Privacy Policy

Paymora ("we", "us", "our") is a subscription tracking service operated by Dhruv Tiwari, accessible at https://paymora.cloud.

If you have any questions about this Privacy Policy, contact us at dhruv.tiwari444@gmail.com.

We collect only what is necessary to provide the service:

• Account data — your email address and display name, provided when you sign up or sign in via Google.
• Subscription data — service names, amounts, currencies, billing cycles, and renewal dates that you add manually or import.
• Notification preferences — your chosen reminder timing, notification email, and channel preferences.
• Gmail data — if you connect Gmail, we read billing and payment emails to detect subscriptions. We read email content only temporarily for extraction and do not store raw emails on our servers.
• Usage data — standard server logs (IP address, browser type, pages visited) retained for up to 30 days for security and debugging.

We use your data exclusively to:

• Provide and operate the Paymora subscription tracking service.
• Send you email reminders for upcoming subscription renewals (only if you enable this).
• Detect subscriptions from your Gmail inbox using AI analysis (only if you connect Gmail).
• Display your spending reports and calendar within the app.
• Respond to support requests you send us.

We do not sell your data, use it for advertising, or share it with third parties for their own marketing purposes.

We use the following sub-processors to deliver the service. Each has its own privacy policy:

• Supabase — database and authentication hosting. Your subscription data and account details are stored in Supabase's infrastructure (EU region). supabase.com/privacy
• Vercel — application hosting and serverless functions. vercel.com/legal/privacy-policy
• Resend — transactional email delivery for renewal reminders. resend.com/legal/privacy-policy
• Anthropic (Claude AI) — used to extract subscription data from Gmail emails when you use Auto-detect. Email content is sent to Anthropic's API and is subject to their data handling policies. anthropic.com/privacy
• Google (OAuth + Gmail API) — used for sign-in and, optionally, Gmail inbox access. policies.google.com/privacy

When you connect Gmail, Paymora requests read-only access to your inbox via the Gmail API. We use this access solely to identify billing and payment emails and extract subscription details.

We do not: store your raw emails, read non-billing emails, share Gmail data with third parties (other than Anthropic for AI extraction), or use Gmail data for any purpose other than finding your subscriptions.

You can disconnect Gmail at any time from the Auto-detect page. Disconnecting immediately revokes our access token.

Paymora's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• Your account and subscription data is retained until you delete your account.
• Deleting your account permanently removes all your data from our systems within 30 days.
• Backup copies may persist for up to 7 days in Supabase's automated backup system.
• Server logs are deleted after 30 days.

You have the right to:

• Access — export all your subscription data in JSON format from Settings → Your data.
• Delete — permanently delete your account and all data from Settings → Delete account.
• Correct — update your name and notification email from Settings → Profile.
• Disconnect — revoke Gmail access at any time from the Auto-detect page.
• Contact us — email dhruv.tiwari444@gmail.com for any data requests we cannot handle through the app.

We implement appropriate technical measures to protect your data:

• All data is transmitted over HTTPS (TLS).
• Database access is protected by Row Level Security — users can only access their own data.
• Authentication is managed by Supabase Auth with industry-standard session tokens.
• API endpoints are rate-limited to prevent abuse.

Paymora uses cookies solely for essential functionality:

• Authentication cookies — to keep you signed in (managed by Supabase Auth).
• Gmail connection cookie — to store your Gmail OAuth token if you connect Gmail.

We do not use tracking, analytics, or advertising cookies.

Paymora is not intended for children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us at dhruv.tiwari444@gmail.com.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email (if you have email notifications enabled) or by posting a notice in the app. The effective date at the top of this page will always reflect the latest version.

For any privacy-related questions or requests, contact us at: dhruv.tiwari444@gmail.com