Privacy Policy

Short version

dropsub is designed to be structurally incapable of collecting your subscription data. The app does not require an account, does not require your email, does not make network calls in the core code path, and does not include analytics SDKs. Your subscription data is stored in a local SQLite database on your phone. Store purchase validation happens through Apple or Google when you unlock the app - and that receipt flow goes through the store, not through a dropsub server.

If you want the technical and ethical reasoning behind this design, see the privacy decision tree.

What data dropsub stores (and where)

Everything dropsub stores stays on your device, inside the app's private storage directory. The categories of data are:

• Subscriptions you add: name, cost, currency, billing cycle, start date, next renewal date, cancel-by date (optional), notes (optional), category (optional), price history, and your per-subscription notification preferences.
• Free trials you add: trial start date, trial end date, converts-to amount and cycle, cancel-by date, status, reminder schedule.
• Cancellation proofs you log: per-subscription confirmation number, confirmation email received, screenshot saved flag, cancel date, follow-up statement check date, notes.
• App preferences: theme (system / light / dark), default currency, notification warning-day configuration, first-launch timestamp (used for the 7-day free trial).

All of this is in a local SQLite database inside the app's private directory, which is inaccessible to other apps on stock Android. The app's source code does not contain code that transmits any of this data to a server.

What data leaves your device

Three things, and we list them precisely because the answer matters:

1. OS-level device backup (if you have it enabled). Android's default Auto Backup can include the app's private storage, which means the SQLite database may be uploaded to your own Google account. This is configured in your Android settings, not in dropsub. If you do not want this, disable backups for dropsub in Android settings > Apps > dropsub > Mobile data & backup.
2. The app-store purchase receipt. When you unlock dropsub after the 7-day free trial, Apple or Google processes the receipt. dropsub receives a confirmation from the store that the purchase is valid. dropsub does not receive your name, email, or payment details - only the purchase status for the product id dropsub_unlock.
3. Backups you export yourself. If you tap “Export backup” in settings, dropsub creates a JSON file on your device and opens the system share sheet. Where the file goes from there is up to you. The file is unencrypted by default for ease of use; you can encrypt it before sharing if you prefer.

That is the entire list. There is no analytics, no crash reporting that phones home, no “anonymous” usage telemetry, no advertising SDK, and no third-party data processor in dropsub's runtime.

What dropsub does not do

• Does not require an account or login.
• Does not collect your email address.
• Does not read your contacts, photos, microphone, or location.
• Does not connect to your bank, brokerage, credit card, or any financial aggregator.
• Does not use Google Analytics, Firebase, Mixpanel, Amplitude, Segment, Sentry, or any equivalent service.
• Does not run ads.
• Does not share your data with third parties, because there is no third party to share it with.

Permissions the app requests

On Android, dropsub requests the minimum set of permissions needed to do its job. If a future version needs more, this page will be updated before the release ships.

• Notifications (Android 13+): required to show renewal warnings and trial-ending reminders. If you decline, the rest of the app still works; you simply will not see local notifications.
• Schedule exact alarms (Android 12+): required to fire renewal warnings at the correct wall-clock time even in battery-saver mode. If you decline, reminders may fire late or be batched by the OS.
• No internet permission required for the core tracking and cancel-coaching feature set. Store purchase validation is handled through the platform store flow, not through a dropsub analytics or sync server.

Children's privacy

dropsub is not directed at children under 13 (or the equivalent age of digital consent in your jurisdiction). The app does not knowingly collect information from children. Because the app does not collect information from anyone, this policy holds regardless of age.

Data deletion

Uninstalling dropsub deletes the app's private directory, including the SQLite database and any locally cached files. There is no server-side record to delete, because there is no server-side record. If you exported a JSON backup to cloud storage, deleting that is your responsibility and outside dropsub's scope.

Regional privacy rights

This section is included for users outside the United States and for US states with privacy laws. It is not legal advice. The practical answer is the same in every region: dropsub does not operate an account system, analytics pipeline, advertising SDK, user database, or subscription-data server. If we do not hold your subscription data, there is no server-side copy for us to access, correct, port, sell, share, or delete.

You can still exercise control locally: edit or delete subscriptions in the app, export a JSON backup, delete exported files wherever you saved them, disable OS-level device backup, or uninstall dropsub to remove the local app database from your device.

United States and California

For California users, the CCPA/CPRA gives rights around personal information collected by covered businesses, including access, deletion, correction, portability, and opting out of sale or sharing. dropsub does not sell or share personal information, does not run ads, does not use cross-context behavioral advertising, and does not collect sensitive personal information through the app. If you contact us by email, we will use that email only to respond to the request.

European Union / EEA and United Kingdom

EU GDPR and UK GDPR rights can include access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making. dropsub does not use automated profiling, does not make remote decisions about you, and does not transfer your app data to a dropsub server. If you email us, the email address and message you send are processed only to respond to you.

Canada

Canada's PIPEDA framework is built around fair information principles such as accountability, limiting collection, consent, safeguards, access, and challenging compliance. dropsub's app architecture limits collection by design: the app does not ask for an account, does not transmit subscription records to us, and keeps user-entered data on the device.

Australia and New Zealand

Australia's Privacy Act includes the Australian Privacy Principles, and New Zealand's Privacy Act uses information privacy principles for how personal information is collected, used, stored, accessed, and corrected. dropsub is designed so your app data remains local to your device unless you export it or your operating system backs it up through your own Apple or Google account.

Brazil and other regions

Brazil's LGPD and many other privacy laws provide rights around personal data access, correction, deletion, portability, and information about processing. dropsub's answer remains local-first: we do not maintain a server-side profile or subscription database about you. For any privacy question we can answer, contact To.Dahlia.Enterprises@gmail.com.

Public guide data and accuracy

dropsub cancellation guides and regional notes may be updated from public, reviewable data such as the planned GitHub data repository at github.com/kborndorff/dropsub-public-data. This helps make guide changes visible and auditable.

Public guide data can still be wrong or become outdated. Subscription services can change prices, cancellation URLs, support channels, and regional rules without warning. Always double-check any auto-filled amount, date, URL, or cancellation instruction before relying on it.

Changes to this policy

If we change this policy in a way that affects what data dropsub handles, we will update this page and ship the change as a release note in the app's public changelog. The version of this policy is dated at the top of the page. Prior versions are available on request via the security contact below.

Contact

For privacy questions, contact To.Dahlia.Enterprises@gmail.com. For security disclosures, see /.well-known/security.txt.