SaveSub is built on enterprise-grade security infrastructure. We take data protection seriously so you don't have to.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your subscription data is never accessible in plaintext.
Protect your account with TOTP-based 2FA using Google Authenticator, Authy, or any compatible authenticator app.
Built on Supabase with row-level security policies ensuring your data can only be accessed by you.
We follow GDPR guidelines for data handling, retention, and deletion. Request a full data export or deletion at any time.
We never sell your data to third parties. Your subscription information is yours alone.
Our infrastructure and codebase undergo regular security reviews to identify and patch vulnerabilities proactively.
TLS 1.3 for Data in Transit: All communication between your browser and our servers uses Transport Layer Security (TLS) 1.3, the latest and most secure version. This ensures that data cannot be intercepted or tampered with during transmission.
AES-256 for Data at Rest: When your data is stored in our database, it's encrypted using AES-256, the same standard used by banks and government agencies. This encryption applies to all subscription data, financial information, and user profiles.
Secure Key Management: Encryption keys are stored separately from data and rotated regularly. Access to keys is strictly limited to essential personnel and logged for audit purposes.
SaveSub connects to your bank accounts through Plaid, the industry-standard secure financial data platform used by thousands of fintech applications. Here's how we protect your banking data:
We fully comply with the General Data Protection Regulation (GDPR), providing EU users with complete control over their data. This includes the right to access, rectify, erase, and export your data at any time. See our Privacy Policy for detailed information on exercising these rights.
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of data sales (though we never sell data).
⚠️ We are currently pursuing SOC 2 Type II certification. This rigorous audit will verify our security controls, availability, and confidentiality practices. Expected completion: Q3 2025.
Active Account Data: While your account is active, we retain your subscription data and transaction history to provide our service. You can request a full data export at any time.
Account Deletion: When you delete your account, we permanently remove all personally identifiable information within 30 days. Some anonymized usage statistics may be retained for analytics purposes but cannot be linked to you.
Right to be Forgotten: Under GDPR, EU users can request complete data deletion at any time. Email privacy@savesub.app with your request and we'll process it within 30 days.
Request Data Deletion: Email privacy@savesub.app with the subject line "Data Deletion Request" and we'll process your request within 30 days.
Penetration Testing: We conduct annual third-party penetration tests by certified security firms to identify vulnerabilities before attackers can exploit them.
Bug Bounty Program: We participate in responsible disclosure programs. Security researchers who find vulnerabilities can report them to security@savesub.app. We respond to all reports within 48 hours and reward valid findings.
Automated Scanning: Our systems undergo continuous automated security scanning to detect misconfigurations, outdated dependencies, and potential vulnerabilities.
Dependency Management: We regularly update all third-party libraries and dependencies to patch known security issues promptly.
While we work hard to prevent security incidents, we have comprehensive incident response procedures in place:
Join thousands of users managing their subscriptions securely.
Create Free Account