Privacy Policy
Last updated: June 12, 2026
The short version: SubForge never sees your bank credentials, never shows ads, and never sells your data. Bank linking is optional and read-only — it runs through Plaid, surfaces only your recurring charges, and without it SubForge touches no financial accounts at all. Your subscriptions, your data, your call. That's the deal.
1. Who we are
SubForge ("SubForge," "we," "us") provides a subscription-tracking application for iOS and Android and the website subforge.ai. Questions about this policy: support@subforge.ai.
2. Information we collect
- Account information (optional). SubForge works without an account ("guest mode"), in which case your data stays on your device. If you create an account, we collect your email address and — if you sign in with Apple or Google — the name those providers share, plus an internal account identifier.
- Subscription records you enter. Service names, prices, billing cycles, renewal dates, categories, and notes that you type into the app. In guest mode these stay on your device; with an account they're stored in our cloud database (Google Firebase) so they sync across your devices.
- Optional bank connection (Pro). If you choose to connect a bank account for automatic subscription detection, the connection is made through Plaid, a regulated financial data network. You authenticate directly with your bank inside Plaid's secure interface — SubForge never sees or stores your bank credentials. From the connection we receive and store only read-only recurring-charge information (merchant, amount, billing cadence, dates) used to suggest subscriptions, plus secure access tokens kept server-side, encrypted at rest, and inaccessible to client apps. You can disconnect at any time in Settings, which revokes access and deletes the stored connection data. Plaid's handling of your data is described in Plaid's End User Privacy Policy.
- Purchase information. If you buy SubForge Pro, the transaction is processed entirely by Apple's App Store or Google Play. We (via our subscription-management provider, RevenueCat) receive receipt tokens that confirm your entitlement. We never see your card details.
- Crash and diagnostic data. We use Google Firebase Crashlytics to detect and fix crashes: when the app crashes it sends a diagnostic report including the error, a stack trace, device model, OS version, and app version. SubForge does not use analytics or advertising SDKs, and this data is never used to track you across other companies' apps or websites.
3. What we never collect
- Your bank credentials — even with an optional bank connection, sign-in happens directly between you and your bank via Plaid; SubForge never receives usernames, passwords, or full account numbers.
- Bank data of any kind unless you explicitly connect an account — without a connection, SubForge has no access to financial accounts at all.
- Screenshots you import — they are processed by on-device AI and never uploaded.
- Your contacts, photos (beyond the screenshot you explicitly pick, which stays on-device), or location.
- Advertising identifiers for cross-app tracking. SubForge contains no third-party advertising.
4. How we use information
To provide the service (sync, backup, restoring purchases), to send the renewal and trial reminders you configure (these notifications are scheduled on your device, not from our servers), to respond to support requests, and to improve the app. We do not sell or rent personal information, full stop.
5. Sharing
We share data only with the service providers that make SubForge run: Google Firebase (authentication, database, and crash reporting — acting as our processor), Plaid (optional bank connections, as described above), RevenueCat (purchase entitlements), and Apple/Google (payment processing). We may disclose information if required by law. If SubForge is ever acquired, data would transfer under this same policy's protections. We never sell personal information.
6. Data retention & deletion
Your data is yours to destroy:
- In-app: Settings → Danger zone → Delete account permanently erases your account and all cloud data. Settings → Erase all subscriptions clears your records at any time. Guest-mode data can be erased the same way or by deleting the app.
- By email: request deletion at support@subforge.ai and we'll complete it within 30 days.
7. Security
Data is encrypted in transit (TLS) and protected at rest by Google Firebase's infrastructure. Cloud records are isolated per account by security rules — your data is readable only by your authenticated account.
8. Children
SubForge is not directed to children under 13, and we do not knowingly collect personal information from them.
9. International users
SubForge is operated from the United States and data is processed on servers located there. By using SubForge you consent to that processing.
10. Changes
We'll post any changes to this policy here and update the date above. Material changes will be highlighted in the app.