Privacy Policy

Subbie World Corp ("Subbie," "we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Subbie mobile application and related services (collectively, the "Service").

By using Subbie, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide or that we receive from third-party sign-in providers, including:

  • Name

  • Email address

  • Account identifiers (e.g., from Sign in with Apple)

  • Profile photo (if you choose to upload one)

  • Billing and subscription information (handled by Apple and RevenueCat)

1.2 Financial Information

Subbie helps you track financial activity. Depending on your use of the Service, we may collect or process:

  • Transaction data (amounts, dates, merchant names) retrieved from your linked financial institutions via Plaid

  • Subscription and recurring bill information

  • Account metadata such as institution name, account type, and masked account numbers

Note: We do not store your bank login credentials. Bank connections are established and managed through Plaid's secure, encrypted flow.

1.3 Data Stored on Your Device (Local-Only)

Your primary financial data is stored locally on your device, including:

  • Expenses, transactions, income, and payment history

  • Categories, payment methods, and app settings

  • Bank account metadata (e.g., institution name, masked account numbers)

  • Transaction data synced from Plaid

This data remains on your device and is not continuously synced to our servers.

1.4 Automatically Collected Information

When you use the Service, we may automatically collect:

  • Device type, operating system, and app version

  • Anonymous app usage data and product analytics (when you have not opted out)

  • IP address

  • Log files and diagnostic information

  • Device token for push notifications

1.5 Voice & AI Data

When you use SubbieAI, your voice input is processed by Apple's Speech Recognition framework on-device or via Apple's servers, and the resulting text is sent to OpenRouter (an AI routing service) to interpret your intent and extract expense details. We do not store raw audio recordings.

Transcribed text may be retained temporarily to process your request.

AI interaction metadata (such as whether a request succeeded or failed) may be logged for quality and analytics purposes.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service

  • Display your financial data and insights

  • Sync transactions and recurring expenses from connected accounts

  • Authenticate your account and manage your profile

  • Process subscriptions and in-app purchases

  • Improve app performance and user experience

  • Communicate important updates and send push notifications (with your permission)

  • Respond to support inquiries

  • Comply with legal obligations

3. Third-Party Services

Subbie integrates with the following third-party providers to operate the Service:

Provider

Purpose

Data Shared

Plaid

Securely connect financial institutions and retrieve transaction data

Bank connection tokens, transaction data (via Firebase Functions)

Firebase / Google Cloud

Authentication, Firestore, Cloud Functions, Firebase Storage

User profile, Plaid tokens, avatar images, merchant reference data

PostHog

Product analytics and usage insights

Anonymous usage events, masked session replays (text inputs masked)

Apple

App Store distribution, Sign in with Apple, subscriptions

Account credentials, purchase data

Featurebase

Feedback, roadmap, and changelog (when enabled)

Email or user identifier for SSO to the feedback portal

Firebase Cloud Messaging

Push notifications

Device token, notification preferences

Sentry

Crash analytics and hang time

Crashes and when the app freezes

Apple Speech Recognition

Converts voice input to text for SubbieAI

Audio while feature is active

OpenRouter

Routes AI requests to interpret expense data

Transcribed text of voice input

These providers have their own privacy policies. We share information only as needed to provide the Service.

Anonymous analytics (PostHog): We use PostHog to improve the app with anonymous usage data. You can turn off "Share anonymous insights" in Settings → Privacy at any time. When opted out, we do not send analytics or session replay data to PostHog.

4. Data Storage and Location

  • On-device (SwiftData): Expenses, transactions, income, categories, payment methods, app settings, and synced bank account metadata.

  • Cloud (Firebase): Authentication data, user profile, avatar image URL, Plaid access tokens, temporary transaction sync data, merchant reference data, and suggestions queue.

  • Firebase Storage: Profile photos (avatar images) you upload.

Core financial data is stored on your device. Cloud storage is used for authentication, profile, Plaid integration, and related features.

5. Data Security

We take reasonable administrative, technical, and physical measures to protect your information, including:

  • Encryption in transit and at rest

  • Secure server-side storage and restricted access

  • Plaid API calls routed through Firebase Functions (credentials never exposed to the app)

  • Industry-standard security practices

Despite these measures, no system can be guaranteed to be 100% secure.

6. Data Retention

We retain personal and financial information only as long as necessary to provide the Service and comply with legal obligations. You may request deletion of your data at any time by contacting us.

AI Data: Transcribed text from voice input is not retained after your request is processed. AI interaction logs (success/failure metadata) are retained for up to 90 days for debugging and quality purposes.

7. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request deletion of your data

  • Export your data

  • Withdraw consent where applicable

  • Opt out of anonymous analytics (Settings → Privacy → Share anonymous insights)

To exercise these rights, contact us at hello@subbie.world.

8. Children's Privacy

Subbie is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted within the app or on our website, and the effective date will be updated accordingly.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Subbie World Corp

Email: hello@subbie.world

By using Subbie, you acknowledge that you have read and understood this Privacy Policy.