M
MoniSubBack to Home

Privacy Policy

Last Updated: January 15, 2026

1. Introduction

Welcome to MoniSub ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our subscription management platform (the "Service").

By using MoniSub, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address (required for account creation and authentication)
  • Full name
  • Password (stored as an encrypted hash using bcrypt)
  • Preferred region (US, EU, GB, CA, AU, IN)
  • Preferred currency
  • Timezone
  • Notification preferences (renewal reminders, price change alerts)

Subscription Information:

  • Service names and vendors
  • Subscription amounts and currencies
  • Billing cycles (weekly, monthly, quarterly, yearly)
  • Renewal dates
  • Payment tiers and features
  • Custom notes you add
  • Active/inactive status

Receipt and Document Uploads:

  • Images and PDF files you upload (receipts, invoices, statements)
  • File metadata (upload date, file size, format)
  • Extracted data from receipts (amounts, dates, vendor names)

2.2 Information We Collect Automatically

Authentication Data:

  • JWT access tokens (15-minute expiration)
  • JWT refresh tokens (7-day expiration, stored in HTTP-only cookies)
  • Login timestamps and session information

Usage Information:

  • Features you use and interactions with the Service
  • Subscription analytics you generate
  • Notification interactions (read/unread status)

2.3 Information from Third-Party Services

OAuth Authentication: When you sign in using Google:

  • Google account ID
  • Email address
  • Profile name
  • OAuth access and refresh tokens (encrypted before storage)

Email Connection (Optional): If you choose to connect your email account for automatic subscription detection:

  • Email provider (Gmail or Outlook)
  • OAuth access and refresh tokens (encrypted using Fernet encryption)
  • Token expiration times
  • Email addresses from which subscription receipts are detected
  • Email content related to subscription receipts (parsed for subscription information only)
  • Last synchronization timestamp

Important: We do not read or access emails unrelated to subscription management. Email access is limited to detecting subscription-related receipts and invoices.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

  • Create and manage your user account
  • Authenticate and verify your identity
  • Track and manage your subscriptions
  • Parse receipts and automatically detect subscriptions
  • Provide subscription analytics and insights
  • Send renewal reminders and price change notifications
  • Match uploaded receipts to our service catalog
  • Provide regional pricing information

3.2 Service Improvement

  • Improve our AI-powered receipt parsing accuracy
  • Enhance our service catalog and pricing database
  • Develop new features and functionality
  • Debug and fix technical issues

3.3 Communication

  • Send transactional emails (account verification, password resets)
  • Send notification emails based on your preferences
  • Respond to your inquiries and support requests
  • Send important service updates and security alerts

3.4 Security and Compliance

  • Detect and prevent fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect the rights and safety of our users

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

4.1 Third-Party Service Providers

We share limited data with the following third-party services necessary to operate MoniSub:

AI and Processing Services:

  • OpenAI (GPT-4 Vision API): We send uploaded receipt images to OpenAI's API for text extraction and subscription detection. OpenAI processes this data according to their API data usage policies, which state that API data is not used to train their models.
  • Ollama (Optional): If enabled, receipt parsing may be performed using local AI models, with no external data transmission.

Authentication Services:

  • Google OAuth 2.0: For Google sign-in functionality
  • Microsoft OAuth 2.0: For Outlook email integration (if you choose to connect)

Cloud Infrastructure (Optional):

  • Google Cloud Storage: If cloud storage is enabled, uploaded receipts are stored in Google Cloud Storage buckets
  • Google Cloud SQL: Database hosting for production environments
  • Redis Cloud Providers: For caching and task queue management

Logo Services (Optional):

  • Logo.dev API: To retrieve company logos for visual enhancement

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues

4.3 Business Transfers

If MoniSub is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified via email and/or a prominent notice on our Service of any change in ownership or use of your personal information.

5. Data Storage and Security

5.1 Data Storage Location

Your data is stored in:

  • Database: Google Cloud SQL (PostgreSQL) hosted in [primary region to be specified based on deployment]
  • Files: Either local server storage or Google Cloud Storage, depending on configuration
  • Cache: Redis cloud hosting or local Redis instance

5.2 Security Measures

We implement industry-standard security measures to protect your information:

Encryption:

  • All data transmitted to and from MoniSub is encrypted using TLS/HTTPS
  • Passwords are hashed using bcrypt with salt
  • OAuth tokens are encrypted at rest using Fernet encryption (AES-128)
  • Database connections use encrypted channels

Access Controls:

  • JWT-based authentication with short-lived access tokens (15 minutes)
  • HTTP-only cookies for refresh tokens to prevent XSS attacks
  • Role-based access controls
  • CORS restrictions to prevent unauthorized API access

Infrastructure Security:

