Privacy Policy for SubTrack: Subscription Tracker

Effective Date: December 16, 2024

Introduction

Welcome to SubTrack: Subscription Tracker ("we", "our", or "the App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

Information We Collect

1. Data Stored Locally on Your Device (100% Private)

The following information is stored exclusively on your device using an encrypted local database (Realm) and is NEVER transmitted anywhere:

• Subscription Information: Service names, costs, billing cycles, renewal dates, categories, notes
• Financial Data: Amounts, currencies, exchange rates, payment methods
• Categories: Default and custom categories with icons and colors
• Settings: Display currency preferences, theme settings (light/dark), language preferences
• Biometric Settings: App lock preferences (biometric data itself is managed by your device's secure enclave)
• Notification Preferences: Reminder settings for subscription renewals
• Exchange Rates: Manually configured currency conversion rates

We cannot access this data. It never leaves your device. There is no cloud sync.

2. Data We DO NOT Collect

• ❌ NO user accounts or personal information
• ❌ NO email addresses or phone numbers
• ❌ NO location data
• ❌ NO usage analytics or tracking
• ❌ NO crash reports or error logging
• ❌ NO browsing history or app usage patterns
• ❌ NO device identifiers (beyond what's required for ads)
• ❌ NO social media integration or connections

3. Third-Party Service Data Collection (Not Collected by Us)

While WE don't collect any data, the following third-party service collects limited data for app functionality:

Google AdMob (Advertising):

• What it collects: Anonymous advertising identifier (AAID), device model, OS version, IP address (country/region level), ad interaction data (views, clicks)
• Purpose: To display banner and interstitial ads that support the free version of our app
• What it does NOT collect: Your subscription data, financial information, or any personal content
• Privacy Policy: Google AdMob Privacy Policy

Important Note: Unlike many apps, SubTrack does NOT use Firebase Analytics, Firebase Crashlytics, or any other tracking/analytics services. AdMob is the ONLY third-party service integrated.

How We Use Your Information

How Your Local Data is Used (On Your Device Only):

• Subscription Tracking: Display your subscriptions and calculate monthly totals
• Spending Analysis: Generate local charts and analytics from your data
• Renewal Reminders: Schedule local notifications for upcoming renewals
• Currency Conversion: Convert subscription costs to your preferred display currency
• Widgets: Display subscription information on your home screen (Android)
• Data Export: Generate CSV/JSON files for backup or portability

What We Do NOT Do:

• ❌ We do NOT see your subscription data
• ❌ We do NOT store your personal information
• ❌ We do NOT have any servers with your data
• ❌ We do NOT sell data to third parties
• ❌ We do NOT track your behavior or app usage
• ❌ We do NOT share data with advertisers (beyond anonymous AdMob data)
• ❌ We do NOT use your data for machine learning or AI training

Data Storage and Security

Local Storage

• Encrypted Database: All subscription and financial data is stored in an encrypted Realm database on your device
• Device Security: Data is protected by your device's built-in security (PIN, pattern, password)
• Biometric Lock: Optional app-level security using fingerprint or face recognition
• No Cloud Sync: Your data never syncs to the cloud or any external servers
• Offline First: The app works 100% offline without any internet connection (except for ads)

Security Measures

• Local Encryption: Realm database encryption protects your data at rest
• Biometric Authentication: Optional fingerprint/face unlock for additional security
• No Network Transmission: Your personal data never travels over the internet
• Secure Coding Practices: Code obfuscation and security best practices implemented

Third-Party Services

SubTrack uses the following third-party services:

Google Services

• Google AdMob - Advertisement delivery for free app monetization
• Google Play Services - Core Android functionality and app updates

Local Libraries (No Data Collection)

These libraries operate entirely on your device and collect no data:

• Realm Database: Local data storage (no cloud component)
• AndroidX Biometric: Device biometric authentication (fingerprint/face unlock)
• Jetpack Compose: Modern UI toolkit for Android
• Material Design Components: UI components following Google's design guidelines
• Kotlin Coroutines: Asynchronous programming framework
• Kotlinx DateTime: Date and time calculations
• WorkManager: Background task scheduling for local notifications
• Glance: Android home screen widgets
• Koin: Dependency injection framework

Important: Only Google AdMob collects data. All other libraries operate locally with zero data collection.

