Privacy Policy

Last updated: April 20, 2026

This Privacy Policy explains how Subblink (“Subblink,” “we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use our subscription tracking service at subblink.co (the “Service”). It applies to all visitors and users of the Service, regardless of location or plan.

Subblink is operated by a sole proprietor based in Maastricht, the Netherlands. For purposes of the EU General Data Protection Regulation (“GDPR”) and UK GDPR, Subblink is the data controller of your personal information.

This policy should be read alongside our Cookie Policy and Terms of Service.

1. Overview

Subblink helps you discover, monitor, and manage your recurring software and service subscriptions. With your explicit authorization, we connect to your Gmail or Microsoft Outlook inbox, scan for subscription receipts, and present the results — vendor, amount, frequency, renewal date — on a dashboard you control.

We built Subblink with a simple principle: we access the minimum amount of data required to give you a useful subscription tracker, and we do not use that data for any other purpose. We do not sell your data, we do not share it with advertisers, and we do not use it to build profiles about you.

2. Information We Collect

2.1 Account Information

When you create a Subblink account, we collect:

  • Your name and email address
  • A hashed password (if you register with email/password) — we never see or store your password in plain text
  • Your preferred time zone and notification settings
  • Account creation date, last login timestamp, and similar session metadata

2.2 Email Data (OAuth Access)

If you choose to connect your inbox for automatic subscription detection, we request the following OAuth scopes:

  • Google: https://www.googleapis.com/auth/gmail.readonly
  • Microsoft: Mail.Read

These are read-only scopes. We cannot send, modify, delete, or move your email. During a scan, we fetch Gmail messages that match sender and subject keyword filters we use to identify billing, subscription, and trial-related email — for example, senders like billing@, invoice@, receipt@, or noreply@, and subject terms like “receipt”, “invoice”, “renewal”, or “free trial”. From those messages we extract structured metadata (vendor name, amount, currency, billing date, frequency) and store only that metadata in our database.

AI-assisted extraction. To accurately parse unstructured receipt emails, we send the content of qualifying messages to the Anthropic Claude API for metadata extraction. Body content sent to Anthropic is truncated to the first 1,500 characters. This processing is transient — per Anthropic’s API terms, Anthropic does not retain the content after the request completes and does not use it to train models. Only emails that match subscription-related filters are processed in this way; the rest of your inbox is never read.

What we store: the extracted metadata (vendor, amount, dates, frequency) and your encrypted OAuth tokens. We also store the Gmail message ID of each processed email so we can deduplicate future scans. Message IDs are not email content, and they are deleted when you disconnect the connection, delete your account, or when Google notifies us that you have revoked access.

What we do NOT store: the raw email bodies, attachments, the content of non-subscription messages, or any inbox material beyond the structured fields needed to display your subscriptions.

Google account identifier. When you connect a Google email account, we also store your Google account identifier (the sub claim returned in Google’s ID token) associated with the connection. It is used solely to match Google’s cross-service data-deletion notifications to the correct connection in our database.

You can disconnect email access at any time from Settings → Connected Accounts. When you disconnect a Google email connection, we call Google’s OAuth token revocation endpoint in addition to deleting the tokens from our database, so the grant is invalidated on Google’s side as well as locally.

2.3 Payment Information

Payments are processed by Stripe, a PCI DSS Level 1 certified payment provider. Stripe collects your name, billing address, email, and payment method directly; Subblink never sees or stores your full card number, CVC, or bank account details. We receive and store only a Stripe customer identifier and invoice metadata (amount, date, plan, status) needed for billing and tax records.

2.4 Usage Data

We log minimal technical information required to operate the Service:

  • IP address and approximate location (country/region level)
  • Browser type, operating system, and user-agent
  • Timestamps of requests to our API
  • Error events and diagnostic traces

These logs are used for security, abuse prevention, and debugging. Server and diagnostic logs are retained according to our hosting providers’ standard log-retention windows, typically 30 to 90 days, and then deleted.

We also record aggregate per-day counts of AI model usage (input and output tokens, and estimated cost) against your account for internal cost tracking. These records contain no email content.

2.5 Cookies and Local Storage

Subblink uses only essential authentication cookies and non-sensitive UI preferences stored in your browser’s localStorage. We do not use analytics, advertising, or tracking cookies. Full details are in our Cookie Policy.

