Privacy Policy

Last updated: March 17, 2026

1. Introduction

Unbilled ("we", "our", or "the app") is a subscription tracking application that helps users manage and monitor their recurring subscriptions by scanning email accounts for subscription-related communications. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller for your personal data processed through Unbilled is:

Unbilled

Contact email: [email protected]

Website: https://unbilled.app

3. Legal Basis for Processing (Article 6 GDPR)

We process your personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a)): You explicitly consent to email scanning when connecting your Gmail or Outlook account. This consent is obtained through a clear dialog before the connection is established and can be withdrawn at any time by disconnecting your email account.
  • Contract performance (Art. 6(1)(b)): Processing your account information and subscription data is necessary to provide the subscription tracking service you signed up for.
  • Legitimate interest (Art. 6(1)(f)): We use essential cookies to maintain your session and remember your preferences, which is necessary for the proper functioning of the application.

4. Information We Collect

Account Information

When you sign in, we collect your name and email address from your authentication provider. This is used solely to identify your account and personalize your experience.

Email Data

When you connect a Gmail or Outlook account, we request read-only access to your emails. We scan email subjects, senders, and body content exclusively to identify subscription-related messages (e.g., billing confirmations, renewal notices, receipts). We store only the metadata needed to track your subscriptions — specifically the email subject, sender address, date, and extracted subscription details (service name, amount, billing cycle).

Subscription Data

We store subscription details that you manually enter or that are automatically detected from your emails, including service names, amounts, billing cycles, and renewal dates.

Cookies & Session Data

We use essential cookies to maintain your authentication session and remember your preferences (e.g., currency settings, theme). We do not use tracking cookies, advertising cookies, or analytics cookies that profile your behavior.

5. How We Use Your Information

Your information is used exclusively for the following purposes:

  • Detecting and tracking your active subscriptions from email communications
  • Calculating spending summaries and providing financial insights
  • Sending you renewal reminders and notifications before billing dates
  • Identifying duplicate or unused subscriptions to help you save money

6. Email Access & Permissions

Important: Unbilled uses read-only access to your email. We cannot and will never send, delete, modify, or forward any of your emails.

When you connect your Gmail account, we request the gmail.readonly scope, which provides read-only access. For Outlook, we request Mail.Read permission. These are the minimum permissions needed to scan for subscription-related emails.

You can disconnect your email account at any time from the Settings page, which immediately revokes our access. Previously detected subscriptions will remain in your account, but no further email scanning will occur.

7. Data Storage & Security

Your data is stored securely in encrypted databases hosted within the European Union. Email access tokens are stored server-side and are never exposed to the browser. We use industry-standard security practices including HTTPS encryption for all data in transit and secure session management.

We do not store full email bodies. Only the minimum metadata required for subscription detection is retained (subject line, sender, date, and extracted subscription details).

8. Data Sharing & International Transfers

We do not sell, rent, or share your personal data with any third parties for marketing or advertising purposes. Your subscription data and email metadata are used solely within Unbilled to provide the service to you.

Where data is processed by third-party services (see Section 9), appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for any transfers outside the European Economic Area (EEA).

9. Third-Party Services

Unbilled integrates with the following third-party services:

  • Google Gmail API — for reading email content to detect subscriptions (read-only access)
  • Microsoft Graph API — for reading Outlook email content to detect subscriptions (read-only access)
  • AI/LLM Services — for analyzing email content to extract subscription details (processed server-side, no email content is stored by the AI provider)

10. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data. You can exercise most of these directly from the Settings > Data & Privacy section of the app:

  • Right of Access (Art. 15): View all data stored in your account at any time. Use the "Export My Data" feature in Settings to download a complete copy.
  • Right to Rectification (Art. 16): Edit or update any subscription information directly in the app.
  • Right to Erasure (Art. 17): Delete individual subscriptions, or permanently delete your entire account and all associated data using the "Delete My Account" feature in Settings.
  • Right to Data Portability (Art. 20): Export all your data in a structured, machine-readable JSON format using the "Export My Data" feature.
  • Right to Withdraw Consent (Art. 7(3)): Disconnect your email accounts at any time from Settings to withdraw consent for email scanning. This does not affect the lawfulness of processing based on consent before withdrawal.
  • Right to Restrict Processing (Art. 18): Contact us to request restriction of processing of your personal data.
  • Right to Object (Art. 21): Contact us to object to processing of your personal data based on legitimate interests.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your EU member state if you believe your data protection rights have been violated.

11. Data Retention

We retain your personal data only for as long as necessary to provide the service:

  • Account data: Retained for as long as your account is active. Deleted immediately upon account deletion.
  • Email OAuth tokens: Deleted immediately when you disconnect an email account.
  • Scanned email metadata: Retained until you use "Reset & Re-scan" or delete your account.
  • Subscription data: Retained until you manually delete individual subscriptions or delete your account.
  • Notification history: Retained for up to 12 months, then automatically purged.

12. Children's Privacy

Unbilled is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be communicated through the application (e.g., via an in-app notification) and reflected on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

14. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, please contact us at:

Email: [email protected]

For data subject access requests (DSARs), you can also use the self-service tools in Settings > Data & Privacy.

Cookie Notice

Unbilled uses essential cookies to keep you signed in and remember your preferences. We do not use tracking or advertising cookies. By continuing to use this site, you consent to our use of essential cookies. Learn more in our Privacy Policy.