Privacy Policy
Recurrly ("we", "us", "our") is a subscription management app. This policy explains what information we collect, how we use it, and the choices you have. By using Recurrly you agree to this policy.
1. Information We Collect
Account information
When you sign up we collect your email address and name via our authentication provider, Clerk. Passwords, if used, are never stored by us — they are handled entirely by Clerk.
Subscription data you create
Names, prices, billing cycles, renewal dates, categories, currency, trial end dates, and status (active / paused / canceled) for any subscription you add manually or approve from a Gmail match.
Settings & preferences
Your base currency, notification toggles (Trial / Renewal / Paused digest / System), and your optional Financial Health monthly spending cap. These are stored with your account.
In-app notification history
Every renewal, trial-end, and digest entry the app generates is stored on-device so the in-app notification center can show Today / This week / Older groupings.
Gmail data (currently disabled)
Status as of v1.2.1: Gmail integration is not available in this release while Google's OAuth verification process is in progress. No Gmail data is requested, accessed, or stored by the current build. The flow described below covers our planned implementation and will only become active once the integration is re-enabled in a future release.
If/when you opt-in to Gmail sync (future release), we will access:
- Message metadata (sender, subject, date)
- Message bodies of receipt/billing emails that match our internal keyword filters (e.g. "invoice", "subscription", "receipt")
We will not read personal messages, attachments, or emails outside the billing-receipts filter.
Device and usage data
Anonymous usage events (screen views, button taps, feature usage) via PostHog analytics. We do not associate these events with your real name or email.
Diagnostic data
Crash reports and performance metrics via Expo / Google Play's standard diagnostic pipelines.
2. How We Use Your Data
- Provide the subscription-tracking service (detect recurring charges, calculate monthly / annual totals, surface upcoming renewals)
- Calculate your Financial Health score from your active subscriptions and surface category / month-over-month insights
- Apply your base currency to convert and display every price across Home, Insights, Subscriptions, Detail, and Calendar
- Send local device notifications for trial and renewal reminders (7 / 3 / 1 day before) and weekly digests, surfaced through the in-app notification center
- Improve the product based on aggregate, anonymous usage trends
- Detect abuse, security incidents, and fraud
We do not sell your data to third parties. We do not use your data for targeted advertising.
3. Gmail Access (OAuth Scopes) — currently disabled
Status as of v1.2.1: The Gmail integration described in this section is not active in the current release. Recurrly does not request or use any Google OAuth scope today. This section describes how the integration will work when it is re-enabled in a future release after Google's OAuth verification is complete; it is retained here so that the disclosure exists once the feature returns.
When re-enabled, Recurrly will request the following Google OAuth scope:
https://www.googleapis.com/auth/gmail.readonly
This scope is read-only. We cannot send email, delete messages, or modify your inbox. We will limit our reads to messages matching our billing-receipts keyword filter.
A refresh token would be stored in our database (Supabase, AWS us-east-2) so that Recurrly can periodically re-scan your inbox for new receipts. This token would be encrypted at rest.
Once the integration is re-enabled, you will be able to revoke Gmail access at any time:
- In Recurrly: Settings → Gmail Integration → Disconnect
- In your Google Account: myaccount.google.com/permissions → revoke access for Recurrly
Revoking from either location will immediately invalidate our token and stop all future scans.
4. Data Storage and Security
- Where: Your data is stored on Supabase (Postgres, hosted on AWS).
- Access control: Row-Level Security ensures only your authenticated account can read or write your records.
- Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Gmail refresh tokens are additionally encrypted with an application-level key.
- Retention: We retain your data as long as your account is active. See Section 6 for deletion.
5. Third-Party Services
Recurrly uses the following third-party services. Each has its own privacy policy.
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Clerk | Authentication | clerk.com/privacy |
| Supabase | Database hosting | supabase.com/privacy |
| Google (Gmail API) | Gmail read access — not used in v1.2.1; reserved for a future release | policies.google.com/privacy |
| PostHog | Anonymous product analytics | posthog.com/privacy |
| Expo | Build and crash diagnostics | expo.dev/privacy |
6. Your Rights and Choices
You can:
- Export your data — contact us at hello@rawisee.com and we will send you a JSON export of your subscriptions within 30 days.
- Delete your account and all associated data — contact hello@rawisee.com from the email on file. Deletion is permanent and completes within 30 days.
- Turn off analytics — we will add an in-app toggle in a future release; in the meantime you can uninstall the app to stop all PostHog reporting.
Residents of the EEA, UK, California, or other jurisdictions with data rights laws have the right to access, correct, and delete their personal data. To exercise these rights, email hello@rawisee.com.
7. Children
Recurrly is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, email hello@rawisee.com and we will delete it.
8. Changes to This Policy
We may update this policy from time to time. Material changes will be surfaced in-app and the "Last Updated" date at the top will reflect the change.
9. Google API Services User Data Policy (Limited Use Disclosure)
Status as of v1.2.1: Recurrly does not receive or use any data from Google APIs in this release. The disclosure below applies once the Gmail integration is re-enabled in a future release.
Recurrly's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- Recurrly's use of Gmail data is limited to providing or improving the subscription-detection feature.
- Recurrly does not transfer Gmail data except as necessary to provide the service.
- Recurrly does not use Gmail data for serving advertisements.
- Humans do not read Gmail data except with the user's explicit consent, for security purposes (e.g. investigating abuse), to comply with applicable law, or as aggregated/anonymized data used for internal operations.
10. Contact
Email: hello@rawisee.com
Data controller: Recurrly (operated by the Recurrly team)