Privacy Policy

1. Data Controller

The SubList Subscription Manager Chrome Extension is developed by nehalmax (Nehal Joshi). For any privacy-related questions, you can contact us at support@sublist-ext.com.

2. What Information We Collect and Why

To provide account sync, AI-assisted capture, reminders, and Pro entitlement management, the Extension collects and processes certain account and subscription information.

The Extension collects and processes the following types of information:

Account Information:

• What is collected: Your name, email address, Firebase authentication identifiers, and basic account status information.
• How it's collected: When you create an account or sign in through the SubList extension flow.
• Purpose: To authenticate you, sync your data across devices, and associate your subscriptions and Pro entitlement with your account.
• Legal Basis (GDPR): Performance of a contract and legitimate interest in operating a synced subscription management service.

Subscription Details:

• What is collected: Service name (e.g., "Netflix," "Figma"), plan name (e.g., "Premium," "Pro"), billing amount, currency, billing cycle (e.g., monthly, yearly), next renewal date, trial status and end date, subscription status (active, cancelling).
• How it's collected: This information is extracted directly from the web pages you visit (specifically billing, subscription, or membership pages) when you explicitly interact with the Extension (e.g., by clicking a capture action).
• Purpose: To enable the core functionality of the Extension, which is to help you track and manage your subscriptions and provide timely renewal reminders. This data is essential for the Extension to function as intended.
• Legal Basis (GDPR): Performance of a contract (Terms of Service for the Extension) and/or legitimate interest (providing you with the requested functionality of subscription management).

AI Processing Data:

• What is collected: The text content and relevant structure of the active web page, along with limited contextual signals needed to identify subscription details.
• How it's collected: This data is accessed only when you explicitly trigger a capture action in the Extension. The page data is then processed by our AI-enabled backend features.
• Purpose: To extract and structure subscription details automatically.
• No user API key required: You do not need to provide a Gemini API key or any other AI API key to use these features.
• Legal Basis (GDPR): Performance of a contract (providing the AI-powered feature you explicitly choose to use).

Billing and Pro Entitlement Information:

• What is collected: Pro purchase status, entitlement status, payment identifiers, transaction status, and limited customer fields such as name and email needed to associate a purchase with your account.
• How it's collected: Through our third-party payment gateway and related webhook/account linking flows.
• Purpose: To confirm one-time Pro purchases, unlock features, and maintain billing support records.
• Legal Basis (GDPR): Performance of a contract and compliance with payment-related recordkeeping obligations.

We do not collect or store payment method details such as credit card numbers, debit card numbers, CVVs, bank account numbers, or similar payment credentials. Payment information is handled by the third-party payment provider during checkout.

3. How Information is Stored

Account information, subscription details, and entitlement data are stored in Firebase services (including Firestore and Firebase Authentication) so that your SubList account can sync across devices.

• Cloud Storage: We use Firebase/Google Cloud infrastructure to store authenticated user account and subscription records.
• Access Controls: Access to stored data is restricted through authenticated application logic and configured security rules.
• Data Persistence: The data persists even if you close and reopen Chrome and can remain associated with your account until you request deletion or your account is removed.
• Data Portability: You have the option to request or export your subscription data where such features are made available by the product.

4. How Information is Used

The collected information is used solely for the following purposes:

• To create and manage your SubList account.
• To sync subscription data across your signed-in devices.
• To display, categorize, and manage your subscriptions.
• To schedule and deliver renewal and trial reminder notifications.
• To operate AI-assisted subscription extraction features.
• To process and confirm one-time Pro membership purchases.
• To send transactional emails related to your account or order status where applicable.

5. Sharing Your Information

We do not sell or rent your personal information. We do share limited information with service providers strictly as needed to operate the product.

This may include:

• Firebase / Google Cloud: for authentication, cloud data storage, and backend operations.
• AI service infrastructure: for AI-assisted extraction features triggered by you.
• Third-party payment gateway: for one-time Pro membership checkout and payment processing.
• Transactional email providers: for account or purchase-related communications where applicable.

Payment method information is handled by the payment gateway and is not stored by SubList.

6. Data Retention

Your data is retained for as long as you keep the Extension account active or as needed to provide the service, maintain your synced subscription data, support Pro access, comply with legal obligations, and resolve disputes. Some related billing or transactional records may be retained for reasonable audit, fraud-prevention, or legal compliance purposes.

7. Your Rights (GDPR)

Depending on your location and applicable law, you may have the right to access, correct, delete, restrict, or object to the processing of your personal data, and to request a copy of your data. The Extension supports the following GDPR-aligned rights:

• Right to Access: You can access all data associated with your account through the product experience or by contacting us.
• Right to Rectification: You can modify or update your account or subscription details through the product where supported or by contacting us.
• Right to Erasure ("Right to be Forgotten"): You can request deletion of your account data, subject to any lawful retention requirements.
• Right to Restriction of Processing: You can request limits on how your personal data is processed in certain circumstances.
• Right to Data Portability: You can export or request a copy of eligible account data in a portable format where supported.
• Right to Object: You can object to data processing where applicable under law.

To exercise these rights or raise privacy questions, contact us at support@sublist-ext.com.

8. Children's Privacy

The Extension is not intended for use by children under the age of 16. We do not knowingly collect any information from children under 16.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page within the Chrome Web Store listing. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: support@sublist-ext.com