Privacy & Security

Transparency

You’re trusting us with your financial data. Here’s exactly what we do with it — and more importantly, what we don’t.

We never see your bank credentials

Your login is handled entirely by Plaid, a bank-level security provider used by Venmo, Robinhood, and thousands of other apps. We never receive, store, or have access to your username or password.

We disconnect after your scan

Unlike subscription apps that maintain persistent connections to your bank, we revoke our access token immediately after generating your report. We cannot access your account again.

Your data expires automatically

Scan results are stored for 30 days so you can revisit your report, then permanently deleted. We run automated cleanup to ensure nothing lingers.

We never sell your data

Your financial data is never sold, shared with third parties, or used for advertising. Period. Our revenue comes from the $4.99 scan fee — not from monetizing your information.

Encryption everywhere

All data is encrypted in transit (TLS 1.3) and at rest. Our database is hosted on Supabase with row-level security, meaning each user can only access their own data.

Minimal data collection

We store only what's needed: your email (for auth), detected subscription names and amounts, and cancellation links. We don't store raw transaction data — only the recurring subscriptions we identify.

What data do we store?

Data	Stored?	Duration
Email address	Yes	Until account deletion
Bank credentials	Never	N/A — handled by Plaid
Plaid access token	Temporarily	Revoked after scan
Raw transactions	Never	Processed in memory only
Detected subscriptions	Yes	30 days, then deleted
Payment info	Never	Handled by Stripe

Have questions about our privacy practices? privacy@oversubscribed.app