Privacy Policy

1. Introduction

Sublist is an iOS app that helps you track your subscriptions and recurring payments. This policy explains what data Sublist collects, how it is used, and your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the UK GDPR.

Sublist is developed and operated by Hugo Hodinka, based in Barcelona, Spain.

2. Data Controller

The data controller for Sublist is:

Hugo Hodinka
Barcelona, Spain
Contact: hhodinka@me.com

3. What Data We Collect

Sublist is designed to keep your data on your device. The app does not require an account, does not sync data to a server, and does not use analytics or advertising SDKs. Most of your information never leaves your phone.

The following data may be transmitted to external services in specific circumstances:

IP address (for country detection)

When the Price Intelligence feature is enabled, Sublist sends a single request to ipapi.co to determine your country. This is used to show you region-accurate pricing for supported subscription services. Only your IP address is sent as part of this standard HTTPS request.

Pricing requests

When Sublist checks prices for supported services (Netflix, Spotify, Disney+, etc.), requests are routed through a proxy server at sublist-api.vercel.app. These requests contain only the service name and your detected country code. No personal data, device identifiers, or subscription details are included.

We do not collect:

• Your name, email address, or phone number
• Your device advertising identifier (IDFA)
• Your contacts, photos, health data, or calendar
• Your payment card or bank details (handled entirely by Apple)
• Your subscription list, spending data, or any content you enter into the app
• Analytics, usage data, or behavioural tracking of any kind

4. How We Use Your Data

We use the limited data described above only for the following purposes:

• Country detection: determining your region so that price intelligence results reflect local pricing.
• Price lookups: fetching current subscription prices for supported services to alert you about changes or cheaper alternatives.

We do not use your data for advertising, marketing, or tracking. Sublist does not include any advertising SDKs, does not share data with data brokers, and does not link your activity across third-party apps or websites.

5. Third-Party Services

Sublist uses the following third-party services. Each has its own privacy policy governing how they handle data.

ipapi.co

• Used for: detecting your country based on your IP address.
• Data sent: your IP address (as part of a standard HTTPS request).
• Privacy policy: https://ipapi.co/privacy/

Vercel (sublist-api.vercel.app)

• Used for: proxying price lookup requests to subscription service websites.
• Data sent: service name and country code. No personal data.
• Privacy policy: https://vercel.com/legal/privacy-policy

6. Data Retention

Sublist does not operate its own database or user data store. All subscription data you enter into the app is stored locally on your device using Apple's SwiftData framework and is never transmitted.

Country detection results are cached locally on your device. Price lookup requests are transient and not logged or stored on the proxy server.

7. Your Rights Under GDPR and UK GDPR

If you are in the European Union, the United Kingdom, or another region with similar data protection laws, you have the following rights:

• Right of access: ask what data we or our third-party partners hold about you.
• Right to rectification: ask us to correct inaccurate data.
• Right to erasure: ask us to delete your data.
• Right to restrict processing: ask us to limit how we use your data.
• Right to data portability: ask for your data in a machine-readable format.
• Right to object: object to us processing your data.
• Right to lodge a complaint with a supervisory authority. In the EU, this is the data protection authority in your country. In the UK, it is the Information Commissioner's Office (ICO).

To exercise any of these rights, email hhodinka@me.com. We aim to respond within 30 days.

Because Sublist stores all user data locally on your device, you can also exercise your right to erasure by simply deleting the app, which removes all local data.

8. Children

Sublist is not directed at children under 13, and we do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us and we will delete it.

9. International Data Transfers

Sublist uses third-party services that may process requests outside the European Economic Area. ipapi.co and Vercel operate globally distributed infrastructure. These transfers occur as part of standard HTTPS requests and are governed by each provider's privacy policy.

10. Security

All communication between Sublist and external services uses HTTPS with standard TLS encryption. No personal data is stored on our servers because we do not operate any. Your subscription data remains encrypted on your device via Apple's data protection framework.

11. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated through the App Store release notes. The "Last updated" date at the top of the page always reflects the current version.

12. Contact

If you have questions about this policy or want to exercise any of your rights, contact:

Hugo Hodinka
hhodinka@me.com

See also: Terms of Service