following:

Account Data

Names, email addresses, and passwords (hashed).

Payment Data

We use Stripe/PayPal to process payments. We do not store your credit card numbers.

Usage Data & Tracking

Information Collected Automatically: We collect information about how you use our app, including clicks, scroll events, and interactions. We use Sentry for error tracking and session replay to help us debug issues and improve user experience.

Core Service Data (Emails & Files)

To provide our subscription management service, we process specific data categories:

Email Ingestion (Forwarding/BCC): If you choose to use our “Smart Scan” feature via email forwarding or BCC, we process the emails you send to your unique SubDupes alias. We parse the Sender, Subject, and Body to extract subscription usage, renewal notices, and receipts. We retain the parsed metadata (Subscription Name, Cost, Renewal Date). We may retain the raw email content for a limited period to allow re-processing or debugging.

File Uploads (PDF/Images): If you upload bank statements or invoices, we process those files using OCR to extract relevant subscription information.

AI Processing & Redaction

Private AI Analysis

We use Artificial Intelligence (OpenAI) to classify transactions. Crucially, we redact sensitive PII (Personally Identifiable Information) such as Account Numbers, Card Numbers, IBANs, Phone Numbers, and email addresses locally on our server before sending any text to the AI provider. The AI provider receives only anonymized transaction descriptions, dates, and amounts.

How We Use Information

  • To facilitate account creation and login process.
  • To send administrative information to you.
  • To fulfill and manage your orders.
  • To detect and manage your subscriptions (finding recurring payments).
  • To provide “Insights” (analyzing spending for savings).
  • To protect our services (e.g., fraud monitoring).

Sharing Your Information

We only share information with the following third parties:

  • Financial Processing: Stripe (for handling your payments to us).
  • Artificial Intelligence: OpenAI (for classifying transactions; data is redacted/anonymized).
  • Cloud Computing Services: AWS / Vercel (for hosting the application and database).
  • Error Monitoring: Sentry (for real-time error tracking and session replay).

Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information.

Encryption

Data is encrypted in transit (SSL/TLS) and at rest in our database.

Tokenization

We use OAuth for Google/Microsoft connections (if applicable) and store refresh tokens securely.

No Banking Credentials

We do not store your direct email passwords.

Redaction

Robust PII redaction is applied before any third-party AI processing.

Your Privacy Rights

Depending on your location (e.g., GDPR for Europe, CCPA for California), you may have specific rights:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Deletion: You can request that we delete your account and all associated data.
  • Revoking Access: You can stop forwarding emails or disconnect your email provider at any time to stop data collection.

Data Retention

We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.

  • Uploaded Statements: Retained as artifacts for your review and re-processing. You may delete those from your dashboard.
  • Extracted Data: Retained while your account is active to provide the dashboard view.

Contact Us

If you have questions or comments about this policy, you may email us at: support@subdupes.com