draft — pending legal review

privacy.

this page is a pre-launch draft. the substance is true today; the wording will be reviewed by legal counsel before public launch. the canonical, internal record is the GDPR compliance index .

who we are

NotAnotherSub (NAS) is operated by <legal entity to be established pre-launch>, based in <jurisdiction>. our privacy contact is privacy@notanothersub.example (address to be published).

what we collect

we collect as little as possible. what we hold depends on which way you use:

  • the manual. the subscriptions and prices you type stay in your browser's local storage. we do not receive them on our servers.
  • the one-time way. we read your bank transactions once via a regulated AISP partner (named at launch), produce an audit report, and retain it for 12 months — or less, if you ask us to delete it sooner.
  • the subscription. a standing bank link via the same AISP partner. we hold the data while your subscription is active and delete it on cancellation.
  • your account. when you sign in we hold a row with an internal id, an external id from our identity provider, and (optionally) your email address.

cookies and tracking

the marketing site sets no cookies, runs no analytics, embeds no third-party trackers. when you sign in to the product app we set a single strictly-necessary session cookie (HttpOnly) so you stay signed in across pages. we do not run advertising pixels, social-media tags, or session replay.

where your data lives

all personal data is held in the european union. our hosting provider is Scaleway (france), our identity provider is Zitadel Cloud (frankfurt, germany), and our domain registrar is Simply.com (denmark). we do not transfer personal data outside the EEA in normal operation.

your rights

under the GDPR you have rights of access, rectification, erasure, restriction, portability, and objection. write to privacy@notanothersub.example and we will respond inside 30 days. you also have the right to lodge a complaint with your supervisory authority — in denmark, that's Datatilsynet.

retention

we keep your data as long as you are using NAS, plus a short grace period. the manual leaves no server copy. the one-time way's audit report is retained 12 months. the subscription's data is deleted on cancellation. operational logs are kept 14 days; encrypted backups for at most 35 days.

we do not cancel for you

NAS never accesses your provider accounts and never cancels subscriptions on your behalf. we surface what to cancel, tell you where to click, and warn you about retention traps — you always tap the final cancel button yourself.

last updated: pre-launch draft. final copy will land before public launch.

trust signals

EU / GDPR
data stays in the EU
AISP partner
regulated bank-data access (partner pending)
end-to-end encryption
where applicable
bank-grade security
no credential storage, ever