Privacy Policy for SubTrack: Subscription Tracker

Effective Date: December 16, 2024

Introduction

Welcome to SubTrack: Subscription Tracker ("we", "our", or "the App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

Information We Collect

1. Data Stored Locally on Your Device (100% Private)

The following information is stored exclusively on your device using an encrypted local database (Realm) and is NEVER transmitted anywhere:

• Subscription Information: Service names, costs, billing cycles, renewal dates, categories, notes
• Financial Data: Amounts, currencies, exchange rates, payment methods
• Categories: Default and custom categories with icons and colors
• Settings: Display currency preferences, theme settings (light/dark), language preferences
• Biometric Settings: Face ID/Touch ID preferences (biometric data itself is managed by iOS secure enclave)
• Notification Preferences: Reminder settings for subscription renewals
• Exchange Rates: Manually configured currency conversion rates
• Widget Data: Information displayed on iOS home screen widgets

We cannot access this data. It never leaves your device. There is no iCloud sync or cloud storage.

2. Data We DO NOT Collect

• ❌ NO user accounts or personal information
• ❌ NO email addresses or phone numbers
• ❌ NO location data
• ❌ NO usage analytics or tracking
• ❌ NO crash reports or error logging
• ❌ NO browsing history or app usage patterns
• ❌ NO device identifiers (beyond what's required for ads)
• ❌ NO social media integration or connections
• ❌ NO iCloud data or Apple ID information

3. Third-Party Service Data Collection (Not Collected by Us)

While WE don't collect any data, the following third-party service collects limited data for app functionality:

Google AdMob (Advertising):

• What it collects: Anonymous advertising identifier (IDFA - if you allow tracking), device model, iOS version, IP address (country/region level), ad interaction data (views, clicks)
• Purpose: To display banner and interstitial ads that support the free version of our app
• What it does NOT collect: Your subscription data, financial information, or any personal content
• Privacy Policy: Google AdMob Privacy Policy
• iOS 14+ Tracking: AdMob will only access your IDFA if you grant tracking permission via Apple's App Tracking Transparency (ATT) prompt. You can deny this without affecting core app functionality.

Important Note: Unlike many apps, SubTrack does NOT use Firebase Analytics, Firebase Crashlytics, or any other tracking/analytics services. AdMob is the ONLY third-party service integrated.

How We Use Your Information

How Your Local Data is Used (On Your Device Only):

• Subscription Tracking: Display your subscriptions and calculate monthly totals
• Spending Analysis: Generate local charts and analytics from your data
• Renewal Reminders: Schedule local notifications for upcoming renewals
• Currency Conversion: Convert subscription costs to your preferred display currency
• Widgets: Display subscription information on your iOS home screen
• Data Export: Generate CSV/JSON files for backup or portability
• Siri Shortcuts: Create Siri shortcuts to quickly access app features (all data stays local)

What We Do NOT Do:

• ❌ We do NOT see your subscription data
• ❌ We do NOT store your personal information
• ❌ We do NOT have any servers with your data
• ❌ We do NOT sell data to third parties
• ❌ We do NOT track your behavior or app usage
• ❌ We do NOT share data with advertisers (beyond anonymous AdMob data)
• ❌ We do NOT use your data for machine learning or AI training
• ❌ We do NOT sync with iCloud or any cloud service

Data Storage and Security

Local Storage

• Encrypted Database: All subscription and financial data is stored in an encrypted Realm database on your device
• iOS Security: Data is protected by iOS built-in security (passcode, Face ID, Touch ID)
• App-Level Biometric Lock: Optional Face ID/Touch ID authentication for additional app security
• iOS Keychain: Sensitive app settings stored in iOS Keychain (encrypted and secure)
• No Cloud Sync: Your data never syncs to iCloud or any external servers
• Offline First: The app works 100% offline without any internet connection (except for ads)

Security Measures

• Local Encryption: Realm database encryption protects your data at rest
• Face ID / Touch ID: Optional biometric authentication for app access
• iOS Secure Enclave: Biometric data is stored in iOS secure enclave, never accessible to apps
• No Network Transmission: Your personal data never travels over the internet
• App Transport Security: All network requests use secure HTTPS connections
• Code Signing: App is code-signed by Apple, ensuring authenticity

Third-Party Services

SubTrack uses the following third-party services:

Google Services

• Google AdMob - Advertisement delivery for free app monetization

Apple Services

• iOS Notifications: Local notification scheduling (no data sent to Apple)
• WidgetKit: iOS home screen widgets (all data local)
• App Store: App distribution and updates
• StoreKit: For future in-app purchases (if implemented)

Local Libraries (No Data Collection)

These libraries operate entirely on your device and collect no data:

• Realm Database: Local data storage (no cloud component)
• SwiftUI: Modern UI framework for iOS
• Combine: Reactive programming framework (local only)
• LocalAuthentication: Face ID / Touch ID authentication framework
• Kotlinx DateTime: Date and time calculations (shared code)

Important: Only Google AdMob collects data. All other libraries and frameworks operate locally with zero data collection.

