← Back to Home

Privacy Policy

Last Updated: October 2025

At Subscription Checker, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Chrome extension and services.

1. Definitions

For clarity and legal precision, the following terms are used throughout this Privacy Policy:

• "Subscription Checker," "we," "us," and "our" refer to the developer and operator of the Chrome extension Subscription Checker.
• "Service" refers to the Subscription Checker Chrome extension, website (subscriptionchecker.com), and all related functionality.
• "User," "you," and "your" refer to any individual using the Service.
• "Personal Data" refers to any information that can be used to identify you, such as your email address.
• "Local Processing" refers to data analysis performed entirely on your device without uploading to external servers.

2. Information We Collect

2.1 Gmail Data (Local Processing Only)

Our Chrome extension requests read-only access to your Gmail account to scan for subscription-related emails. This data is processed entirely locally on your device and is never uploaded to our servers.

• We scan email subjects, sender addresses, and email content to identify subscription receipts, renewal notices, and recurring payments
• All processing happens in your browser using local JavaScript
• No email content is stored on our servers
• We do not read, store, or transmit the contents of your emails to any external server

2.2 Account Information

When you sign in with Google OAuth, we collect:

• Email address: Used to identify your account and verify Pro purchases
• Google profile information: Name and profile picture (optional, for display purposes only)

2.3 Payment Information

When you purchase Pro access (launch offer: $9.99, regular price: $14.99 one-time payment), payment processing is handled by Lemon Squeezy, our trusted payment processor. We do not store or have access to your credit card details, billing address, or payment method information.

Lemon Squeezy provides us with:

• Order confirmation (to activate your Pro account)
• Purchase date and order ID
• Email address (to link payment to your account)

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide the service: Scan Gmail locally for subscriptions, detect recurring payments, and display your subscription dashboard
• To authenticate your account: Verify your identity using Google OAuth
• To process purchases: Activate Pro features after you complete a one-time payment (launch offer: $9.99, regular: $14.99)
• To communicate with you: Send service-related emails (e.g., purchase confirmations, important updates)
• To provide customer support: Respond to your inquiries and troubleshoot issues

4. How We Store Your Information

4.1 Email Hashing for Privacy

To protect your privacy, we do not store your email address in plaintext. Instead, we use SHA-256 cryptographic hashing to create a unique identifier for your account. This means:

• Your email is converted into a one-way hash that cannot be reversed
• We can verify your account status without storing your actual email
• Even in the unlikely event of a data breach, your email cannot be extracted

4.2 Database Storage

We store minimal account data in our secure Supabase PostgreSQL database:

• Email hash: SHA-256 hash of your email (not the email itself)
• Purchase records: Order ID, purchase date, and status (to verify Pro access)
• Account metadata: Sign-up date and last sign-in timestamp

All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256 encryption).

4.3 Data Jurisdiction and International Compliance

All local Gmail data stays within your browser storage and is never transmitted to our servers.

Minimal account data (email hash and purchase records) is processed via Lemon Squeezy (payment processor) and stored in secure U.S.-based servers:

• Supabase (PostgreSQL): Hosted on AWS in the United States with SOC 2 Type II compliance
• Vercel Edge Network: API infrastructure distributed globally with data encryption at rest and in transit

GDPR & CCPA Compliance: For users in the European Union and California, we comply with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act). Your data is transferred to the U.S. under Standard Contractual Clauses (SCCs) and protected by appropriate safeguards. You have the right to:

• Access your personal data
• Request correction or deletion
• Object to data processing
• Withdraw consent at any time

4.4 Local Browser Storage

The extension stores certain data locally in your browser using chrome.storage.local:

• Your detected subscriptions (stored only on your device)
• User preferences and settings
• Authentication tokens (securely encrypted)

This local data is never uploaded to our servers and remains private on your device.

5. Third-Party Services

We use the following trusted third-party services:

5.1 Google OAuth (Google LLC)

• Purpose: Secure authentication and Gmail API access
• Data shared: Email address, profile information (name, photo)
• Privacy Policy: https://policies.google.com/privacy

5.2 Lemon Squeezy (payment processor)

• Purpose: Process one-time Pro purchase payments (launch offer: $9.99, regular: $14.99)
• Data shared: Email address, payment information (handled entirely by Lemon Squeezy)
• Privacy Policy: https://www.lemonsqueezy.com/privacy

5.3 Supabase (database hosting)

• Purpose: Secure cloud database for storing hashed emails and purchase records
• Data shared: Email hashes, purchase metadata (no email content or passwords)
• Privacy Policy: https://supabase.com/privacy

6. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties for marketing purposes.

We may disclose your information only in the following circumstances:

• With your consent: If you explicitly authorize us to share your data
• To comply with legal obligations: If required by law, court order, or government regulation
• To protect our rights: To investigate fraud, enforce our Terms of Use, or protect the security of our service
• Business transfers: In the event of a merger, acquisition, or sale of assets (you will be notified)

7. Data Retention

• Account data: Retained as long as your account is active
• Purchase records: Retained indefinitely to verify lifetime Pro access
• Local Gmail scan data: Stored only on your device; deleted when you uninstall the extension

8. Your Privacy Rights

You have the following rights regarding your personal data:

8.1 Access and Portability

You can request a copy of all data we store about you (email hash, purchase records, account metadata).

8.2 Correction

You can update your account information at any time through the extension settings.

8.3 Deletion

You can request deletion of your account and all associated data. To delete your account:

• Email us at support@subscriptionchecker.com with the subject "Account Deletion Request"
• We will permanently delete your account data within 30 days
• Note: Purchase records may be retained for legal and accounting purposes (e.g., tax compliance)

8.4 Revoke Gmail Access

You can revoke Gmail permissions at any time through your Google Account permissions page. The extension will stop scanning your emails immediately.

9. Security Measures

We implement industry-standard security practices to protect your data:

• Encryption: All data in transit uses HTTPS/TLS; data at rest uses AES-256 encryption
• Email hashing: SHA-256 one-way hashing prevents email exposure
• Minimal data collection: We only collect what's necessary to provide the service
• Webhook signature verification: HMAC-SHA256 signatures prevent fraudulent payment notifications
• Regular security audits: We periodically review our code and infrastructure for vulnerabilities

10. Children's Privacy

Subscription Checker is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@subscriptionchecker.com, and we will promptly delete it.

11. International Data Transfers

Our services and databases are hosted in the United States. If you are located outside the U.S., your information may be transferred to and processed in the United States. By using our service, you consent to this transfer.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification (if we have your email on file)
• Displaying a notice in the extension

Your continued use of the service after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

---

© 2025 Subscription Checker. All rights reserved.
Last updated October 2025.