← Back to Submint
Privacy Policy
Last updated: May 25, 2026
Submint ("we", "our", or "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights.
Information We Collect
- Account information — email address and name when you sign up, either directly or via Google or Apple Sign In. If you use "Hide My Email" with Apple Sign In, we only receive Apple's relay address.
- Subscription data — the subscriptions you add, including names, amounts, billing dates, and categories. This data is yours and stored securely.
- Images you submit for AI scan — if you use the AI scan feature, the image you select (e.g. a receipt or confirmation screenshot) is uploaded to our server and forwarded to Anthropic for parsing. We do not retain the image after parsing completes.
- Push notification tokens — if you enable notifications, we store your device push token in order to send you renewal reminders. You can withdraw consent at any time through your device settings.
- Purchase information — if you buy Submint Pro, we receive confirmation of your purchase status from Apple, Google, or RevenueCat. We do not store your payment card details.
- Biometric authentication — if you enable the biometric app lock, Face ID / Touch ID / fingerprint matching is performed entirely by your device's operating system. Submint never receives or stores biometric data.
We do not run any analytics, tracking, or advertising SDKs. We do not collect crash reports or usage telemetry.
How We Use Your Information
- To provide and maintain the Submint service.
- To send renewal reminders and notifications you opt into.
- To process AI features (scan, insights) that you actively trigger.
We do not use your data for advertising or to train AI models.
Data Storage
Your data is stored using Supabase, hosted on AWS infrastructure in the West EU region (Ireland). We use row-level security to ensure your data is accessible only to you. Session tokens on your device are stored in the iOS Keychain or Android Keystore.
Third-Party Services
- Apple Sign In — governed by Apple's Privacy Policy.
- Google Sign In — governed by Google's Privacy Policy.
- Supabase — our backend, database, and authentication provider.
- Anthropic — when you use AI features (subscription scan from image, AI insights), the relevant image or anonymised subscription summary is sent to Anthropic's Claude API for processing. Per Anthropic's API terms, this data is not used to train their models.
- Brandfetch — used to fetch brand logos by domain name. No personal data is sent.
- Expo Push Service — relays push notifications to Apple and Google. Push tokens transit Expo's infrastructure.
- RevenueCat — processes and manages in-app purchase status on our behalf.
- Apple App Store / Google Play — process all purchases and handle payment details directly.
Data Retention
We retain your data for as long as your account is active. You can delete your account and all associated data at any time from within the app (Settings → Delete account). Deletion is immediate; encrypted database backups are purged within 7 days as part of our infrastructure provider's standard rotation.
Your Rights
Under GDPR (if you are in the EU) and applicable law, you may:
- Access the personal data we hold about you.
- Request correction or deletion of your data.
- Export your subscription data.
- Withdraw consent for notifications at any time.
- Lodge a complaint with your local data protection authority.
Children's Privacy
Submint is not directed at children under 14 (the minimum age of digital consent in Bulgaria; 16 in some other EU member states). We do not knowingly collect data from children under that age.
Governing Law
This policy is governed by the laws of the European Union and the Republic of Bulgaria. If you are located in the EU, you have rights under the General Data Protection Regulation (GDPR).
Contact
Questions about this policy? Reach us at hello@martinpandarski.com.
© 2026 Submint. All rights reserved.