SubSplit
Back to home

Privacy Policy

SubSplit ("we", "us", or "our") built the SubSplit app as a commercial service. This Privacy Policy explains how we collect, use, and protect your information when you use SubSplit.

Last updated: May 7, 2026

1. Information We Collect

When you create an account or sign in, we collect your email address, name, and, if you use Google Sign-In, your Google profile picture URL. These are used for account identity and in-app display.

We store subscription information you add or approve, including service names, costs, billing cycles, renewal dates, categories, preferred display currency, and multi-currency conversion preferences.

Gmail Scan is optional. If you choose to use it, we request read-only access to detect subscription-related emails. Gmail access tokens are short-lived, encrypted, stored only for the scan job, and deleted after the scan completes. Email body text is processed server-side and is not stored in our database.

  • Subscription evidence extracted from Gmail may be saved as candidates for your review.
  • You can revoke Gmail access from Google Account Permissions.
  • Gmail Scan is opt-in and launched only from the app. It does not run silently in the background.
  • Split Bills may request device contacts for local friend selection; contacts are not transmitted to our servers.
  • If you enable notifications, we store a Firebase Cloud Messaging token for renewal reminders and scan-completion alerts.

We also collect limited technical data needed to operate the service, such as device network state, app version, platform, and server-side error logs. Logs do not contain Gmail body text.

2. How We Use Your Information

DataPurpose
Email, name, avatarAccount identity and in-app display
Subscription dataTracking subscriptions, metrics, and renewal reminders
Gmail scan resultsImporting subscription candidates with your approval
FCM tokenPush notifications for renewals and scan completion
Device contactsFriend selection in Split Bills, locally on device
Technical logsBug fixes, performance monitoring, and abuse prevention

We do not use your data for advertising, sell it to third parties, or share it for marketing purposes.

3. Third-Party Services

SubSplit uses third-party processors to provide authentication, storage, notifications, logos, currency conversion, and optional AI analysis for Gmail Scan.

ServicePurpose
SupabaseDatabase, authentication, and backend functions
Google Sign-In / OAuthAuthentication
Gmail APIOptional inbox scan for subscriptions
Firebase Cloud MessagingPush notifications
BrandfetchSubscription brand logos and icons
OpenAIAI analysis of subscription candidates
NVIDIA / NIMFallback AI analysis for Gmail Scan
OCR.spaceOptional attachment text extraction
Exchange Rate APICurrency conversion rates

4. Google API Services Limited Use Disclosure

SubSplit's use of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements.

  • Gmail data is used only to detect and import your subscriptions into SubSplit.
  • Gmail data is not used for advertising, profiling, or shared with third parties outside the processors listed in this policy.
  • SubSplit does not allow humans to read your Gmail data unless required by law or you explicitly request support and consent.

5. Data Retention

DataRetention
Account and subscription dataRetained while your account is active
Gmail scan tokensDeleted immediately after each scan job completes
Gmail scan evidence logsAggregated counters only; no email content retained
FCM device tokensRetained until notifications are disabled or your account is deleted
Deleted account dataPermanently purged from our database upon account deletion

When you delete your account, subscription data, scan candidates, pending operations, FCM tokens, and local app caches are removed or cleared according to the app's account deletion flow.

6. Data Security

  • Data in transit is protected by TLS/HTTPS.
  • Supabase Row-Level Security policies ensure users can access only their own data.
  • Gmail tokens are encrypted at rest in a private schema inaccessible to the application layer.
  • Optional biometric app lock is available in Privacy & Security settings.
  • Authentication uses short-lived JWTs; expired or revoked sessions are rejected server-side.
  • Account deletion is rate-limited and session-bound.

7. Your Rights and Choices

  • Access your subscription data inside the app.
  • Delete your account and associated data from Settings, Privacy & Security, Delete Account.
  • Revoke Gmail access from Google Account Permissions.
  • Disable notifications from SubSplit Notification Settings or your device settings.
  • Request data access or export by contacting us.

If you are in the European Economic Area, United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or CCPA. Contact us to exercise those rights.

8. Children's Privacy

SubSplit is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us so we can remove it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app or emailing the address on your account. The Last updated date reflects the most recent revision.

10. Contact Us

For privacy questions, data requests, or to exercise your rights, contact us at hello@subsplit.app.

SubSplit is not affiliated with any subscription services it tracks. Brand logos are provided by Brandfetch and belong to their respective owners.

Home · Blog · Privacy · Terms