Data Sharing and Disclosure

What We Share: NOTHING

• ❌ We do NOT share your subscription data (we can't access it)
• ❌ We do NOT sell any data to third parties
• ❌ We do NOT provide data to law enforcement (we have no data to provide)
• ❌ We do NOT share data with marketing companies
• ❌ We do NOT transfer data internationally (there's nothing to transfer)

Third-Party Data Processing:

• AdMob: Processes anonymous advertising data according to Google's Privacy Policy

App Permissions and Their Purpose

SubTrack requests the following Android permissions:

Required Permissions:

• INTERNET: Required for displaying Google AdMob advertisements only (your subscription data never uses internet)
• POST_NOTIFICATIONS: To send local renewal reminder notifications that you schedule

Optional Permissions:

• USE_BIOMETRIC: For fingerprint/face unlock if you enable app lock feature

What We DON'T Request:

• ❌ Location access (we don't track where you are)
• ❌ Camera access (we don't scan receipts or documents)
• ❌ Contact access (we don't access your contacts)
• ❌ Storage access (beyond standard app data storage)
• ❌ SMS access (we don't read your messages)
• ❌ Phone access (we don't make or monitor calls)
• ❌ Calendar access (we don't access your calendar)
• ❌ Microphone access (we don't record audio)

Your Rights and Choices

Data Control (100% Under Your Control)

• View All Data: All your data is visible in the app interface
• Edit Anytime: Modify any subscription or setting at any time
• Delete Individual Items: Delete specific subscriptions or categories
• Export Data: Export all data in CSV or JSON format for backup
• Import Data: Import previously exported data
• Complete Deletion: Uninstall the app to remove all local data

Advertising Choices

• Personalized Ads: You can opt-out of personalized ads through:
• Android Settings → Google → Ads → Opt out of Ads Personalization
• Visit: Google Ad Settings
• Note: Generic (non-personalized) ads will still be shown to support the free app

Notification Control

• In-App: Settings → Notifications to configure renewal reminders
• System Level: Android Settings → Apps → SubTrack → Notifications

Data Retention

Local Data (Stored on Your Device)

• Subscription Data: Retained indefinitely on your device until you manually delete it
• Settings and Preferences: Retained until you reset app settings or uninstall
• Exchange Rates: Retained until you update or delete them
• Categories: Retained until you delete them

Third-Party Service Data

• AdMob Advertising Data: Retained according to Google AdMob's data retention policies (typically 13-24 months)

Data Deletion

• Immediate Deletion: Local data is deleted immediately when you use the app's delete functions
• App Uninstall: All local data is permanently deleted when you uninstall the app
• No Residual Data: Since we have no servers, there's no residual data to delete

Children's Privacy (COPPA Compliance)

SubTrack is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Why SubTrack is Safe:

• No account creation or registration required
• All data stored locally on device (no transmission to servers)
• No social features or communication capabilities
• No data collection beyond anonymous advertising data

For Parents and Guardians:

• If your child has used this app, simply uninstall it from their device to remove all local data
• Contact us at appkadag@gmail.com with any concerns
• Since we collect no personal data, there is no child data for us to delete from our servers

International Data Transfers

Simple Answer: Your subscription data never leaves your device, so there are no international transfers.

AdMob Data Processing:

• Google operates data centers worldwide and may process anonymous advertising data in various countries
• Google complies with GDPR, Privacy Shield successor frameworks, and international privacy laws
• Only anonymous advertising data (not your subscription data) may be transferred

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Effective Date" at the top of this policy
• Showing an in-app notification for significant changes
• Requiring your consent for material changes that affect your rights

Continued use of the app after changes constitutes acceptance of the updated policy.

