Privacy Policy

Effective Date: February 4, 2025

Last Updated: June 4, 2026

Changelog

June 4, 2026: extended section 8 to cover Sign in with Apple.

June 1, 2026: extended the policy to cover our Android mobile application, including crash reporting (Firebase Crashlytics) and push notifications (Firebase Cloud Messaging) — see section 9.

March 12, 2025: adjusted section 4 (Cookies & Tracking Technologies) to refer our new privacy-first analytics provider Simple Analytics.

March 4, 2025: adjusted section 8 to include Facebook data usage and compliance with Facebook policies.

March 2, 2025: added section 8 (Google User Data) to clarify data usage and compliance with Google policies.

1. Introduction

Welcome to SubCenter.io (“we,” “our,” or “us”). Your privacy is important to us, and we are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our website and our mobile applications (collectively, the “Services”).

2. What Data We Collect

We only collect data necessary to provide you with a secure and functional website. This includes:

Account Information: e.g., email address.
Authentication Cookies: essential for login and session management.
Security Tokens: to prevent fraud and unauthorized access.
Anonymous Analytics Data: collected via GDPR-compliant analytics, without tracking personal information.
Crash & Diagnostic Data (mobile app): if you use our mobile app, we collect crash reports and basic diagnostic information (such as device model, operating system version, and anonymized stack traces) to detect and fix stability issues. See section 9.
Push Notification Token (mobile app): a device-specific token used solely to deliver subscription reminders and account notifications you have enabled. See section 9.

We do not collect marketing or advertising data without your consent.

3. How We Use Your Data

✅ Authenticate and manage user logins.
✅ Maintain website security.
✅ Analyze website performance (using anonymous analytics).

We do not sell, share, or track your data for advertising purposes.

4. Cookies & Tracking Technologies

Essential Cookies (Do Not Require Consent)

These cookies are required for the website to function properly:

Cookie Type	Purpose	Expiration
Session Cookie	Keeps you logged in during your session	Expires when you log out
Security Cookie	Prevents unauthorized access and fraud	1 year

Privacy-Friendly Analytics (No Tracking Cookies)

We use Simple Analytics to analyze website performance. This service:

Does not use tracking cookies.
Does not collect personal data (e.g., no IP tracking or cross-site tracking).
Fully complies with GDPR, ePrivacy, and other data protection laws.

Analytics data is collected in an anonymized and aggregated format to understand general usage trends without identifying individual users.

5. Data Retention

Login-related data is retained as long as your account is active.
Anonymous analytics data is stored for 6 months.
Security logs are retained for up to 3 months for fraud prevention.
You may request account deletion at any time.

6. Your Rights (Under GDPR)

As a user, you have the right to:

Access your data.
Request correction or deletion.
Restrict processing (except for security purposes).
Lodge a complaint with a data protection authority.

To exercise your rights, contact us at connectwithus@subcenter.io.

7. Data Security

We implement strong security measures, including encryption and secure authentication, to protect your personal data.

8. Google, Apple & Facebook User Data

Our website and apps allow users to log in using Google, Apple, or Facebook. We access only the minimum required data in compliance with GDPR, Google API Services User Data Policy, Apple's Sign in with Apple requirements, and Facebook's Data Protection requirements.

8.1. Data We Access

When you log in via Google, Apple, or Facebook, we only collect your email address:

Email Address: Used for authentication and account creation.

If you sign in with Apple and choose “Hide My Email,” we receive an Apple-provided private relay address and use it exactly as we would any other email address.

8.2. How We Use Your Data

We use your email address only for:

Secure authentication and account login.
Sending essential service-related communications (e.g., subscription reminders).
Communication related to your account.
We do not use your email for marketing.

8.3. Data Storage & Security

We follow strict security practices to protect your login data:

Your email address is stored securely and is not disclosed to third parties.
Data is retained only as long as necessary for providing login functionality.

8.4. User Control & Revocation

You have full control over your Google, Apple, and Facebook login permissions:

You can disconnect your social login at any time via your account settings.
You can delete your account and associated email data by contacting us at [email protected].
You can review and revoke permissions through Google Permissions, Apple ID — Sign in with Apple, or Facebook App Settings.

8.5. Compliance with Google, Apple & Facebook Policies

We comply with all applicable policies:

We do not request additional profile data (e.g., name, friends, photos).
We do not share login data with external services.
We do not use social login data for advertising or tracking.

For more details, please review:

9. Mobile Application Data

Our Android mobile application uses Google Firebase services to operate reliably. These are the only additional data practices specific to the app:

9.1. Crash Reporting (Firebase Crashlytics)

We use Firebase Crashlytics to record crashes and stability issues. When the app crashes, we collect:

Anonymized crash stack traces (including native code symbols).
Device model, operating system version, and app version.
A randomly generated installation identifier, not linked to your name.

This data is used solely to diagnose and fix problems. It is not used for advertising and is not sold or shared with third parties.

9.2. Push Notifications (Firebase Cloud Messaging)

With your permission, the app uses Firebase Cloud Messaging to send subscription reminders and account-related notifications. To do this we store a device-specific messaging token associated with your account. You can disable notifications at any time in your device or app settings, after which the token is no longer used.

9.3. Data Processing & Retention

Firebase processes this data on our behalf as a data processor. Crash and diagnostic data is retained for up to 90 days. For more information, see Firebase's Privacy and Security documentation and Google's Privacy Policy.

10. Contact Information

If you have any questions about this Privacy Policy, you can contact us at connectwithus@subcenter.io.