Submanager

Legal

Privacy Policy

Last updated: May 29, 2026

1. Data Controller

Submanager is a personal project by Tom Simonis. For any questions regarding your personal data, contact us at: support@submanager.org

2. Data Collected

We only collect data necessary for the service to function:

  • Email address (account identifier)
  • Password stored as a secure hash (bcrypt)
  • Subscription data entered by the user (name, amount, currency, renewal date, category)
  • Application preferences (language, theme, alert settings)

We do not collect any browsing data, tracking cookies, or payment data.

3. Purpose of Processing

Your data is used exclusively to:

  • Provide and maintain the Submanager service
  • Authenticate you and secure your account
  • Send you renewal alerts by email
  • Display your subscriptions and spending statistics

4. Legal Basis

The processing of your personal data is based on the performance of the service contract you accept when creating your account (Article 6(1)(b) of the GDPR).

5. Hosting & Security

All your data is hosted exclusively on servers of OVH SAS (2 rue Kellermann, 59100 Roubaix, France), located in metropolitan France. Your data does not leave European Union territory.

Communications are encrypted via HTTPS/TLS. Passwords are hashed with bcrypt before storage and are never readable, including by our team.

6. Data Retention

Your data is retained for as long as your account is active. Upon account deletion, all your personal data and subscriptions are permanently deleted within 24 hours.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access — obtain a copy of your personal data
  • Right of rectification — correct inaccurate data
  • Right to erasure — delete your account and all your data
  • Right to portability — export your data in CSV or JSON format from Settings
  • Right to object — object to a processing activity

To exercise these rights, delete your account from Settings > Account > Danger Zone, or contact us at support@submanager.org

8. Cookies

Submanager does not use tracking, advertising, or analytics cookies. A secure session cookie is used solely to maintain your authentication. It is deleted upon logout.

9. Third-Party Services

We use the following third-party services in limited cases:

  • Google OAuth — if you choose to sign in with Google, only your email address is transmitted. Data is subject to Google's privacy policy.
  • Resend — email delivery service used for renewal alerts. Only your email address is shared for this purpose.

No data is sold or shared for advertising purposes.

10. Changes to This Policy

This policy may be updated. In the event of significant changes affecting your rights, you will be notified by email with 30 days' notice. The update date at the top of this page indicates the current version.

11. Contact & Complaints

For any questions: support@submanager.org

You may also file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés).