Last updated: 25 June 2026
This Privacy Policy explains how Techtenstein Services Private Limited (“we”, “us”) handles information in the SubVault mobile application (the “App”). SubVault is a privacy-first subscription tracker: your subscription data is stored on your device and is not uploaded to us. We do not operate accounts or servers that hold your subscription data.
No account. You don’t sign up. Your subscriptions, budgets, notes and savings live in a local database on your phone.
On-device detection. Optional email and screenshot scanning happens entirely on your device. Email contents are not sent to us or to any third party for this purpose.
Limited third-party processing. If you use the free (ad-supported) version, Google AdMob serves ads. We use Google Firebase Crashlytics for crash diagnostics and Remote Config for feature flags. These are described below.
We never sell your personal information.
Subscriptions, prices, billing cycles, renewal dates, categories, tags, payment methods, budgets, savings goals, cancellation records and reminders you create or import.
App settings (currency, reminder times, app-lock preference, etc.).
This data remains on your device. Deleting the App, or using “Clear data” in Settings, removes it.
Feature
What it accesses
Where it’s processed
Email receipt scan (Gmail / Outlook)
Read-only access to your mailbox via Google or Microsoft sign-in (gmail.readonly / Mail.Read), used only to find subscription receipts.
On your device. Email content is parsed locally and is not transmitted to us. Access tokens are kept in your device’s secure storage. You can revoke access at any time in your Google/Microsoft account settings.
Receipt screenshot import (OCR)
An image you choose from your photos/camera.
On your device, using Google ML Kit on-device text recognition. The image is not uploaded.
Notification-based detection (Android, opt-in)
Text of incoming notifications (e.g. payment alerts), if you grant notification access.
On your device. Only text that looks like a subscription charge is processed; nothing is uploaded.
Reminders
Local notifications scheduled on your device.
On your device. We do not send push notifications from a server.
To keep the App free and reliable, the following Google/Apple/Samsung services may process limited data according to their own privacy policies:
Advertising (Google AdMob) — in the free version, AdMob and its partners may collect device identifiers and ad-interaction data to show and measure ads. In the EEA/UK we present a Google-certified consent (UMP) form; on iOS we request App Tracking Transparency permission before any tracking. You can buy the one-time Pro upgrade to remove ads. See Google’s policies: google.com/policies (ads).
Crash diagnostics (Firebase Crashlytics) — when the App crashes, diagnostic data (device model, OS version, stack trace, and a random installation identifier) is sent to Google to help us fix bugs. It does not include your subscription data.
Remote Config — the App fetches a small set of feature flags from Firebase.
Analytics — the Firebase Analytics SDK is included. We keep product analytics disabled by default; if enabled in a future version we will update this policy.
In-app purchases — the one-time Pro upgrade is processed by Google Play Billing or the Samsung Galaxy Store. We do not receive your card or payment details.
Notifications — to remind you before renewals and trial endings.
Camera / Photos — only when you import a receipt screenshot for OCR.
Google / Microsoft sign-in — only when you enable email scanning.
Notification access (Android) — only if you opt in to notification-based detection.
Biometric / device credential — only if you enable the app lock.
On-device data is used solely to provide the App’s features (tracking, reminders, insights, savings, backup). Third-party data described in Section 4 is used to display ads, diagnose crashes, configure features and process purchases. We do not use your data for profiling unrelated to these purposes, and we do not sell it.
On-device data is retained until you delete it (“Clear data”) or uninstall the App. You can revoke email access at any time via your Google/Microsoft account. Crash and ad data retention is governed by Google’s policies.
Depending on your location (including under the GDPR and CCPA/CPRA), you may have rights to access, correct, or delete personal data and to opt out of certain processing. Because your subscription data is stored only on your device, you control it directly. For ad and crash data held by Google, use Google’s account and ad-settings controls. To exercise any right or ask a question, contact us at the address below.
SubVault is not directed to children and is not intended for users under the age required by your jurisdiction (e.g. 13 in the US, 16 in parts of the EEA).
The third-party services in Section 4 (Google, Apple, Samsung) may process data in countries other than yours, under their respective safeguards.
Local backups can be AES-encrypted with a password you choose; OAuth tokens are held in the platform’s secure storage. No method of storage is 100% secure, but we design the App to keep your data on your device by default.
We may update this policy. Material changes will be reflected by updating the “Last updated” date and, where appropriate, an in-app notice.
Techtenstein Services Private Limited
Email: contact@techtenstein.com
This document is provided as a starting point and does not constitute legal advice. Please have it reviewed by a qualified professional for your jurisdiction before publishing.