Back to Home

Privacy Policy

Last Updated: May 2026

1. Data Controller

This application is operated by Federico Gentili. As the sole Data Controller, I am responsible for your personal data and its lawful processing under the EU General Data Protection Regulation (GDPR – Regulation 2016/679). You can contact me at me@gentilofficial.com.

2. Information I Collect

I collect only the minimum data necessary to provide this service. This includes:

  • Your email address (required for authentication)
  • An optional display name
  • The subscription data you voluntarily input (such as service names, pricing, billing cycles, and categories)

I do not collect any sensitive personal data.

3. Legal Basis for Processing

I process your personal data on the following legal bases under Article 6 GDPR:

  • (a) Performance of a contract – processing your email and account data is necessary to provide the service you signed up for.
  • (b) Legitimate interest – storing your session securely to prevent unauthorized access to your account.

4. How I Use Your Information

Your data is used exclusively to:

  • Operate the application
  • Authenticate your identity
  • Manage your secure session
  • Display your personal dashboard

I do not use your data for marketing, advertising, or automated profiling of any kind.

5. Data Retention

I retain your personal data for as long as your account remains active.

  • If you delete your account, all associated personal data is permanently removed within 30 days.
  • Session cookies are cleared when you log out or when your browser session ends.

6. Data Storage, Security and International Transfers

Your data is stored using Supabase (Supabase Inc., USA), which acts as my Data Processor under a Data Processing Agreement (DPA) that includes the EU Standard Contractual Clauses (SCCs), as required by Article 46 GDPR for transfers outside the European Economic Area.

  • All data in transit is encrypted via HTTPS/TLS
  • Supabase infrastructure complies with SOC 2 Type II standards

For more details, see Supabase's privacy policy.

7. Third-Party Sharing

I do not sell, trade, or otherwise transfer your personal data to third parties for commercial purposes. Supabase is the only external party that processes your data, strictly as a data processor acting on my behalf. There are no third-party advertising trackers, marketing tools, or social media pixels integrated into this application.

8. Calendar Synchronization API

If you enable the Calendar Feed (ICS) feature, the application generates a unique URL containing a secure token. This allows calendar applications to read your subscription data (service names, prices, renewal dates).

This endpoint does not require authentication - anyone in possession of the exact URL can access the feed. Keep your feed link private.

You can revoke it at any time from the Settings page, which will immediately invalidate the previous URL.

9. Your Rights under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access – obtain a copy of the data I hold about you.
  • Right to rectification – correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") – request permanent deletion of your data.
  • Right to restriction of processing – ask me to limit how I use your data.
  • Right to data portability – receive your data in a structured, machine-readable format.
  • Right to object – object to processing based on legitimate interests.
  • Right to withdraw consent – withdraw it at any time without affecting prior lawfulness.

To exercise any of these rights, contact me at me@gentilofficial.com. I will respond within 30 days. If you believe your rights have been violated, you have the right to lodge a complaint with your national data protection authority.