Privacy Policy - SubDeck

Important Notice: SubDeck is developed and operated by an independent developer. We are committed to protecting your privacy with the same standards as larger organizations.

1. Overview

This privacy policy explains how SubDeck collects, uses, stores, and shares your data. We are committed to transparency and want you to fully understand how your information is handled.

2. Data We Collect

2.1 Browsing History Data (Local Processing Only)

SubDeck uses the browser's history permission to detect subscription services you may have visited. Here is exactly how we process this data:

Scan Range: We scan your browsing history from the past 180 days (6 months)
Maximum Records: Up to 2,000 history entries are scanned per session
Data Extracted: Only the domain name (hostname) of each URL is extracted for matching
Matching Process: Domains are compared against our built-in list of 30+ known subscription services
Data Retained: Only the names of detected services are kept; raw URLs and browsing history are NOT stored
Local Processing: All scanning happens entirely on your device; no browsing history is ever transmitted to any server

2.2 Subscription Data You Provide

When you add or manage subscriptions, we store the following information:

Subscription service name
Billing amount and currency
Billing cycle (monthly, yearly, etc.)
Next billing date
Custom notes or reminder text (encrypted if cloud sync is enabled)
Cost-sharing information (if applicable)

2.3 Account Information (Optional)

If you choose to create an account for cloud sync, we collect:

Email address
Password (stored as a secure hash, never in plain text)
Account creation timestamp

2.4 Settings and Preferences

We store your preferences including:

Default reminder days before billing
Preferred currency
Notification time preferences
Language preference
Auto-detect toggle status

3. Browser Permissions Explained

SubDeck requires the following browser permissions. Here is exactly why each permission is needed:

Permission	Purpose	Data Accessed
`history`	Scan browsing history to detect subscription services	Domain names only; raw URLs are not stored
`tabs`	Check current tab URL for contextual actions	Current tab URL only when extension is activated
`storage`	Store subscriptions and settings locally and sync via Chrome/Firefox account	Your subscription data and preferences
`alarms`	Schedule billing reminders and notifications	Scheduling data only; no personal data
`notifications`	Display desktop notifications for billing reminders	Notification content you configured
`downloads`	Export your subscription data as a backup file	File is created from your existing data only

4. How We Store Your Data

4.1 Local Storage (Default)

By default, all your data is stored locally on your device using the browser's storage.sync API. This means:

Data is stored in your browser's local storage
If you are signed into Chrome/Firefox with an account, this data may sync to your browser profile across devices via Google/Mozilla's sync service
We (SubDeck) do not have access to this locally stored data

Note: When using Chrome or Firefox with account sync enabled, your browser automatically syncs extension storage data through Google's or Mozilla's servers. This is a browser feature, not a SubDeck feature. Please refer to Google's Privacy Policy or Mozilla's Privacy Policy for details.

4.2 Cloud Sync via Supabase (Optional)

If you enable cloud sync by creating a SubDeck account:

Your subscription data is encrypted and stored in Supabase's cloud infrastructure
Sensitive data (like custom reminder text) is encrypted using AES-GCM encryption before being uploaded
Your encryption key is derived from your password using PBKDF2, meaning only you can decrypt your data
All data transmission uses HTTPS encryption
You can disable sync and delete your cloud data at any time

5. How We Share Your Data

SubDeck shares your data with third-party services only when you explicitly enable the corresponding features. Here is a complete list of all third-party services and what data they receive:

5.1 Cloud Storage & Authentication (When You Create an Account)

Service	Data Shared	Purpose
Supabase	Email, password hash, subscription data, settings, encrypted reminder text	Account authentication and cloud data storage

Supabase Privacy Policy →

5.2 Email Notifications (When You Enable Email Reminders)

Service	Data Shared	Purpose
Resend	Your email address, subscription name, billing amount, billing date	To send billing reminder emails

Resend Privacy Policy →

5.3 Messaging Integrations (When You Enable These Channels)

Service	Data Shared	Purpose
Telegram	Your Telegram Chat ID, subscription name, billing amount, billing date	To send billing reminders via Telegram
Discord	Your Discord Webhook URL, subscription name, billing amount, billing date	To send billing reminders via Discord

Telegram Privacy Policy → | Discord Privacy Policy →

5.4 Payment Processing (When You Purchase Pro)

Service	Data Shared	Purpose
Polar	Payment information (handled directly by Polar; SubDeck never sees your card details)	To process Pro subscription payments

Polar Privacy Policy →

We Do NOT:

Sell your data to any third party
Share your data for advertising or marketing purposes
Use your browsing history for any purpose other than detecting subscription services
Store your raw browsing history on any server
Access your data for any purpose other than providing the SubDeck service

6. Data Retention

Local Data: Remains on your device until you uninstall the extension or manually delete it
Cloud Data: Retained as long as your account is active. Deleted within 30 days upon account deletion request
Email Service Logs: Resend may retain email delivery logs according to their retention policy
Payment Records: Polar retains payment records as required by financial regulations

7. Your Rights

You have the right to:

Access: View all your data through the extension at any time
Export: Download your data in JSON format using the backup feature
Delete: Remove your data locally or request deletion of cloud data
Opt-out: Disable any optional features (cloud sync, notifications, etc.) at any time
Correction: Edit or update any of your subscription data

8. Children's Privacy

SubDeck is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes through the extension or on this website. The "Last Updated" date at the top of this page indicates when the policy was last revised.

10. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us at:

Email: admin@subdeck.cc

Support inquiries are typically responded to within 3-5 business days.