Data Sharing and Disclosure

What We Share: NOTHING

• ❌ We do NOT share your subscription data (we can't access it)
• ❌ We do NOT sell any data to third parties
• ❌ We do NOT provide data to law enforcement (we have no data to provide)
• ❌ We do NOT share data with marketing companies
• ❌ We do NOT transfer data internationally (there's nothing to transfer)
• ❌ We do NOT share data with Apple (beyond standard App Store analytics)

Third-Party Data Processing:

• AdMob: Processes anonymous advertising data according to Google's Privacy Policy
• Apple: May collect anonymous App Store analytics (downloads, crashes) - managed by Apple, not us

iOS-Specific Privacy Features

App Tracking Transparency (iOS 14+)

Starting with iOS 14, Apple requires apps to request permission before tracking you across other apps and websites:

• What We Track: NOTHING. We don't track you at all.
• AdMob Tracking: If you grant tracking permission, AdMob may use your IDFA for personalized ads
• Your Choice: You can deny tracking permission and the app will work perfectly (ads will be generic)
• Change Anytime: Settings → Privacy & Security → Tracking → SubTrack

Privacy Nutrition Labels (App Store)

Our App Store privacy label accurately reflects:

• Data Not Collected: We collect ZERO data linked to you
• Data Used to Track You: Only if you grant AdMob tracking permission
• Data Not Linked to You: Anonymous advertising data (if tracking denied)

Face ID / Touch ID

• Biometric authentication is optional and managed entirely by iOS
• Your Face ID/Touch ID data never leaves your device's secure enclave
• We never see or access your biometric data
• You can enable/disable in Settings → Security

App Permissions and Their Purpose

SubTrack requests the following iOS permissions:

Optional Permissions (You Control When Prompted):

• Notifications: To send local renewal reminder notifications that you schedule (no data sent to servers)
• Face ID / Touch ID: For biometric authentication if you enable app lock feature
• Tracking (iOS 14+): For personalized ads through AdMob (you can deny without affecting app functionality)

What We DON'T Request:

• ❌ Location access (we don't track where you are)
• ❌ Camera access (we don't scan receipts or documents)
• ❌ Contacts access (we don't access your contacts)
• ❌ Photos access (we don't access your photo library)
• ❌ Microphone access (we don't record audio)
• ❌ Calendar access (we don't access your calendar)
• ❌ Reminders access (we use local notifications instead)
• ❌ Health data access
• ❌ HomeKit access
• ❌ Motion & Fitness access

Your Rights and Choices

Data Control (100% Under Your Control)

• View All Data: All your data is visible in the app interface
• Edit Anytime: Modify any subscription or setting at any time
• Delete Individual Items: Delete specific subscriptions or categories
• Export Data: Export all data in CSV or JSON format for backup
• Import Data: Import previously exported data
• Complete Deletion: Uninstall the app to remove all local data

Advertising Choices

• Deny Tracking: When prompted by App Tracking Transparency, tap "Ask App Not to Track"
• Limit Ad Tracking: iOS Settings → Privacy & Security → Tracking → Toggle off "Allow Apps to Request to Track"
• Reset Advertising ID: iOS Settings → Privacy & Security → Apple Advertising → Reset Advertising Identifier
• Google Ad Settings: Visit Google Ad Settings
• Note: Generic (non-personalized) ads will still be shown to support the free app

Notification Control

• In-App: Settings → Notifications to configure renewal reminders
• System Level: iOS Settings → SubTrack → Notifications
• Per-Subscription: Set reminders individually for each subscription

Data Retention

Local Data (Stored on Your Device)

• Subscription Data: Retained indefinitely on your device until you manually delete it
• Settings and Preferences: Retained until you reset app settings or uninstall
• Exchange Rates: Retained until you update or delete them
• Categories: Retained until you delete them
• Widget Data: Updated in real-time from your subscription data

Third-Party Service Data

• AdMob Advertising Data: Retained according to Google AdMob's data retention policies (typically 13-24 months)
• Apple App Store Analytics: Managed by Apple according to their privacy policy

Data Deletion

• Immediate Deletion: Local data is deleted immediately when you use the app's delete functions
• App Uninstall: All local data is permanently deleted when you uninstall the app
• No Residual Data: Since we have no servers, there's no residual data to delete
• Reset Advertising ID: You can reset your IDFA in iOS Settings

Children's Privacy (COPPA Compliance)

SubTrack is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Why SubTrack is Safe:

• No account creation or registration required
• All data stored locally on device (no transmission to servers)
• No social features or communication capabilities
• No data collection beyond anonymous advertising data
• Complies with Apple's App Store guidelines for child safety

For Parents and Guardians:

• If your child has used this app, simply uninstall it from their device to remove all local data
• Use iOS Screen Time to restrict app installation and usage
• Contact us at appkadag@gmail.com with any concerns
• Since we collect no personal data, there is no child data for us to delete from our servers

International Data Transfers

Simple Answer: Your subscription data never leaves your device, so there are no international transfers.

