Subcut
Privacy Policy
Introduction
Subcut ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS application ("App").
Please read this privacy policy carefully. By downloading, installing, or using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access or use the App.
Our privacy-first approach
Subcut is designed with privacy as a core principle. We believe your financial data belongs to you, and we have built the app to minimize data collection while keeping the features useful.
Key privacy features: your subscription data is stored locally on your device. Optional iCloud sync keeps data within your personal Apple ecosystem. Email and statement scanning for subscription detection is processed securely with AI and not retained. No third-party analytics or advertising SDKs. Face ID and Touch ID protection are available. We do not track your activity across other apps or websites.
Data we collect
We are committed to transparency about the data we collect. Below is a comprehensive list.
1. Data you provide voluntarily
When you use Subcut, you may enter subscription information including subscription names and providers, billing amounts and currencies, billing frequencies, billing and renewal dates, categories, notes, and permissions for email or statement import.
Important: this information is stored locally on your device and optionally synced via your personal iCloud account (CloudKit). We do not have access to, nor do we collect, this data on our servers.
2. Automatically collected data
We collect minimal technical information necessary for app functionality.
| Data type | Purpose | Collection method |
|---|---|---|
| Device type and iOS version | App compatibility | Automatic via iOS |
| App version | Support and updates | Automatic via iOS |
| Crash logs | Bug fixes and stability | Apple crash reporting (anonymized) |
| Purchase receipts | Subscription verification | Apple StoreKit |
| Anonymous user ID | Subscription management | RevenueCat SDK |
3. Data we do NOT collect
We explicitly do not collect your name, email address, or contact information (unless you contact support); bank account numbers, credit card numbers, or financial credentials; login credentials for any third-party services; precise location data; contacts, photos, or other personal data from your device; browsing history or activity on other apps; advertising identifiers (IDFA) or cross-app tracking data; or health and fitness data.
Import and AI processing
Subcut offers optional features to detect subscriptions automatically from your bank or card statements and from your email receipts. This section explains exactly how they work and how your data is handled. These are the only features where data leaves your device, and we would rather tell you that plainly than let you assume otherwise.
Statement import (bank or card statements)
When you import a statement file (PDF or CSV), the file content is sent over an encrypted connection to a secure server that uses AI to read it and extract the recurring charges (service name, amount, billing cycle). The file is processed for that single request and is not stored by Subcut afterward. We never ask for or receive your bank login credentials. If you prefer nothing to leave your device, you can add subscriptions by hand instead.
Email import
When you enable email scanning, Subcut accesses your inbox to identify subscription-related emails (subject lines, sender addresses, body text, and dates). We apply filters to focus on receipts and billing notifications and do not read personal correspondence beyond that initial filtering. Email is fetched using secure OAuth, so we never see your email password. The relevant content is sent over an encrypted connection to a secure AI service to extract subscription details, then discarded.
How the AI processing is handled
Data sent: the statement file content or the subscription-related email content. Data not sent: your bank or email login credentials, your name, or personal identification. Processing location: secure cloud infrastructure, reached over an encrypted HTTPS connection. Retention: data sent for processing is not used to train AI models and is not retained beyond the request. Only the extracted subscription details are returned to the app and stored locally; the raw file or email content is not kept by Subcut.
You can disable import features at any time in the app's settings, and you can revoke email access through your email provider's connected-apps settings.
How we use your data
The limited data we collect is used solely to provide the app's core functionality, detect subscriptions you ask us to import, sync your data across your devices via iCloud, process and verify in-app purchases, fix bugs and improve stability, respond to support requests, and comply with legal obligations.
We do NOT use your data for advertising, marketing, user profiling, selling to third parties, training AI models, or any purpose not directly related to providing the app.
Third-party services and data sharing
We share data only with the following third parties, who provide the same or greater protection of your data.
Apple Inc. (CloudKit and iCloud sync)
We use the App Store for distribution and in-app purchases, CloudKit for optional iCloud sync of your subscription data, StoreKit for purchase verification, and APNs for push notifications (processed locally on your device). When you enable iCloud sync, your subscription entries are stored in your personal iCloud account, encrypted in transit and at rest, accessible only via your Apple ID. Subcut cannot access your iCloud data. Apple services are subject to Apple's Privacy Policy.
AI processing provider
We use a secure third-party AI service to extract subscription details from imported statements and emails. The provider processes data under strict confidentiality and data-protection terms, does not use it to train models, and does not retain it beyond the request. No personal identifiers are sent, only the content needed for extraction.
RevenueCat Inc. (subscription management)
We use RevenueCat to manage Subcut Pro subscriptions. Data shared is an anonymous app user ID (not linked to your identity), purchase transaction data from Apple, and subscription status. RevenueCat does NOT receive your subscription tracking data, your name or email, your email or statement content, or your iCloud data. RevenueCat is SOC 2 Type II certified and GDPR compliant. See RevenueCat's Privacy Policy.
No other third parties
We do not share data with any other third parties. Beyond what is listed above, we do not use third-party analytics services, advertising networks, or tracking SDKs.
Data storage and security
Your subscription data is stored locally using Apple's Core Data framework, with iOS encryption at rest when your device is locked. If you enable iCloud sync, data is stored in your personal iCloud account using CloudKit, encrypted in transit (TLS) and at rest, accessible only through your Apple ID credentials; Subcut cannot read or decrypt it. Imported statement and email content is processed in real time and is not stored by Subcut after extraction. Optional Face ID and Touch ID protection is processed entirely by iOS on the Secure Enclave and is never accessible to the app or transmitted off your device.
Data retention and deletion
Local subscription data is retained until you delete it or uninstall the app. iCloud data is retained until you delete it or disable sync. Imported statement and email content is not retained; it is processed and discarded. RevenueCat data is retained as long as your subscription exists, plus as required by Apple for financial records. Support correspondence is retained for two years after resolution.
You can delete individual subscriptions in the app, delete all data by removing the app and clearing its iCloud data in Settings, or request deletion of any data we may have by emailing support@getsubcut.app. We process deletion requests within 30 days.
Your rights and choices
You can access and view all your data in the app, export it as CSV or JSON (Pro feature), correct any entry, delete individual subscriptions or all data, and withdraw consent by disabling iCloud sync, notifications, or biometric lock at any time. Subcut does not require an account, so there is no account to delete; your data is controlled entirely through your device and iCloud settings.
Tracking and advertising
Subcut does not track you. We do not use the Advertising Identifier (IDFA), do not track your activity across other apps or websites, do not display advertisements, do not build advertising profiles, do not sell or share data with advertising networks, and will never request App Tracking Transparency permission.
Children's privacy
Subcut is not directed to children under 13 (or the applicable age of consent in your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact support@getsubcut.app and we will delete it.
International users
Subcut is available worldwide. Your data stays on your device or in your iCloud account, which may be stored in data centers in your region based on Apple's infrastructure. Users in the EU, EEA, and UK have rights under the GDPR including access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority. We process data on the basis of contract performance, legitimate interest, and consent. California users have rights under the CCPA including the right to know what is collected, to access and delete it, and to equal service. We do not sell personal information.
Changes to this policy
We may update this Privacy Policy from time to time. We will note changes by updating the "Last updated" date and posting a notice in the app for material changes. Your continued use of the app after changes take effect constitutes acceptance of the revised policy.
Contact us
Questions or requests about this Privacy Policy: email support@getsubcut.app. We respond within 30 days.