Privacy Policy

Last updated: March 20, 2026

Our Core Promise

SubscripKiller is built on a simple principle: your financial data never leaves your device. We don't collect, store, transmit, or have access to your bank statements, transaction history, or any personally identifiable financial information.

How Your Data Is Processed

1. Bank Statement Parsing (Client-Side Only)
When you upload a bank statement (PDF or CSV), the file is parsed entirely within your web browser using JavaScript. The raw file content is never transmitted to our servers or any third party. The parsing extracts only structured data: merchant names, transaction amounts, currencies, and dates.

2. Subscription Matching (Server-Side)
Only the extracted structured data (merchant name + amount + currency + date) is sent to our matching API. This data does not include your account number, bank name, balance, personal name, address, or any other identifying information. The matching API compares merchant names against our known subscription service database and returns matched results.

3. Results Display (Client-Side)
Matched subscription results are displayed in your browser. We do not store your scan results on our servers beyond the duration of the request processing.

What We Collect

We do collect:

  • Anonymous usage analytics (page views, scan button clicks) via privacy-respecting analytics
  • Payment information when you purchase a full report (processed by our payment provider; we do not store card details)
  • Your email address if you voluntarily provide it for receipts or support

We do NOT collect:

  • Bank statements or raw financial documents
  • Account numbers, balances, or bank credentials
  • Your name, address, or government ID from statements
  • Individual transaction details beyond what is needed for matching

Cookies

We use only essential cookies required for the service to function (e.g., payment session tokens). We do not use advertising cookies or share data with ad networks.

Third-Party Services

  • Payment Provider: We use a PCI-compliant payment provider to process purchases. Your card details are handled entirely by the provider and never touch our servers.
  • Hosting: Our application is hosted on infrastructure within the European Union.

GDPR Compliance

As a service designed for European users, we comply with the General Data Protection Regulation (GDPR). Since we process minimal personal data and your bank statement data never leaves your browser, your exposure is inherently limited. You have the right to:

  • Request access to any personal data we hold about you
  • Request deletion of your data
  • Withdraw consent at any time
  • Lodge a complaint with your local data protection authority

Data Retention

Structured transaction data sent to our matching API is processed in real-time and not persisted after the response is returned. Payment records are retained as required by EU tax law (typically 7 years).

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via a notice on our website. Continued use of the service after changes constitutes acceptance.

Contact

For privacy-related questions or data requests, contact us at molly@lynote.ai.