3. How We Use Your Information

We use your information to:

  • Create and maintain your account, and authenticate you when you log in
  • Scan your connected inbox for subscription receipts and display the results on your dashboard
  • Send renewal alerts, weekly summaries, and transactional emails you have requested
  • Process payments, issue invoices, and manage billing
  • Operate team features (inviting members, assigning roles, sharing reports)
  • Respond to your support requests
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with legal obligations, including tax and accounting requirements
  • Improve the Service (fixing bugs, refining detection rules) — using aggregated, de-identified data where possible

We do NOT:

  • Sell or rent your personal information to anyone
  • Share your personal information with advertisers, ad networks, or data brokers
  • Use your email content to build advertising profiles or for any advertising purpose
  • Use your email content for retargeting, personalization of ads, or interest-based advertising
  • Use your data to assess credit-worthiness or for lending decisions
  • Allow human employees to read your email content except with your affirmative agreement, for security investigations, to comply with law, or in aggregated/anonymized form

4. Google API Services — Limited Use

Subblink’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  1. We use Google user data only to provide and improve the user-facing subscription tracking features described in this policy.
  2. We do not transfer Google user data to third parties except: (a) to provide or improve user-facing features with your consent; (b) for security purposes (e.g., investigating abuse); (c) to comply with applicable law; or (d) as part of a merger, acquisition, or sale of assets, with your explicit prior consent.
  3. We do not allow humans to read Google user data except: (a) with your affirmative agreement for specific messages; (b) as necessary for security or abuse investigations; (c) as necessary to comply with applicable law; or (d) in aggregated, anonymized form used for internal operations.
  4. We do not use Google user data for advertising, including retargeting, personalized, or interest-based advertising.
  5. We do not use Google user data to determine credit-worthiness or for lending purposes.

Equivalent standards apply to any data we access through Microsoft Graph.

5. How We Protect Your Data

We take reasonable and appropriate technical and organizational measures to safeguard your information:

  • Encryption in transit: All traffic to and from Subblink is served over TLS 1.2 or higher. HSTS is enforced.
  • Encryption at rest: OAuth tokens for Gmail and Outlook are encrypted with AES-256-GCM before being written to the database. The encryption key is stored in an environment variable, separated from the database itself.
  • Row-level security: Our Postgres database (hosted on Supabase) enforces row-level security policies so that one user’s data is never accessible to another user, even in the event of an application-level bug.
  • Passwords: Passwords are hashed and salted by Supabase Auth. We never see them in plain text.
  • Payment data: Full card data is handled exclusively by Stripe (PCI DSS Level 1). Subblink systems never receive it.
  • Access controls: Production systems are accessible only to the operator, using strong authentication.
  • Minimum necessary data: We only store the fields required to operate the Service and delete data we no longer need.

A note on certifications. Subblink itself is not SOC 2 certified. Our database and authentication provider, Supabase, holds SOC 2 Type II certification, and we rely on their infrastructure controls for hosting, backups, and access logging.

No system is perfectly secure, and we cannot guarantee absolute security. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours where required, and will notify you directly without undue delay.

6. Third-Party Services (Sub-Processors)

We use a small number of carefully selected service providers to operate Subblink. Each processes personal data only on our behalf, under a data processing agreement (or equivalent contractual terms), and only to provide the services described below.

ServicePurposeData Shared
SupabaseAuthentication, Postgres database, row-level securityAccount data, subscription metadata, encrypted OAuth tokens
StripePayment processing, billing, invoicingName, email, billing address, payment method (collected directly by Stripe)
Google APIsGmail scanning via gmail.readonly scopeEncrypted OAuth tokens; email content read transiently during scans
Microsoft GraphOutlook scanning via Mail.Read scopeEncrypted OAuth tokens; email content read transiently during scans
Anthropic (Claude API)AI extraction of subscription metadata from qualifying emailsContent of emails matching subscription filters; transient, not retained by Anthropic per their API terms
ResendTransactional email delivery (verification, alerts, receipts)Recipient email address, subject, and body of transactional messages
TwilioSMS renewal alerts (opt-in per subscription)Phone number, alert content
VercelApplication hosting, edge and serverless runtimeIP address, request metadata, user-agent

We do not share your data with advertising networks, analytics providers, data brokers, or any third party not listed above.

7. Your Rights

You have the following rights over your personal information, available to all users regardless of plan tier:

  • Access. Request a copy of the personal information we hold about you.
  • Portability. Receive your personal data in a structured, commonly used, machine-readable format (CSV). If CSV export is gated to a paid plan in the product interface, you may still exercise this right on any plan by emailing privacy@subblink.co — we will provide the export free of charge.
  • Correction. Update or correct inaccurate or incomplete information. Most fields are editable directly in your account settings.
  • Deletion. Delete your account and all associated data from Settings → Account. Deletion is irreversible.
  • Revocation of email access. Disconnect your Gmail or Outlook account at any time from Settings → Connected Accounts. Your OAuth tokens are deleted immediately on disconnect.
  • Opt-out of communications. Unsubscribe from marketing emails using the link in any such email. Transactional emails (billing receipts, security alerts) cannot be disabled while your account is active.
  • Stripe billing on deletion. Deleting your account also cancels any active Stripe subscription, so you will not be billed again.