Your Consent

By using SubTrack: Subscription Tracker, you consent to:

• The local storage of your subscription data on your device
• The display of advertisements through Google AdMob
• Google AdMob's collection of anonymous advertising data

Legal Basis for Processing (GDPR - EU Users)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for processing under GDPR includes:

• Contract Performance (Article 6(1)(b)): To provide core app functionality including subscription tracking, analytics, and reminders
• Consent (Article 6(1)(a)): For advertising data collection through AdMob
• Legitimate Interests (Article 6(1)(f)): For app security and functionality (where not overridden by your privacy rights)

Your GDPR Rights

• Right of Access: All your data is visible in the app interface
• Right to Rectification: Edit any information in the app at any time
• Right to Erasure: Delete your data by uninstalling the app
• Right to Data Portability: Export your data in CSV/JSON format
• Right to Object: Opt-out of personalized advertising
• Right to Lodge a Complaint: File a complaint with your local Data Protection Authority

California Privacy Rights (CCPA/CPRA)

If you are a California resident, under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the right to:

• Know: We collect NO personal information. Only AdMob collects anonymous advertising data.
• Delete: Uninstall the app to delete all local data immediately
• Opt-Out: Opt-out of personalized ads through Google Ad Settings (we do not sell your data)
• Non-Discrimination: We do not discriminate based on privacy choices

Categories of Information (CCPA)

The only data collected is by AdMob:

• Identifiers: Anonymous advertising ID (AAID)
• Internet Activity: Ad interaction data (views, clicks)
• Geolocation: General location (country/region level only, derived from IP)

Other Regional Privacy Rights

Brazil (LGPD)

Brazilian users have rights under Lei Geral de Proteção de Dados (LGPD) including access, rectification, deletion, and data portability. Since all data is local, you have complete control.

Canada (PIPEDA)

Canadian users have rights under Personal Information Protection and Electronic Documents Act (PIPEDA) including access and correction of personal information.

Australia (Privacy Act)

Australian users have rights under the Privacy Act 1988 including access and correction of personal information.

Security Measures

• Local Data Encryption: All subscription data is stored in an encrypted Realm database
• Biometric Authentication: Optional fingerprint or face unlock for app access
• No Network Transmission: Your data never travels over the network
• Code Obfuscation: App code is obfuscated to prevent reverse engineering
• Regular Security Updates: Frequent app updates to address security vulnerabilities
• Offline First Design: App works without internet connection, reducing attack surface

Why Data Breaches Don't Apply to Us

Device Security Best Practices:

• Use a strong device lock (PIN, pattern, password, biometric)
• Enable device encryption (enabled by default on modern Android devices)
• Keep your device OS updated with latest security patches
• Enable SubTrack's optional biometric lock for additional protection
• Regularly backup your data using the export feature

Data Backup and Export

Export Options

• CSV Export: Export all subscriptions in CSV format for spreadsheet applications
• JSON Export: Export complete app data in JSON format for backup
• Manual Backup: Save exported files to your device or cloud storage of your choice

Android Backup

• System Backup: Your device may include app data in automatic backups (encrypted)
• User Control: You control whether app data is included in device backups
• No Cloud Control: We have no access to or control over your device backups

Compliance

This privacy policy complies with:

• GDPR (General Data Protection Regulation) - European Union
• CCPA (California Consumer Privacy Act) - California, USA
• CPRA (California Privacy Rights Act) - California, USA
• COPPA (Children's Online Privacy Protection Act) - No data from children under 13
• LGPD (Lei Geral de Proteção de Dados) - Brazil
• PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
• Privacy Act 1988 - Australia
• UK Data Protection Act 2018 - United Kingdom
• Google Play Store Privacy Policy Requirements

Summary - Your Privacy at a Glance

© 2024 SubTrack: Subscription Tracker. All rights reserved.
Last updated: December 16, 2024