Privacy Policy

Last updated: 30 October 2025

App: SubFlow (iOS)

Developer / Data Controller: Tolga Meriç

Contact: help.subflow@gmail.com

Overview

SubFlow is an iOS application that helps users track subscription services. This Privacy Policy explains what data SubFlow collects, how it is used, how it is retained and protected, which third parties (if any) receive data, your rights, and how we handle brand/logo permissions and takedown requests. SubFlow stores subscription entries locally on the user's device by default. The current build does not include analytics, crash-reporting SDKs, or cross-app tracking.

Data we collect (explicit and itemized)

User-provided data (stored locally)

Subscription entries and user content you enter, including service name, plan name, billing amount, currency, billing cycle, renewal date, reminder settings, tags, and free-text notes.

Support communications

If you contact support via email or an in-app form (if enabled), you may provide your name, email address and message content; these are stored to respond and troubleshoot.

Automatic telemetry

None in the current build. No device identifiers, usage analytics, or crash logs are collected. If telemetry is added in a future release, this policy and App Store declarations will be updated.

Third-party API requests

Optional currency conversion requests are made directly from the device to the provider (for example https://exchangerate.host). Only non-identifying request parameters (currency codes) are sent. Responses are used locally and are not forwarded to developer servers.

Purpose and legal basis of processing

We use data only to provide and maintain app features (store, display and remind about subscriptions), to respond to user-initiated support requests, and to comply with legal obligations and manage intellectual property claims. We do not use data for advertising, profiling, or sale of personal data.

Storage and retention periods

Subscription entries: stored locally on the device until you delete them or uninstall the app (user-controlled).

Support correspondence: retained until the issue is closed plus 1 year by default; earlier deletion available on request.

Brand permission records (guideline screenshots, permission emails, license files): retained until revoked by the brand owner or up to 7 years after permission receipt, whichever is shorter.

Diagnostics/analytics: not applicable in the current build; if enabled later retention periods will be published.

Sharing and third parties

By default the app does not transmit subscription data to developer-controlled servers.

Third-party API calls (currency conversion): are direct device→provider calls; the provider may log request metadata such as IP per their policies. SubFlow does not transmit user identifiers to these providers. See provider privacy policy (e.g., https://exchangerate.host) for details.

Brand owners: we may share limited information (screenshots or contextual evidence) with brand owners to respond to claims; otherwise we will remove or replace assets as required.

Security measures

We apply industry-standard protections: HTTPS/TLS for network calls, iOS app sandbox for local data, and secure storage for developer-held permission records. If server-side storage is added in future releases, we will adopt encryption at rest, access controls, and auditing.

Your rights and how to exercise them

You have rights to access, correct, delete and export personal data we control. To exercise rights, email help.subflow@gmail.com with subject "Data request — SubFlow" and specify the request. SLA: we will acknowledge receipt within 7 days and aim to complete the request within 30 days. For deletion of local subscription data, delete the items in-app or uninstall the app; developer cannot remotely delete local device data without your consent. We may require minimal verification to process requests.

Children's privacy

SubFlow is not directed at children under 13 (or local minimum age). We do not knowingly collect personal data from children under 13. If you believe we have collected data from a minor, contact help.subflow@gmail.com to request removal.

Brand logos, trademarks and permission process (detailed)

Logos shown in SubFlow are property of their owners and are displayed only to identify services. Display does not indicate endorsement or partnership.

Pre-shipping checklist for any original logo included in releases:

  1. Locate official brand asset/guideline page and save a timestamped screenshot
  2. Assess whether third-party use is permitted under the guideline — if allowed, comply exactly with color, spacing and non-modification rules
  3. If written permission is required, send a permission request email and do not ship the logo until permission is obtained
  4. If prohibited, use a stylized icon instead
  5. Document decision and store records in brand-permissions/ (permissions.csv and supporting files)

Permission request template is used for outreach; responses and license files are archived.

Removal/takedown SLA:

Acknowledge valid owner requests within 48 hours; remove from server endpoints immediately; remove from app binary in the next update or by hotfix where feasible; confirm completion within 30 days. All actions are logged.

International transfers and legal bases

For EU users, legal basis for processing support messages is contractual/legitimate interest. For California residents we do not sell personal data. Requests under GDPR/CCPA handled via help.subflow@gmail.com.

Changes to this policy

Material changes will be posted with an updated "Last updated" date and communicated via release notes or in-app notice where appropriate.

Contact

For privacy inquiries, data requests, brand permissions or takedown notices: help.subflow@gmail.com.