Back to home

Privacy Policy

Effective date: April 2, 2026 · Last updated: April 2, 2026

1. What We Do

ByeSub ("we," "our," "us") helps you find and manage forgotten subscriptions by connecting your bank accounts and email. We scan for recurring charges and subscription-related emails, then display them in a simple dashboard so you can decide what to keep or cancel.

2. Information We Collect

Account Information: When you sign up, we collect your name and email address through Google OAuth or email-based authentication.

Financial Data (via Plaid): When you connect your bank account through Plaid, we receive transaction data including merchant names, transaction amounts, dates, and categories. We use this to detect recurring subscriptions. We do not receive or store your bank account credentials, full account numbers, or routing numbers.

Email Data (via Gmail API): When you connect your email, we scan for subscription-related emails (receipts, confirmations, renewal notices). We only store metadata — sender name, subject line, and date. We do not read, store, or process the full body of your emails.

3. How We Use Your Data

We use the information we collect solely to:

  • Identify and display your recurring subscriptions
  • Show you the amount, frequency, and next charge date for each subscription
  • Associate subscriptions with the email or username tied to them
  • Provide your subscription dashboard

We do not sell, rent, share, or transfer your personal or financial data to third parties for marketing, advertising, or any other purpose unrelated to providing our service.

4. Third-Party Services

Plaid: We use Plaid to connect to your bank accounts. When you use Plaid, your data is handled according to Plaid's End User Privacy Policy.

Supabase: We use Supabase for authentication and database hosting. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

Google: If you connect your Gmail account, we access it through the Gmail API with read-only permissions. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Security

We protect your data with the following measures:

  • All data in transit is encrypted using TLS 1.2+
  • All data at rest is encrypted using AES-256
  • Database access is restricted with Row Level Security (RLS) policies
  • We never store bank credentials — Plaid handles all authentication
  • Access to production systems requires multi-factor authentication

6. Data Retention & Deletion

We retain your data only for as long as your account is active. You can request complete deletion of your account and all associated data at any time.

When you delete your account or disconnect a service:

  • All Plaid access tokens are immediately revoked
  • All financial transaction data is permanently deleted
  • All email metadata is permanently deleted
  • Your account record is permanently removed
  • Deletion is completed within 30 days of your request

Accounts inactive for more than 12 months will be notified 30 days before scheduled deletion.

7. Your Rights

You have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Disconnect your bank or email at any time
  • Export your subscription data

To exercise any of these rights, contact us at privacy@byesub.app.

8. Children's Privacy

ByeSub is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or through the application. Your continued use of ByeSub after changes are posted constitutes acceptance of the updated policy.

10. Contact

If you have questions about this privacy policy or our data practices, contact us at: privacy@byesub.app