Privacy Policy

Welcome to Click to Cancel ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our subscription management service (the "Service").

We are committed to protecting your privacy and being transparent about our data practices. This policy describes:

• What information we collect and why
• How we use and protect your information
• Your rights and choices regarding your data
• How we comply with privacy regulations (GDPR, CCPA, etc.)

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use our Service.

2.1 Information You Provide Directly

Account Information:

• Name and email address
• Login credentials (password hash only, never stored in plain text)
• Payment information (processed securely by Stripe; we never store full credit card numbers)
• Communication preferences

2.2 Email Access (Limited & Specific)

When you grant us permission to access your email, we use read-only access to:

• Identify subscription receipts - We scan for emails from known subscription services (Netflix, Spotify, gym memberships, etc.)
• Extract subscription details - Service name, price, billing date, renewal information
• Track cancellation confirmations - Verify when subscriptions are successfully cancelled

Technical Implementation: We use OAuth 2.0 authentication with Gmail API or similar secure protocols. You can revoke our access at any time through your email provider's security settings.

2.3 Subscription Data

We collect and store information about your subscriptions:

• Service provider names (e.g., "Netflix", "Spotify")
• Subscription prices and billing frequencies
• Renewal dates and trial end dates
• Cancellation status and history
• Your notes or preferences about each subscription

2.4 Usage Information

We automatically collect certain information when you use our Service:

• Log data: IP address, browser type, device information, pages visited
• Analytics: How you interact with features, time spent, clicks, errors encountered
• Cookies: Essential cookies for authentication and preferences (see Cookie Policy below)

2.5 Communication Data

• Support tickets and correspondence with our team
• Feedback, surveys, and beta testing responses
• Marketing preferences and communication history

We use your information for the following purposes:

3.1 To Provide Our Service

• Identify and display your active subscriptions
• Process cancellation requests on your behalf
• Send renewal reminders and notifications
• Provide cancellation confirmations and receipts
• Calculate savings and generate reports

3.2 To Improve and Develop Our Service

• Analyze usage patterns to enhance user experience
• Develop new features and functionality
• Debug errors and optimize performance
• Conduct research and testing (with anonymized data)

3.3 To Communicate With You

• Send service-related emails (cancellation confirmations, renewal alerts)
• Respond to your support requests and inquiries
• Send optional marketing communications (you can opt-out anytime)
• Notify you of important updates or changes to our Service

3.4 For Security and Legal Compliance

• Prevent fraud, abuse, and unauthorized access
• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service
• Protect our rights and the rights of our users

3.5 With Your Consent

For any other purposes, we will ask for your explicit consent before using your information.

We do NOT sell your personal information to third parties. We only share your information in the following limited circumstances:

4.1 Service Providers

We work with trusted third-party companies that help us operate our Service:

• Stripe: Payment processing (subject to Stripe's privacy policy)
• Cloud hosting providers: Secure data storage and infrastructure (AWS, Google Cloud, etc.)
• Email service providers: Transactional and marketing emails
• Analytics providers: Usage analytics and error tracking
• Customer support tools: Help desk and support ticket management

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Subscription Service Providers

When you request to cancel a subscription, we share only the minimum necessary information with that service provider (typically your name, email, and subscription ID) to process the cancellation.

4.3 Legal Requirements

We may disclose your information if required to:

• Comply with a legal obligation, court order, or subpoena
• Respond to lawful requests from government authorities
• Protect our rights, property, or safety, or that of our users
• Investigate fraud, security issues, or violations of our Terms

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your information is transferred.

4.5 Aggregated or Anonymized Data

We may share aggregated or anonymized data that cannot identify you personally (e.g., "80% of users cancelled at least one subscription in their first month") for research, marketing, or analytics purposes.

We implement industry-standard security measures to protect your information:

5.1 Technical Safeguards

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS)
• Data at rest: Sensitive data is encrypted in our databases using AES-256 encryption
• Password security: Passwords are hashed using bcrypt with strong salting
• OAuth 2.0: Secure email access without storing your email password
• Access controls: Role-based access limits who can view your data internally

5.2 Organizational Safeguards

• Regular security audits and penetration testing
• Employee training on data protection and privacy
• Confidentiality agreements with all team members and contractors
• Incident response plan for potential data breaches
• Regular backups with secure, encrypted storage

5.3 Limitations

While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you promptly if we discover any breach that affects your personal information.

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

• Active accounts: We retain your data while your account is active
• Cancelled accounts: After account deletion, we retain minimal information for 30 days to allow for account recovery, then permanently delete it
• Legal requirements: Some data may be retained longer to comply with tax, accounting, or legal obligations (e.g., transaction records for 7 years)
• Anonymized data: We may retain anonymized analytics data indefinitely for business purposes

You can request deletion of your account and data at any time by contacting support@clicktocancel.app.

