Privacy Policy

Last updated: April 9, 2026 · Avaitus Digital

Table of Contents

Overview
Gmail API & Google User Data
Information We Collect
How We Use Your Information
Data Sharing & Third Parties
Data Storage & Security
Data Retention
Your Rights & Choices
Children's Privacy
Changes to This Policy
Contact Us

1. Overview

SubScan AI ("we", "our", "the app") is a subscription management application developed by Avaitus Digital. This Privacy Policy describes what data we collect, why we collect it, how we use it, and the choices you have.

By using SubScan AI you agree to the practices described in this policy. If you do not agree, please discontinue use of the app.

2. Gmail API & Google User Data — Limited Use Disclosure

🔒

SubScan AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What Google scope we request and why

Scope	What it allows	Why we need it
`gmail.readonly`	Read-only access to Gmail messages and metadata	To scan payment receipts and invoices for subscription data (amounts, service names, billing dates) only when you tap "Scan"

How we use Gmail data — strict rules

On-demand only: Gmail is accessed exclusively when you explicitly tap the "Scan" button. We never access your inbox in the background or automatically.
Subscription detection only: Gmail data is used solely to identify subscription-related emails (receipts, invoices, renewal notices) and extract: service name, billing amount, currency, and billing date.
No advertising: We do not use Gmail data to serve advertisements or build advertising profiles.
No human reading: No employee or contractor reads your email content unless you provide explicit written consent, it is required for a security investigation, or we are compelled by law.
No raw content stored: We do not store full email bodies or subjects. Only extracted subscription metadata is saved.
No third-party transfer: Raw email content is never shared with or sold to any third party.
No AI training: Your email data is not used to train any AI model, including our own.
Minimal retention: Gmail OAuth tokens are stored encrypted solely to maintain your Gmail connection for on-demand scanning. Tokens are deleted when you disconnect Gmail or delete your account.

Revoking Gmail access

You can disconnect Gmail at any time from Settings → Gmail → Disconnect inside the app, or by visiting myaccount.google.com/permissions and removing SubScan AI. Disconnecting immediately stops all Gmail access.

3. Information We Collect

Account information

Name, email address, and profile picture from your Google account or email/password signup via Firebase Authentication.

Gmail-derived data (with your permission)

Service name, billing amount, currency, billing frequency, and payment date — extracted from subscription-related emails you have received.
We do not collect email subjects, full bodies, sender lists, or any other email content beyond what is necessary to identify a subscription.

User-entered data

Subscriptions you add manually: service name, amount, currency, billing date, and category.
Reminder preferences and notification settings.

Usage & analytics data

Basic, anonymized app usage events (e.g., "scan started", "subscription added") to improve the product. No personal data is included in analytics events.

4. How We Use Your Information

To scan your Gmail inbox for subscription receipts when you initiate a scan.
To display, manage, and organize your subscriptions.
To calculate monthly spending and predict upcoming payment dates.
To send renewal reminders via email, push notification, WhatsApp, or SMS — only if you enable them.
To generate AI-assisted negotiation or cancellation drafts for your subscriptions.
To maintain and improve subscription detection accuracy.
To comply with legal obligations.

We will never use your data for any purpose not listed above without your explicit consent.

We do not sell, rent, or share your personal data with third parties for their own commercial purposes. We use the following sub-processors strictly to operate SubScan AI:

Google Gmail API — Read-only access to your inbox for subscription scanning (your permission required).
Firebase Authentication (Google) — Secure user sign-in and identity management.
MongoDB Atlas — Encrypted cloud database for subscription and user data.
Groq AI — Validates extracted subscription metadata. Only anonymized fields (service name, amount, date) are sent. Raw email content is never transmitted to Groq.
Retell AI — Voice call automation for cancellation flows (only when you explicitly trigger a cancellation call).

All third-party processors are bound by data processing agreements and are only permitted to process data on our documented instructions.

6. Data Storage & Security

All data is stored on MongoDB Atlas with encryption at rest (AES-256) and encryption in transit (TLS 1.2+).
User authentication is managed by Firebase Authentication with industry-standard security controls.
All client–server communication uses HTTPS.
Gmail OAuth refresh tokens are stored encrypted and access-controlled — only the backend service that performs scans can read them.
We apply the principle of least privilege: each internal service only accesses the data it requires.

7. Data Retention

We retain your subscription and account data for as long as your account is active.
When you delete your account, all associated data — subscriptions, scan history, user profile, OAuth tokens — is permanently deleted from our systems within 30 days.
Anonymized, aggregated analytics data that cannot be traced back to you may be retained longer for product improvement.

8. Your Rights & Choices

Access: Request a copy of all personal data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Delete your account and all associated data via Settings → Delete Account, or by emailing us.
Disconnect Gmail: Revoke Gmail access at any time from app settings or Google account permissions.
Data portability: Request an export of your subscription data by emailing us.
Opt-out of reminders: Disable all notifications from Settings at any time.

To exercise any of these rights, email us at avaitusdigital@gmail.com. We respond within 30 days.

9. Children's Privacy

SubScan AI is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected such data, we will delete it promptly. If you believe a child under 13 has provided us data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy at this URL with a revised "Last updated" date, and by sending an in-app or email notification where required. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact:

Avaitus Digital
Email: avaitusdigital@gmail.com

← Back to SubScan AI