SubTracks

Privacy Notice

Last updated: May 14, 2026

This Privacy Notice explains how Mohammed Moshii, operating SubTracks ("SubTracks", "we", "us"), collects, uses, and shares personal data when you use the Service. We act as the data controller for personal data described below.

1. Data We Collect

  • Account data: name, email address, login identifiers.
  • Connected inbox data: when you connect Gmail, we read message metadata and the contents of receipt-like emails to identify subscriptions and charges. We do not read unrelated personal email.
  • Subscription & usage data: subscriptions you track, settings, preferences, support messages.
  • Technical data: device identifiers, browser type, IP address, log data, telemetry.
  • Billing data: collected by Paddle (see section 4); we receive limited information such as plan, country, and subscription status.

2. Purposes

  • Creating and securing your account.
  • Providing the Service: parsing receipts, surfacing subscriptions, sending reminders, and producing forecasts.
  • Customer support and communication.
  • Improving and securing the product, including fraud and abuse prevention.
  • Complying with legal obligations.

3. Legal Basis

We process personal data based on (a) performance of our contract with you, (b) our legitimate interests in operating, securing, and improving the Service, (c) your consent where required (for example connecting your Gmail inbox), and (d) compliance with legal obligations.

4. Sharing Your Data

We share data with the following categories of recipients:

  • Service providers / sub-processors: cloud hosting, database, authentication, analytics, and email delivery providers acting on our instructions.
  • Merchant of Record (Paddle): Paddle.com is the Merchant of Record for our orders and handles payments, subscription management, tax compliance, invoicing, and refunds. See the Paddle Privacy Policy.
  • AI providers: anonymized receipt content is sent to model providers solely to classify subscriptions.
  • Professional advisers (e.g. legal, accounting) where necessary.
  • Authorities where required by law.

5. International Transfers

Some recipients may process data outside your country. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Retention

We retain personal data only for as long as needed for the purposes described above, to comply with legal obligations, or to resolve disputes. When no longer required, data is deleted or anonymized. You can request deletion of your account at any time.

7. Your Rights

Subject to applicable law, you have the right to access, rectify, delete, restrict, or port your personal data, to object to processing, to withdraw consent, and to lodge a complaint with your supervisory authority. We will respond to verified requests within one month.

8. Security

We use appropriate technical and organisational measures, including encryption in transit, access controls, and least-privilege practices, to protect personal data against unauthorised access, loss, or alteration.

9. Cookies

We use strictly necessary cookies to keep you signed in and secure the Service. We may also use limited analytics cookies to understand product usage. You can manage cookies in your browser settings.

10. Children

The Service is not directed to children under the age required by your local law. We do not knowingly collect personal data from such children.

11. Contact

For privacy questions or to exercise your rights, contact Mohammed Moshii via subtracks.org. For payment-related privacy questions, contact Paddle at paddle.net.