SubTrack

Privacy Policy

Privacy Policy

Last updated: May 31, 2026

Article 1 (Purpose)

This Privacy Policy explains how SubTrack Operator (the "Operator") handles personal information in connection with the subscription management application "SubTrack" (the "Service"). The Operator handles personal information appropriately in accordance with the Act on the Protection of Personal Information and other applicable laws.

Article 2 (Information We Collect)

  1. The Operator may collect the following information when customers use the Service.
  2. Account information, such as name or display name, email address, profile image, and identifiers from external authentication providers.
  3. Subscription management information, such as service names, amounts, billing cycles, billing dates, categories, and notification settings.
  4. Payment-related information, such as Stripe customer IDs, subscription IDs, checkout session IDs, purchase status, and plan information. Card numbers and other card details are managed by Stripe and are not retained by the Operator.
  5. Notification-related information, such as push notification subscription information, device or browser notification settings, and information needed to send email notifications.
  6. Usage environment information, such as cookies, session information, IP address, user agent, request headers, access time, error information, and technical information related to operations.
  7. The Operator collects personal information by lawful and fair means and does not acquire it through improper means.

Article 3 (Purposes of Use)

The Operator uses collected personal information for the following purposes.

  1. To provide, operate, maintain, and improve the Service.
  2. To authenticate accounts, verify identity, and manage settings.
  3. To register, display, analyze, notify, and export subscription information.
  4. To process payments through Stripe, manage plans, and provide the billing portal.
  5. To send push notifications, email notifications, and notices before a free trial ends.
  6. To respond to inquiries, disclosure requests, and complaints from customers.
  7. To analyze errors, improve quality, prevent abuse, and maintain security.
  8. To provide offline support and browser storage features.
  9. To respond to laws, regulations, or requests from public authorities.
  10. For purposes incidental to the purposes listed above.

Article 4 (External Services and Processors)

  1. The Operator may outsource all or part of the handling of personal information to external service providers to the extent necessary to provide the Service.
  2. Main processors or integrated services include Cloudflare, Stripe, Google, Resend, and Sentry.
  3. The Operator allows processors to handle information only to the extent necessary to achieve the purposes of use and supervises them appropriately.
  4. Sentry is used for error analysis, quality improvement, and feedback collection. Information sent to Sentry may include error details, technical browser or device information, technical information related to operations, and content entered by customers in the feedback form. The Operator configures Sentry to reduce default transmission of personal identifying information.

Article 5 (Provision to Third Parties)

  1. The Operator will not provide personal information to third parties without customer consent, except as permitted by law.
  2. However, the Operator may provide personal information without customer consent in the following cases.
  3. When disclosure is required by law.
  4. When necessary to protect a person's life, body, or property and obtaining consent is difficult.
  5. When especially necessary for improving public health or promoting the sound growth of children and obtaining consent is difficult.
  6. When cooperation with a national or local government body, or a party entrusted by such body, is necessary for the performance of duties prescribed by law and obtaining consent may interfere with that performance.

Article 6 (Security Control Measures)

  1. The Operator implements necessary and appropriate security control measures to prevent leakage, loss, or damage of personal information.
  2. The Operator manages access permissions, encrypts communications, manages logs, reviews processors, and reviews procedures for handling personal information.
  3. The Operator deletes or anonymizes personal information that is no longer necessary, taking into account legally or operationally required retention periods.

Article 7 (Disclosure, Correction, Suspension of Use, etc.)

  1. Customers may request notification of purpose of use, disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of third-party provision regarding their retained personal data.
  2. Customers who wish to make such a request should contact the inquiry point in Article 11.
  3. The Operator will verify identity and respond promptly within a reasonable scope in accordance with the Act on the Protection of Personal Information and other applicable laws.
  4. The Operator may be unable to comply with all or part of a request when the Operator is not legally obligated to do so, when disclosure may harm the rights or interests of the customer or a third party, or when it may significantly interfere with proper operation of the Service.

Article 8 (Cookies, Local Storage, and Similar Technologies)

  1. The Operator may use cookies, local storage, IndexedDB, and similar technologies to maintain login status, language settings, display settings, convenience, usage analysis, and abuse prevention.
  2. Customers may refuse cookies or delete saved cookies through browser settings. In that case, some functions of the Service may become unavailable.

Article 9 (Personal Information of Minors)

  1. If a minor uses the Service, the minor must do so with the consent of a parent or legal guardian.
  2. The Operator gives special consideration to the handling of personal information of minors.

Article 10 (Changes to This Privacy Policy)

  1. The Operator may revise this Privacy Policy due to legal amendments, changes to the Service, or changes in the handling of personal information.
  2. If the Operator makes a material change, the Operator will notify customers by posting it within the Service or by another appropriate method.
  3. Unless otherwise specified by the Operator, the revised Privacy Policy becomes effective when posted within the Service.

Article 11 (Contact Point)

If you have questions, comments, complaints, or other inquiries regarding this Privacy Policy or the handling of personal information, please contact the following address.

legal@subtracknotify.com