Privacy Policy

Last updated: 4th January 2026

Introduction

SaaSZombie ("we", "our", or "us") is operated by Global Talent Leaders LTD, a company registered in England and Wales. We are committed to protecting your privacy and handling your data transparently. This policy explains how we collect, use, and safeguard your information when you use our subscription tracking service.

What Data We Collect

Account Information

When you create an account, we collect your email address and create a secure account for you. We use this to authenticate you and communicate important service updates.

Bank Statement Data

When you upload a bank statement CSV file, we process the transaction data to identify subscription payments. We extract and store:

  • Transaction descriptions (merchant names)
  • Transaction amounts
  • Transaction dates
  • Identified subscription services and their costs

Important: We never see or store your bank login credentials. You export the CSV directly from your bank and upload it to us. We only process the transaction data you choose to share.

Browser Extension Data (Optional)

If you install our Chrome extension, it tracks which SaaS services you actively visit to help identify which subscriptions you're actually using. The extension collects:

  • Domain names of known SaaS services you visit (e.g., "slack.com", "notion.so")
  • Timestamps of visits

The extension does NOT collect: Page content, URLs beyond the domain, browsing history, form data, passwords, or any personal information from the websites you visit. It only checks if a domain matches our list of 363 known SaaS services.

Payment Information

Payment processing is handled entirely by Stripe. We never see or store your full card number, expiry date, or CVV. Stripe provides us with a tokenised reference to process your subscription payments.

How We Use Your Data

We use your data to:

  • Identify subscription services from your bank transactions
  • Calculate your subscription spending and detect potential savings
  • Track which services you actively use (if you install the extension)
  • Send you renewal reminders and spending alerts (if enabled)
  • Process your payments and manage your subscription
  • Improve our service and subscription detection accuracy
  • Respond to your support requests

Data Storage & Security

Your data is stored securely using industry-standard practices:

  • Database: Hosted on Supabase with row-level security, ensuring you can only access your own data
  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • File Processing: Uploaded bank statements are processed immediately and not stored as raw files
  • Payments: Handled by Stripe, a PCI-DSS Level 1 certified payment processor

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Third-Party Services

We use the following third-party services to operate SaaSZombie:

  • Supabase – Database and authentication (EU data centres available)
  • Stripe – Payment processing
  • Vercel – Application hosting
  • Resend – Transactional emails

Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your subscription data is deleted within 30 days
  • Extension usage data is deleted within 30 days
  • We may retain anonymised, aggregated data for analytics
  • Payment records may be retained for legal/tax compliance (up to 7 years)

Your Rights (GDPR)

Under UK and EU data protection law, you have the right to:

  • Access – Request a copy of all data we hold about you
  • Rectification – Correct any inaccurate data
  • Erasure – Request deletion of your data ("right to be forgotten")
  • Portability – Receive your data in a machine-readable format
  • Objection – Object to processing of your data
  • Withdraw Consent – Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@saaszombie.com. We will respond within 30 days.

Cookies

We use essential cookies to:

  • Keep you logged in to your account
  • Remember your preferences
  • Protect against cross-site request forgery (CSRF)

We do not use advertising or tracking cookies. We may use privacy-respecting analytics (such as Plausible or Fathom) that do not track individuals or use cookies.

Children's Privacy

SaaSZombie is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or by posting a notice on our website. Your continued use of SaaSZombie after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: privacy@saaszombie.com

Company: Global Talent Leaders LTD

Address: United Kingdom