Effective Date: September 9, 2025
This Privacy Policy describes how the "SubList Subscription Manager" Chrome Extension (the "Extension") collects, uses, and stores information. We are committed to protecting your privacy and ensuring transparency about our data practices.
1. Data Controller
The SubList Subscription Manager Chrome Extension is developed by nehalmax (Nehal Joshi). For any privacy-related questions, you can contact us at me@nehal.work.
2. What Information We Collect and Why
The Extension is designed with user privacy as a core principle. We do NOT collect, transmit, or store any of your personal data on our servers or any external services. All information processed and stored by the Extension remains exclusively on your local computer.
The Extension collects and processes the following types of information locally on your device:
Subscription Details:
- What is collected: Service name (e.g., "Netflix," "Figma"), plan name (e.g., "Premium," "Pro"), billing amount, currency, billing cycle (e.g., monthly, yearly), next renewal date, trial status and end date, subscription status (active, cancelling).
- How it's collected: This information is extracted directly from the web pages you visit (specifically billing, subscription, or membership pages) when you explicitly interact with the Extension (e.g., by clicking "Capture with Scraper" or "Capture with AI").
- Purpose: To enable the core functionality of the Extension, which is to help you track and manage your subscriptions and provide timely renewal reminders. This data is essential for the Extension to function as intended.
- Legal Basis (GDPR): Performance of a contract (Terms of Service for the Extension) and/or legitimate interest (providing you with the requested functionality of subscription management).
Gemini API Key (if provided):
- What is collected: An API key you may provide to enable the "Capture with AI" feature.
- How it's collected: You explicitly enter this key into the Extension's settings page.
- Purpose: To authenticate requests made directly from your browser to Google's Gemini API service, allowing the "Capture with AI" feature to function.
- Legal Basis (GDPR): Performance of a contract (providing the AI-powered feature you explicitly choose to enable).
Page Content (for extraction):
- What is collected: The text content and HTML structure of the active web page you are viewing.
- How it's collected: This data is temporarily accessed by the Extension's content scripts only when you explicitly click a "Capture" button. It is processed locally to identify and extract subscription details.
- Purpose: To perform the automated subscription detail extraction and categorization.
- Legal Basis (GDPR): Performance of a contract (providing you with the requested functionality of subscription detail extraction).
3. How Information is Stored (Local Storage Only)
All the information listed above (Subscription Details, Gemini API Key, and any temporarily processed page content) is stored exclusively in your Chrome browser's local storage (chrome.storage.local
) on your computer.
- No Cloud Storage: We do not have access to, nor do we store, any of this data on our servers or any third-party cloud services.
- No Transmission: Your data is never transmitted to us or any other external entity.
- Data Persistence: The data persists even if you close and reopen Chrome, but it will be deleted if you uninstall the Extension or explicitly clear your Chrome browsing data (specifically "Cookies and other site data" or "Site settings").
- Data Portability: You have the option to export your stored subscription data as a JSON file from the Extension's settings page.
4. How Information is Used
The collected information is used solely for the following purposes within your local Extension instance:
- To display your subscriptions within the Extension's popup.
- To calculate and display your total monthly spending.
- To categorize your subscriptions.
- To schedule and deliver renewal and trial reminder notifications.
- To make direct authenticated calls to Google's Gemini API (if you have provided an API key).
5. Sharing Your Information (No Sharing)
We do not share, sell, rent, or trade any of your information with third parties. As all data is stored locally on your device, there is no sharing of your data by us.
If you choose to use the "Capture with AI" feature and provide a Gemini API Key, requests are made directly from your browser to Google's API, governed by Google's own terms of service and privacy policy. We are not involved in this data transfer.
6. Data Retention
Your data is retained for as long as you keep the Extension installed on your Chrome browser and do not explicitly delete the data. We do not have access to your data, so we cannot delete it for you. You are in full control of your data retention.
7. Your Rights (GDPR)
As your data controller (for the data processed and stored on your device by the Extension), the Extension supports the following GDPR rights:
- Right to Access: You can access all data stored by the Extension by opening the Extension's popup or by using the "Export Data" feature in the Extension's settings page.
- Right to Rectification: You can modify or update your subscription details directly within the Extension's popup (though the current MVP might not have direct editing, it allows re-capturing which overwrites). You can also manually edit the exported JSON and re-import it.
- Right to Erasure ("Right to be Forgotten"): You can delete individual subscriptions directly from the Extension's popup. You can delete all your data by uninstalling the Extension or by clearing your browser's local data for the Extension.
- Right to Restriction of Processing: You can disable features (like reminders) in the Extension's settings, which restricts processing for those specific purposes. You can stop all processing by uninstalling the Extension.
- Right to Data Portability: You can export your subscription data as a JSON file from the Extension's settings page.
- Right to Object: You can object to data processing by discontinuing the use of the Extension and uninstalling it.
As we do not store or process your data on our servers, these rights are primarily exercised by you through your direct interaction with the Extension on your device.
8. Children's Privacy
The Extension is not intended for use by children under the age of 16. We do not knowingly collect any information from children under 16.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page within the Chrome Web Store listing. You are advised to review this Privacy Policy periodically for any changes.
10. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: me@nehal.work
Disclaimer: This is a template privacy policy. While it aims to comply with common EU privacy principles, it does not constitute legal advice. You should seek independent legal counsel to ensure full compliance with all applicable laws and regulations.