SubRadar Privacy Policy

Last updated: April 2026

SubRadar is a Chrome extension that helps users track subscriptions and free trials so they don't get charged unexpectedly. This privacy policy explains exactly what data SubRadar collects, how it's handled, where it's stored, and what is and isn't shared with third parties.

1. Data we collect

1.1 Account information

When you sign in to SubRadar, we collect:

• Email address — required for authentication, used to identify your account
• Name — only if you sign in with Google; received from Google's OAuth profile
• User ID — a unique identifier generated by our authentication provider (Supabase)

1.2 Subscription data you enter

When you save a subscription (manually or through auto-detection), we collect:

• Service name (e.g., a streaming platform name)
• Renewal date and billing cycle (monthly, yearly, weekly)
• Cost and currency
• Your intent (cancel, renew, or remind)
• Optional: trial end date, checkout URL, notes
• Subscription status (active, archived, canceled)

1.3 Local preferences and state

Stored locally on your device only:

• Notification preferences (enabled/disabled, lead days)
• Sort and filter preferences
• Reminder state (snoozed, dismissed)
• Cached website favicons

1.4 Page content (read locally, not collected)

SubRadar's auto-detection feature reads text content on web pages you visit to identify subscription and pricing pages. This analysis happens entirely on your device. No page content, URLs, or browsing history is sent to any server or stored anywhere.

2. How we use your data

• Authentication: Your email is used to identify your account and let you sign in across devices
• Subscription tracking: The data you enter is used to display your subscriptions on your dashboard and trigger reminder notifications
• Reminders: Your renewal dates and intent are used to determine when and how to notify you
• Logo display: Service names are used to fetch matching website logos for visual recognition

3. How and where data is stored

3.1 Server-side storage (Supabase)

Your account information and subscription data are stored in a hosted PostgreSQL database provided by Supabase. The database uses Row Level Security (RLS), which is a database-level access control system that ensures each user can only read or modify their own rows. Even if someone obtained the public API key (which is included in the extension code, as is standard for client-side applications), they cannot access another user's data because RLS policies enforce ownership at the query level.

Supabase data is encrypted at rest and in transit (TLS).

3.2 Local storage (chrome.storage.local)

Preferences, reminder state, and favicon cache are stored locally on your device using Chrome's built-in storage API. This data never leaves your device and is removed when you uninstall the extension.

4. Third-party services we use

4.1 Supabase (database and authentication)

Supabase hosts your account information and subscription data. Supabase has its own privacy policy at supabase.com/privacy.

4.2 Google OAuth (sign-in)

If you choose to sign in with Google, the authentication flow is handled by Google. SubRadar receives only your name and email address. SubRadar does not access your Google contacts, calendar, drive, or any other Google account data.

4.3 Clearbit (logo autocomplete)

When you type a service name in the manual subscription form, the typed text is sent to Clearbit's logo API to suggest matching company logos. Only the text you type in the service name field is sent. No other personal data, account information, or browsing history is shared. Requests are debounced to minimize calls. Clearbit's privacy policy is at clearbit.com/privacy-policy.

4.4 Google Favicon Service

SubRadar fetches small website icons (favicons) from Google's public favicon service to display alongside your subscriptions. This means Google can see which website domains your subscriptions are associated with. Favicons are cached locally after the first fetch to minimize repeat requests.

5. What we do NOT do

• We do not sell your data to anyone
• We do not share your data with advertisers or marketing partners
• We do not track your browsing history
• We do not use your data for advertising or profiling
• We do not use your data to determine creditworthiness or for lending
• We do not access your financial accounts, bank information, or payment methods
• We do not transfer your data outside of the services listed above

6. Permissions we request and why

• storage: Save preferences and cache favicons locally on your device
• notifications: Send subscription renewal reminders
• alarms: Schedule daily background scans for upcoming renewals
• identity: Handle the Google OAuth sign-in flow
• host_permissions (all_urls): Required for the auto-detection content script to read page content on sites you visit. Detection happens locally on your device — no page content is collected or transmitted.

7. Data retention and deletion

Your subscription data is stored as long as your account exists. You can delete individual subscriptions at any time from the dashboard. If you uninstall the extension, your local data is removed, but your account and subscription data remain in our database.

To delete your account and all server-side data permanently, contact us at the email below. We will remove your account and all associated subscription records within 30 days.

8. Children's privacy

SubRadar is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with their information, contact us and we will delete it.

9. Changes to this policy

If we make material changes to how we collect, use, or share user data, we will update this policy and update the "Last updated" date above.

10. Contact

If you have questions about this privacy policy, your data, or want to request deletion of your account, reach out at chetachiihekwaba@gmail.com.