AdMob Data Processing:

• Google operates data centers worldwide and may process anonymous advertising data in various countries
• Google complies with GDPR, Privacy Shield successor frameworks, and international privacy laws
• Only anonymous advertising data (not your subscription data) may be transferred

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Effective Date" at the top of this policy
• Showing an in-app notification for significant changes
• Requiring your consent for material changes that affect your rights

Continued use of the app after changes constitutes acceptance of the updated policy.

Your Consent

By using SubTrack: Subscription Tracker, you consent to:

• The local storage of your subscription data on your device
• The display of advertisements through Google AdMob
• Google AdMob's collection of anonymous advertising data (if you grant tracking permission)

Legal Basis for Processing (GDPR - EU Users)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for processing under GDPR includes:

• Contract Performance (Article 6(1)(b)): To provide core app functionality including subscription tracking, analytics, and reminders
• Consent (Article 6(1)(a)): For advertising data collection through AdMob (via App Tracking Transparency)
• Legitimate Interests (Article 6(1)(f)): For app security and functionality (where not overridden by your privacy rights)

Your GDPR Rights

• Right of Access: All your data is visible in the app interface
• Right to Rectification: Edit any information in the app at any time
• Right to Erasure: Delete your data by uninstalling the app
• Right to Data Portability: Export your data in CSV/JSON format
• Right to Object: Deny tracking via App Tracking Transparency
• Right to Lodge a Complaint: File a complaint with your local Data Protection Authority

California Privacy Rights (CCPA/CPRA)

If you are a California resident, under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the right to:

• Know: We collect NO personal information. Only AdMob collects anonymous advertising data.
• Delete: Uninstall the app to delete all local data immediately
• Opt-Out: Deny tracking via App Tracking Transparency (we do not sell your data)
• Non-Discrimination: We do not discriminate based on privacy choices

Categories of Information (CCPA)

The only data collected is by AdMob (if you grant tracking permission):

• Identifiers: Anonymous advertising identifier (IDFA - only if tracking allowed)
• Internet Activity: Ad interaction data (views, clicks)
• Geolocation: General location (country/region level only, derived from IP)

Other Regional Privacy Rights

Brazil (LGPD)

Brazilian users have rights under Lei Geral de Proteção de Dados (LGPD) including access, rectification, deletion, and data portability. Since all data is local, you have complete control.

Canada (PIPEDA)

Canadian users have rights under Personal Information Protection and Electronic Documents Act (PIPEDA) including access and correction of personal information.

Australia (Privacy Act)

Australian users have rights under the Privacy Act 1988 including access and correction of personal information.

Security Measures

• Local Data Encryption: All subscription data is stored in an encrypted Realm database
• Face ID / Touch ID: Optional biometric authentication for app access
• iOS Secure Enclave: Biometric data protected by Apple's hardware security
• iOS Keychain: Sensitive settings stored in encrypted iOS Keychain
• No Network Transmission: Your data never travels over the network
• App Transport Security: All network requests use secure HTTPS
• Code Signing: App is code-signed and distributed through App Store only
• Regular Security Updates: Frequent app updates to address security vulnerabilities
• Offline First Design: App works without internet connection, reducing attack surface

Why Data Breaches Don't Apply to Us

Device Security Best Practices:

• Use a strong passcode or biometric authentication (Face ID/Touch ID)
• Keep iOS updated with latest security patches
• Enable SubTrack's optional biometric lock for additional protection
• Use iCloud Keychain for secure password management
• Enable Find My iPhone for remote device wipe if lost
• Regularly backup your data using the export feature

Data Backup and Export

Export Options

• CSV Export: Export all subscriptions in CSV format for spreadsheet applications
• JSON Export: Export complete app data in JSON format for backup
• Share via iOS Share Sheet: Save exported files to Files app, iCloud Drive, or other locations
• AirDrop: Transfer exported data to your Mac or other iOS devices

iOS Backup

• iCloud Backup: Your device may include app data in iCloud backups (encrypted)
• iTunes/Finder Backup: App data included in computer backups
• User Control: You control whether app data is included in iCloud backups (Settings → [Your Name] → iCloud → SubTrack)
• No Cloud Control: We have no access to or control over your iCloud backups

Compliance

This privacy policy complies with:

• GDPR (General Data Protection Regulation) - European Union
• CCPA (California Consumer Privacy Act) - California, USA
• CPRA (California Privacy Rights Act) - California, USA
• COPPA (Children's Online Privacy Protection Act) - No data from children under 13
• LGPD (Lei Geral de Proteção de Dados) - Brazil
• PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
• Privacy Act 1988 - Australia
• UK Data Protection Act 2018 - United Kingdom
• Apple App Store Privacy Requirements and Guidelines
• Apple App Tracking Transparency Framework (iOS 14+)

Summary - Your Privacy at a Glance

© 2024 SubTrack: Subscription Tracker. All rights reserved.
Last updated: December 16, 2024