You have the following rights regarding your personal information:

7.1 Access and Portability

• Access: Request a copy of the personal information we hold about you
• Data portability: Receive your data in a structured, machine-readable format (JSON or CSV)

7.2 Correction and Update

• Update your account information directly in your account settings
• Request corrections to inaccurate or incomplete data

7.3 Deletion

• Right to deletion: Request deletion of your account and personal data
• Right to be forgotten: We will delete your data unless we're legally required to retain it
• How to delete: Go to Account Settings → Delete Account, or contact support@clicktocancel.app

7.4 Email Access Control

• Revoke access: Disconnect email access at any time through Account Settings
• Provider controls: Revoke OAuth permissions through your email provider (Gmail, Outlook, etc.)
• After revocation, we can no longer scan for new subscriptions but retain previously identified subscription data

7.5 Marketing Communications

• Opt-out: Unsubscribe from marketing emails using the link in any email
• Preferences: Manage email preferences in Account Settings
• Service emails: You will still receive essential service-related emails (cancellation confirmations, security alerts)

7.6 Do Not Track

We respect "Do Not Track" signals from your browser and will not track your activity for advertising purposes when DNT is enabled.

7.7 Additional Rights (GDPR, CCPA)

If you're in the EU, UK, California, or other jurisdictions with specific privacy laws, you may have additional rights:

• Object to processing: Object to certain uses of your data
• Restrict processing: Limit how we use your data in certain circumstances
• Withdraw consent: Withdraw previously given consent at any time
• Lodge a complaint: File a complaint with your local data protection authority

We use cookies and similar technologies to enhance your experience:

8.1 Essential Cookies

Required for the Service to function:

• Authentication tokens (keep you logged in)
• Security tokens (prevent CSRF attacks)
• Session cookies (maintain your session state)

8.2 Functional Cookies

Remember your preferences:

• Language and region settings
• Display preferences (dark mode, currency format)
• Feature flags and A/B test assignments

8.3 Analytics Cookies (Optional)

Help us understand how you use our Service (with your consent):

• Page views and navigation patterns
• Feature usage and engagement metrics
• Error tracking and performance monitoring

8.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent the Service from functioning properly.

Our Service may contain links to third-party websites or integrate with third-party services (e.g., subscription service providers). We are not responsible for the privacy practices of these external services.

Key third-party services we use:

• Stripe: Payment processing - see Stripe's Privacy Policy
• Google/Apple: OAuth authentication - see their respective privacy policies
• Subscription providers: Companies whose services you're cancelling (Netflix, Spotify, etc.)

We encourage you to review the privacy policies of any third-party services you interact with.

Our Service is not intended for children under 18 years of age (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.

If we discover that we have collected information from a child without parental consent, we will delete that information immediately. If you believe we may have information from or about a child, please contact us at support@clicktocancel.app.

Your information may be transferred to and processed in countries other than your own. These countries may have data protection laws different from those in your jurisdiction.

For EU/UK users: When we transfer data outside the European Economic Area or UK, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection
• Other legally approved transfer mechanisms

Data processing locations: Our servers are primarily located in [United States/EU - specify your actual hosting regions]. We use cloud providers with robust data protection certifications (ISO 27001, SOC 2, etc.).

If you're located in the European Union or United Kingdom, you have specific rights under the General Data Protection Regulation (GDPR):

• Right to access: Obtain confirmation of data processing and a copy of your data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for consent-based processing
• Right to lodge a complaint: File a complaint with your supervisory authority

Legal basis for processing: We process your data based on:

• Contract: Processing necessary to provide our Service
• Consent: For email access, marketing communications, and analytics
• Legitimate interests: Fraud prevention, security, service improvement
• Legal obligation: Compliance with laws and regulations

If you're a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request disclosure of personal information collected about you
• Right to delete: Request deletion of your personal information
• Right to opt-out: Opt-out of the "sale" of your personal information
• Right to non-discrimination: We won't discriminate against you for exercising your rights

Important: We do NOT sell your personal information. We do not and will not sell your data to third parties for monetary or other valuable consideration.

Categories of information collected: Identifiers, commercial information, internet activity, and inferences (as described in Section 2).

To exercise your CCPA rights, email us at support@clicktocancel.app or call us at [phone number]. We will verify your identity before processing requests.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How we notify you:

• We will post the updated policy on this page with a new "Last Updated" date
• For material changes, we will provide at least 30 days' notice via email
• Continued use of the Service after changes take effect constitutes acceptance
• We may also display an in-app notification about significant changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.