Privacy Policy

Last updated: May 3, 2026

1. Who We Are

Subzorro ("we", "us", "our") is a financial awareness tool that helps you identify forgotten subscriptions and track product warranties by analyzing your Gmail inbox. Our website is subzorro.com.

2. What Data We Access

When you connect your Google account, we request read-only access to your Gmail inbox. Specifically, we:

  • Search for emails related to receipts, invoices, subscriptions, and product warranties
  • Read the subject line, sender, date, and body of those specific emails
  • Send the email content to an AI model (Anthropic Claude) to extract structured information

We never read, store, or process emails unrelated to financial transactions.

3. What We Store

We store the following in our secure database:

  • Your name and email address (from Google sign-in)
  • Detected subscriptions: vendor name, amount, billing cycle, next charge date
  • Detected warranties: product name, purchase date, expiry date
  • AI-generated insights about your subscriptions and warranties
  • OAuth tokens (encrypted) to access Gmail on your behalf

We do not store raw email bodies. Email content is processed in memory and immediately discarded after analysis.

4. How We Use Your Data

  • To display your subscriptions and warranties in your dashboard
  • To calculate your monthly and annual spending estimates
  • To provide AI-generated insights and recommendations

We do not sell your data, share it with advertisers, or use it for any purpose other than providing the Subzorro service to you.

5. Third-Party Services

  • Google OAuth & Gmail API — to authenticate you and read relevant emails
  • Anthropic Claude — to parse email content and extract financial data. Anthropic does not use your data to train their models under our API agreement
  • Supabase — our database provider, hosted on AWS infrastructure with AES-256 encryption at rest
  • Vercel — our hosting provider

6. Data Retention

We retain your data for as long as you have an active account. You can request deletion of your account and all associated data at any time by emailing us. We will process deletion requests within 30 days.

7. Your Rights (GDPR)

If you are located in the EU or UK, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Withdraw consent at any time by disconnecting your Google account
  • Lodge a complaint with your local data protection authority

8. Cookies

We use a single session cookie to keep you signed in. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

9. Security

All data is encrypted in transit (TLS) and at rest (AES-256). OAuth tokens are stored securely and never exposed to the client. We request only the minimum permissions necessary to provide the service (read-only Gmail access).

10. Contact

For any privacy-related questions or data deletion requests, please contact us at yoavgersi@gmail.com