Privacy Policy

Overview

SubstackSync connects to your Google account to read Substack notification emails in order to detect new subscribers, extract their name and email, and sync them to the email service providers you choose. This policy explains what we access, how we use it, how we share it, how we protect it, and how you can control it.

Data Accessed

Via the Gmail API we access only the following:

• Email metadata from Substack notification emails (subject, sender, timestamp).
• Email body content strictly to extract subscriber name and email address.
• Google account email address used for authentication and linking your SubstackSync account.

We do not access Gmail messages unrelated to Substack notifications, nor do we access your contacts, calendars, or Google Drive files.

Data Usage

• Identify new Substack subscribers from your incoming Substack notification emails.
• Extract subscriber name and email for syncing to your connected email service provider.
• Display subscriber history and subscription events in your SubstackSync dashboard.
• Authenticate your account and secure access.

We do not use Gmail data for advertising, profiling, or unrelated purposes.

Data Sharing

We never sell or rent your data. We share data only in these cases:

• With the email service providers you explicitly connect.
• With hosting and infrastructure providers that support our service under strict agreements.
• If required by law or to protect our rights.

Data Storage and Protection

• Data is stored in databases protected by authentication and access controls.
• Access to production systems is restricted and monitored.
• API tokens are stored securely and rotated when necessary.
• We implement reasonable technical and organizational measures to protect your data against unauthorized access or loss.

Data Retention and Deletion

• Subscriber details and related events are kept while your account is active.
• When you disconnect Gmail or close your account, your Google-derived data is deleted within 7 days. Backups and logs are purged on a rolling basis within 90 days.
• You can request deletion at any time by emailing support@substacksync.com. We respond to verified requests within 30 days.

Your Controls

• Disconnect Gmail at any time to stop access.
• Revoke Gmail access from your Google Account security settings.
• Request access, correction, or deletion of your personal data by contacting support.

Compliance Note

For subscriber data, you are the data controller and SubstackSync acts as a processor. We comply with applicable privacy laws and use Google user data only to provide the service you requested.

International Transfers

Data may be processed in other countries. We take reasonable measures to safeguard it during such transfers.

Children

SubstackSync is not intended for people under 18. We do not knowingly collect data from children.

Changes

We may update this policy. If changes are material we will notify you through the app or email.