SubTracker Privacy Policy
Last updated: April 21, 2026
Last updated: April 21, 2026
SubTracker ("we", "our", "the app") is a privacy-first Android app that helps you track and cancel wasted subscriptions to save money. This policy explains what data the app handles, how it handles it, and your rights.
Summary: SubTracker stores all your subscription data locally on your device. We do not operate servers, we do not link to your bank, we do not require an account, and we do not use analytics or tracking SDKs. The only external services contacted are optional or user-initiated and are described below.
1. Data We Handle
Subscription entries: The name, amount, billing cycle, category, next payment date, reminder settings, usage frequency, trial dates, notes, and cancellation status you add are stored locally on your device in a private SQLite database (Room).
App preferences: Your currency selection, default reminder days, premium unlock status, onboarding-complete flag, lifetime savings counter, and optional OpenAI API key are stored locally using Android DataStore.
CSV exports: When you tap Export, a CSV file of your subscriptions is generated locally and shared via Android's share sheet to the destination you choose (email, Drive, etc.). We do not retain a copy.
2. Data We Do NOT Collect
- We do not ask for your name, email address, phone number, or any account registration
- We do not link to or access your bank or credit card accounts
- We do not track your location
- We do not collect device identifiers for advertising
- We do not use analytics SDKs, crash-reporting SDKs, or tracking pixels
- We do not operate servers that store your subscription data
- We do not sell or share any data with third parties
3. Third-Party Services
The app communicates with three external services, each only for a specific, user-initiated purpose:
Google Play Billing: If you purchase the one-time Pro unlock, Google Play handles the transaction directly. The app only receives a purchase-verified signal from Google Play. Your payment details are never handled by SubTracker. Google's privacy policy applies to the billing transaction.
OpenAI API (optional, opt-in): If you enter your own OpenAI API key in Settings and request AI insights, your active subscription list (name, amount, billing cycle, category, usage frequency, and similar metadata) is sent directly from your device to OpenAI's chat completions endpoint (https://api.openai.com/v1/chat/completions) using your own key. SubTracker never sees this data — it is transmitted device-to-OpenAI with no intermediary server. Your key stays on your device. OpenAI's privacy policy applies to that request. If you do not enter a key, AI features fall back to the fully offline local rule engine and no data leaves your device for insights.
Google Favicon Service (for brand logos): When you add a preset subscription (Netflix, Spotify, etc.), the app loads a small logo image from Google's public favicon endpoint (https://www.google.com/s2/favicons). Only the service's public website domain is used in this request — no personal data is sent.
4. Data Storage
All app data lives on your Android device in one of these places:
- A private SQLite database (subtracker_database) for your subscriptions
- Android DataStore files for preferences and your lifetime-savings counter
- Android SharedPreferences for the onboarding-complete flag and signing-related flags
All of these are private to the SubTracker app and not accessible to other apps.
5. Data Security
- All external network communication uses HTTPS/TLS
- Your OpenAI API key is stored in the app's private storage accessible only to SubTracker on your device
- Release builds are minified with R8 code obfuscation
- The app does not log or transmit your subscription data to any analytics endpoint
6. Permissions
SubTracker requests the following Android permissions:
- Internet: needed for Google Play Billing, optional OpenAI requests, and loading brand logos
- Post notifications: needed to show local payment reminders you configure
- Receive boot completed: needed to reschedule your local reminder jobs after the device reboots
All reminders are generated locally by Android's WorkManager — no push-notification service is used.
7. Your Rights
- Delete all your data: uninstalling the app removes the database and all preferences stored on your device
- Export your data: use the CSV export in Settings to take a copy of your data with you
- Disable the AI feature: remove your OpenAI API key from Settings at any time — the app reverts to the offline local rule engine
- Turn off reminders: disable reminders per subscription, or revoke notification permission system-wide
. Children's Privacy
This app is not intended for use by children under 13. We do not knowingly collect data from children. If you are a parent and believe your child has used the app, uninstalling the app removes all local data.
9. International Data Transfers
If you choose to use the optional AI feature with your own OpenAI API key, your subscription metadata will be transmitted to OpenAI, whose servers are primarily located in the United States. By entering your key and requesting AI insights, you consent to that transfer. This is the only circumstance under which your data leaves your device.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be reflected in the "Last updated" date above. Continued use of the app after an update constitutes acceptance of the revised policy.
11. Contact
For questions about this privacy policy or the app, contact us at:
**opticora.support@gmail.com**