Privacy Policy

Last updated: February 14, 2026

1. Data Controller

SubOwl ("subowl.co") is operated by Nichita Roilean, Petržílkova 2705/32, 158 00 Praha, Czech Republic. IČO: 22389032, DIČ: CZ0212231877.

For any privacy-related inquiries, contact us at support@subowl.co.

2. Data We Collect

  • Account data — email address, hashed password, display name.
  • Subscription data — names, amounts, billing cycles, and renewal dates of subscriptions you track.
  • Payment data — processed securely by Stripe. We do not store card numbers.
  • Usage data — pages visited, features used, error logs (via Sentry).
  • Technical data — IP address (for rate limiting and security), browser type and language preference.
  • Cookies — strictly necessary session cookies for authentication. No advertising or tracking cookies are used.

3. Legal Basis for Processing (GDPR Article 6)

  • Contract (Art. 6(1)(b)) — to provide the SubOwl service, manage your account, and process payments.
  • Legitimate interest (Art. 6(1)(f)) — for security (rate limiting, fraud prevention), error monitoring (Sentry), and service improvement.
  • Legal obligation (Art. 6(1)(c)) — to comply with tax and accounting requirements.
  • Consent (Art. 6(1)(a)) — for optional features like OAuth sign-in. You can withdraw consent at any time.

4. How We Use Your Data

  • To provide and improve the SubOwl service.
  • To send transactional emails (verification, password resets, subscription reminders).
  • To process payments through Stripe.
  • To monitor and fix errors via Sentry.
  • To protect against fraud and abuse (rate limiting).

We do not sell your data to third parties. We do not use your data for advertising or profiling.

5. Third-Party Services

We share data with the following processors, all of whom have Data Processing Agreements (DPAs) in place:

  • Stripe (US) — payment processing. Privacy Policy.
  • Sentry (US) — error monitoring. Privacy Policy.
  • Plausible Analytics (EU) — privacy-friendly, cookieless website analytics. Data Policy.
  • Google OAuth / Apple OAuth — optional sign-in. We only receive your email and name.

6. International Data Transfers

Some of our processors (Stripe, Sentry) are based in the United States. These transfers are protected by EU Standard Contractual Clauses (SCCs) as required by GDPR Articles 44–46. Plausible Analytics processes data exclusively within the EU.

7. Data Retention

  • Account data — retained while your account is active. Deleted within 30 days of account deletion.
  • Payment and invoice records — retained for 10 years as required by Czech accounting law (Zákon č. 563/1991 Sb.).
  • Error logs (Sentry) — retained for 90 days.
  • Server logs — retained for 30 days.

8. Your Rights (GDPR)

As we operate from the EU, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Export your data in a portable format (JSON).
  • Restrict processing of your data.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@subowl.co. We will respond within 30 days.

You also have the right to lodge a complaint with the Czech Office for Personal Data Protection (ÚOOÚ): www.uoou.cz.

9. Children's Privacy

SubOwl is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us and we will delete it promptly.

10. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, as required by GDPR Articles 33–34.

11. Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords (Argon2), and secure session management. We regularly review our security practices.

12. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or in-app notification. Continued use of the service after changes constitutes acceptance.

13. Contact

Nichita Roilean
Petržílkova 2705/32, 158 00 Praha, Czech Republic
IČO: 22389032 · DIČ: CZ0212231877
Email: support@subowl.co