Additional rights for users in the European Economic Area, the United Kingdom, and California are described in Sections 9 and 10 below.

To exercise any right, contact privacy@subblink.co. We will respond within one month (or within 45 days for California residents, as required by CCPA/CPRA). We may ask you to verify your identity before processing certain requests.

8. Data Retention

We keep your personal information only for as long as necessary for the purposes described in this policy.

CategoryRetention Period
Account data (profile, settings)Active account lifetime; deleted immediately on account deletion
Subscription metadataSame as account
OAuth tokens (Gmail, Outlook)Until you disconnect or delete your account; deleted immediately on disconnect
Payment records (Stripe customer ID, invoices)Up to 7 years, for tax and accounting compliance
Server logsPer hosting provider’s standard retention, typically 30–90 days
Encrypted backupsUp to 90 days after data is purged from production

On account deletion, all data in our production database is purged immediately via a cascading delete. Residual copies in encrypted, time-limited backups are overwritten within 90 days. Certain records required for legal or accounting purposes (for example, payment history under tax law) are retained for the period required by applicable law.

If you revoke Subblink’s access via your Google Account security settings, Google notifies us at our dedicated data-deletion endpoint. On receipt, we delete the affected email connection, the stored Gmail message IDs for that connection, the processed-email records, and the scan logs for that connection.

9. Children’s Privacy

Subblink is intended for use by adults only. The Service is not directed at children, and you must be at least 18 years old to create an account or use the Service. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact privacy@subblink.co and we will delete it promptly.

10. International Users and GDPR

Subblink is operated from the Netherlands and serves users globally. If you are located in the European Economic Area, the United Kingdom, or Switzerland, the following applies.

10.1 Legal Bases for Processing

We rely on the following legal bases under Article 6 of the GDPR:

  • Performance of a contract (Art. 6(1)(b)) — to provide the Service you signed up for, process payments, and deliver transactional communications.
  • Legitimate interests (Art. 6(1)(f)) — to secure our Service, prevent fraud and abuse, maintain logs for debugging, and make reasonable improvements to the product. We have balanced these interests against your rights.
  • Consent (Art. 6(1)(a)) — specifically for connecting your Gmail or Outlook inbox, and for any optional marketing communications. You can withdraw consent at any time; withdrawal does not affect the lawfulness of processing before withdrawal.
  • Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and other regulatory requirements.

10.2 GDPR Rights

In addition to the rights listed in Section 7, you have the right to:

  • Restrict processing (Art. 18) in certain circumstances
  • Object to processing (Art. 21) based on legitimate interests
  • Not be subject to automated decision-making producing legal or similarly significant effects (Art. 22) — Subblink does not carry out such decision-making
  • Lodge a complaint with your local supervisory authority. If you are in the Netherlands, this is the Autoriteit Persoonsgegevens. A list of EEA authorities is available from the European Data Protection Board. UK residents may contact the Information Commissioner’s Office (ICO).

10.3 International Data Transfers

Some of our sub-processors (including Stripe, Anthropic, Resend, Twilio, and Vercel) are based in, or process data in, the United States. Where personal data of EEA or UK residents is transferred outside those regions, we rely on the Standard Contractual Clauses adopted by the European Commission (Commission Implementing Decision (EU) 2021/914) and the UK International Data Transfer Addendum where applicable. You may request a copy of the relevant transfer mechanism by emailing privacy@subblink.co.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

  • The right to know what personal information we collect, the sources, purposes, and categories of third parties with whom we share it
  • The right to delete personal information we have collected
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information for cross-context behavioral advertising
  • The right to limit the use of sensitive personal information
  • The right to non-discrimination for exercising these rights

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We have not done so in the past 12 months and we have no plans to do so.

To exercise any California privacy right, email privacy@subblink.co. We will respond within 45 days. If we need an extension, we will tell you within that window and explain why. You may also designate an authorized agent to make a request on your behalf; we may ask for reasonable proof of authorization.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes — for example, adding a new category of data, a new purpose of use, or a new sub-processor — we will notify you by email at least 14 days before the change takes effect, and we will update the “Last updated” date at the top of this page. Your continued use of the Service after the effective date constitutes acceptance of the revised policy. If you do not agree with the changes, you can delete your account before they take effect.

13. Contact Us

For any question about this Privacy Policy or how we handle your personal data: