Privacy Policy

What we collect

SubShield stores derived subscription metadata (merchant names, amounts, cadence, renewal dates, cancellation proof fields) that we infer from Gmail receipt-like messages or that you enter manually. We do not store full email bodies by default.

Account sign-in uses Supabase Auth. When you connect Gmail, we hold a short-lived session access token in an encrypted HTTP-only cookie (~15 minutes). We do not persist Gmail refresh tokens in the session-only v1 model.

How we use data

• Display recurring obligations, renewal alerts, and cancellation proof in your dashboard
• Detect changes when you re-scan Gmail (derived diff only)
• Operate billing and support when you subscribe

SubShield is not a bank connector, does not move money, and does not cancel subscriptions on your behalf.

Retention & deletion

You may delete derived SubShield data from Account settings. Disconnect Gmail to clear session cookies. See docs/DATA_RETENTION_POLICY.md for operator retention details.

Contact

Privacy questions: contact Bookiji Inc support via your account channel. Production legal review pending (BKI-SUB-037).