Privacy Policy
Last updated: January 2026
Privacy-First Summary
SubSave is built with privacy as a core principle. We minimize data collection at every step:
- CSV & PDF Upload: Your bank data is processed entirely in your browser. It never touches our servers.
- No Storage: We do not store your financial data. Period.
- Minimal Data: The only data we send to our servers is service names (like "Netflix") to look up cancellation instructions.
CSV Upload Method
When you upload a CSV bank statement:
- The file is parsed entirely in your browser using JavaScript
- No financial data is ever sent to our servers
- Your CSV file, transaction amounts, dates, and account details never leave your device
- Processing happens in your browser's memory and is cleared when you close the page
PDF Upload Method
When you upload a PDF bank statement:
- The file is parsed entirely in your browser using pdf.js
- No financial data is ever sent to our servers
- Your transaction history never leaves your device
- Processing happens in your browser's memory and is cleared when you close the page
Data Flow: Exactly What Happens
| Data Type | Handling Method |
|---|---|
| Bank credentials | β Not needed / Never requested |
| Transaction history | π± Your browser only (100% local) |
| Account numbers | π± Your browser only (100% local) |
| Service names | β Sent to our AI for instructions |
| Cancellation instructions | π¦ Generic instructions (no personal data) |
Third-Party Services
- Stripe: Handles payment processing securely. We never see your full card number.
Stripe Privacy Policy β - Google Gemini AI: Used for AI-powered cancellation instruction lookups. Only service names are sent (e.g., "Netflix"). Data sent to the Gemini API is not used to train Google's models.
Gemini API Terms β - Vercel: Hosts our application. All traffic is encrypted with TLS.
Vercel Privacy Policy β
Data Retention
- Your financial data: Not retained. Processed in real-time and immediately discarded.
- Session data: Stored in your browser's localStorage. Cleared when you close the browser.
- Cancellation instructions: Cached on our servers to improve service. These contain only service names and generic stepsβno personal data.
- Bank connections: We do not connect to your bank account.
What We Do NOT Collect
- Your name (unless you provide it voluntarily)
- Your email address (unless you contact support)
- Bank account numbers or routing numbers
- Transaction amounts or specific dates
- Your bank login credentials
- Your uploaded CSV files
- Any analytics or tracking data
Contact
Questions about your privacy? Email us at privacy@subsave.app
We're committed to privacy and transparency. If anything on this page is unclear, please reach out.