Privacy Policy
Service Name: Subtracker Last Updated: April 28, 2026 Effective Date: April 28, 2026
Subtracker (“Service”, “we”, “our”, or “us”) values your privacy and is committed to protecting your personal information in compliance with applicable laws including the Korean Personal Information Protection Act and Apple App Store privacy guidelines. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.
1. Information We Collect
1.1 Information You Provide at Sign-Up
| Item | Purpose | Retention |
|---|---|---|
| Email address | Account identification, login, password reset, important notices | Until account deletion |
| Password | Authentication (stored as BCrypt hash; original password is never stored) | Until account deletion |
| Nickname | Display in the app | Until account deletion |
1.2 Information Generated During Service Use
| Item | Purpose | Retention |
|---|---|---|
| Subscription data (name, price, billing date, category, memo, etc.) | Core service functionality | Until account deletion |
| Budget data | Budget management feature | Until account deletion |
| Authentication tokens (Access/Refresh) | Login session management | Until token expiry or logout |
| Push notification token (FCM) | Sending billing date notifications | Until account deletion or token expiry |
| In-app purchase transaction ID | Premium subscription verification and renewal | Until account deletion |
1.3 Optional Permissions (Collected Only With Your Consent)
| Item | Purpose | Retention |
|---|---|---|
| Gmail metadata (sender, subject, date of subscription receipts) | Auto-detection of subscriptions (email body is NOT stored; discarded immediately after analysis) | Discarded immediately after analysis |
| Advertising Identifier (IDFA) | Personalized ads (only if user accepts ATT prompt; otherwise non-personalized ads only) | Not collected if user declines |
1.4 Information We Do NOT Collect
We do not collect: - Real names, ID numbers, or phone numbers - Location data - Contacts, photos, or camera data - Gmail email body content (analyzed in-memory and discarded)
2. How We Use Your Information
We use collected information for the following purposes:
- Account Management: User identification, fraud prevention, security
- Service Provision: Storing subscription data, sending billing notifications, providing statistics, budget management
- Paid Service Settlement: In-app purchase verification, premium plan activation/renewal/expiration
- Email Auto-Detection (Optional): Analyzing Gmail metadata to detect subscription receipts
- Marketing (Optional): Personalized advertising (only with user consent)
3. Data Retention
We immediately delete all personal information upon account deletion, except for the following items required by law:
| Item | Retention Period | Legal Basis |
|---|---|---|
| Payment records | 5 years | Korean Electronic Commerce Act, Article 6 |
| Consumer dispute records | 3 years | Korean Electronic Commerce Act, Article 6 |
All other information is permanently deleted immediately upon account deletion.
4. Sharing With Third Parties
We do not share your personal information with third parties, except:
- When you provide explicit consent
- When required by law or law enforcement requests
5. Third-Party Services (Data Processors)
We use the following third-party services to process certain operations:
| Service Provider | Purpose |
|---|---|
| Google (Firebase Cloud Messaging) | Push notification delivery |
| Google (Gmail API) | Subscription email metadata analysis (with user consent only) |
| Apple Inc. | In-app purchase processing and receipt verification |
| Google AdMob | Ad display and advertising identifier processing |
| ExchangeRate-API | USD↔︎KRW exchange rate (no personal data transmitted) |
Each provider processes data according to their own privacy policy.
6. Your Rights
You have the following rights regarding your personal information:
- Right to Access: View your information in the app under “Settings > My Info”
- Right to Rectification: Edit your nickname in “Settings” or contact us via email
- Right to Erasure (Account Deletion): See Section 7 below
- Right to Object: Contact us via email to object to specific processing
To exercise these rights, please contact us at alwayswithsound@gmail.com.
7. Account Deletion Procedure
You may request account deletion by:
- In-App: Use “Settings > Delete Account” menu
- Email: Send a deletion request to alwayswithsound@gmail.com
Upon deletion request, the following data is immediately and permanently erased: - Account information (email, nickname, password hash) - All registered subscriptions and budgets - Authentication tokens and push tokens - Gmail integration data (if connected)
Records required by law (see Section 3) are retained for the legally mandated period only.
8. Security Measures
We protect your information through:
- Password Hashing: One-way BCrypt hashing (original passwords never stored)
- Transport Encryption: HTTPS/TLS for all data in transit
- Token Encryption: Encrypted device storage (iOS Keychain)
- Access Control: Your data is accessible only with your authentication
- Login Throttling: Account lockout after 5 failed attempts (brute-force defense)
- API Rate Limiting: Protection against abusive requests
9. Children’s Privacy
We do not knowingly collect personal information from children under 14 years of age. If we become aware that we have collected such information, we will delete it immediately.
10. Advertising Identifier and Tracking
We use Google AdMob for advertising. On iOS 14.5+ devices, we request App Tracking Transparency (ATT) permission before showing ads. If you decline:
- Personalized ads are replaced with non-personalized ads
- Your advertising identifier (IDFA) is not collected
- All other app features remain fully functional
Premium subscribers see no ads at all, and no advertising identifier is collected for them.
11. Changes to This Policy
If this policy changes, we will notify you in advance via in-app announcement or email. Material changes are notified at least 7 days in advance (30 days if the change is unfavorable to users).
12. Contact Information
| Item | Detail |
|---|---|
| Privacy Officer | Sooin Kim (Individual Developer) |
| alwayswithsound@gmail.com | |
| Response Time | Within 7 business days |
For any questions or rights requests, please contact us at the email above.
Supplementary Provision: This Privacy Policy is effective from April 28, 2026.