  • Regular security updates and patches
  • Secure configuration of cloud resources
  • Rate limiting to prevent abuse (100 requests/minute)
  • Security headers (HSTS, X-Frame-Options, X-Content-Type-Options, CSP)

Application Security:

  • Input validation and sanitization
  • Protection against SQL injection, XSS, and CSRF attacks
  • Secure file upload handling with type and size restrictions (10MB max)

5.3 Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specific retention periods:

  • Active accounts: Data retained indefinitely while account is active
  • Deleted accounts: All personal data is permanently deleted within 30 days of account deletion
  • Backup data: May be retained for up to 90 days in encrypted backups
  • Legal compliance: Certain data may be retained longer if required by law

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

6.1 Access and Portability

  • Right to access: You can view and download your subscription data at any time through your account dashboard
  • Right to data portability: You can export your subscription data in a structured format

6.2 Correction and Deletion

  • Right to correct: You can update your account information and subscription details at any time through the Service
  • Right to deletion: You can delete your account and all associated data at any time through the account settings or by contacting us

To delete your account:

  1. Log in to your MoniSub account
  2. Navigate to Settings > Account
  3. Click "Delete Account"
  4. Confirm deletion

All your data, including subscriptions, receipts, email connections, and notifications, will be permanently deleted.

6.3 Email and Notification Preferences

  • You can control notification preferences (renewal reminders, price change alerts) in your account settings
  • Transactional emails (password resets, security alerts) cannot be disabled as they are essential to the Service

6.4 Email Connection Control

  • You can disconnect your email account at any time from Settings > Email Connections
  • Disconnecting will revoke MoniSub's access to your email and delete stored OAuth tokens
  • Previously detected subscriptions will remain unless you manually delete them

6.5 Objection and Restriction

  • Right to object: You can object to certain processing of your data
  • Right to restrict: You can request restriction of processing under certain circumstances

6.6 Withdraw Consent

  • Where we rely on consent to process your data, you can withdraw that consent at any time
  • This includes disconnecting email integrations or disabling specific features

7. Regional Privacy Rights

7.1 European Union (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing: We process your data based on:
    • Contractual necessity (to provide the Service)
    • Legitimate interests (to improve and secure the Service)
    • Consent (for email connections and optional features)
  • Data transfers: If data is transferred outside the EEA, we ensure appropriate safeguards are in place
  • Right to lodge a complaint: You can file a complaint with your local data protection authority

Data Protection Officer Contact: Not applicable for small-scale personal data processing

7.2 California (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act:

  • Right to know: What personal information we collect and how it's used
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: Opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights: Contact us at contact@monisub.com

7.3 Other Regions

We comply with applicable privacy laws in all regions where we operate, including:

  • United Kingdom (UK GDPR)
  • Canada (PIPEDA)
  • Australia (Privacy Act)
  • India (Personal Data Protection Bill/Act when enacted)

8. Cookies and Tracking Technologies

8.1 Cookies We Use

Essential Cookies:

  • Refresh Token Cookie: HTTP-only cookie storing JWT refresh token (7-day expiration)
    • Purpose: Maintain your login session securely
    • Expiration: 7 days or when you log out
    • Cannot be disabled as they are essential for authentication

We do NOT use:

  • Analytics cookies or tracking pixels
  • Advertising cookies
  • Third-party tracking technologies
  • Social media tracking pixels

8.2 Managing Cookies

You can configure your browser to refuse cookies, but this will prevent you from using MoniSub as authentication requires cookie support.

For more information, see our Cookie Policy.

9. Children's Privacy

MoniSub is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

10. International Data Transfers

MoniSub operates globally and may transfer your data to countries outside your country of residence, including the United States. These countries may have different data protection laws than your country.

When we transfer personal data internationally, we implement appropriate safeguards, including:

  • Standard contractual clauses approved by the European Commission
  • Ensuring third-party processors comply with GDPR and equivalent standards
  • Encryption in transit and at rest

11. Third-Party Links

The Service may contain links to third-party websites or services (e.g., subscription service websites). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make changes:

  • We will update the "Last Updated" date at the top of this Privacy Policy
  • For material changes, we will provide prominent notice (email notification or in-app alert)
  • Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy

Previous versions of this Privacy Policy will be made available upon request.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@monisub.com

Mailing Address: MoniSub [Address to be provided] European Union

Data Protection Officer (EU/UK): Not applicable for small-scale personal data processing

Response Time: We will respond to your inquiries within 30 days (or as required by applicable law).

14. Data Processing Addendum

For enterprise or business users requiring a Data Processing Addendum (DPA) or Business Associate Agreement (BAA), please contact us at contact@monisub.com.

Document Version: 1.0 Effective Date: [To be filled upon production deployment] Governing Law: European Union

By using MoniSub, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.