Privacy Policy
Last updated: May 8, 2025
Subsrf ("we", "us", or "our") operates the Subsrf browser extension, Figma plugin, and associated web services (collectively, the "Service"). This Privacy Policy explains what data we collect, how we use it, and your rights.
1. Information We Collect
When you sign in with Google OAuth, we receive:
- Your name and email address from your Google account
- Your Google account profile picture URL
- An OAuth access token to authenticate you with our service
During normal use of the Service, we also store:
- Your subscription tier (free, starter, or pro)
- Your remaining AI credit balance
- Your Figma Personal Access Token (encrypted at rest), if you provide one
2. How We Use Your Information
- To authenticate you and maintain your session
- To enforce your subscription tier and track credit usage
- To provide the core functionality of the Service (element capture, Figma sync)
- To send transactional emails related to your account (if applicable)
We do not sell your personal data to third parties. We do not use your data for advertising.
3. Data Storage
Your account data is stored in Supabase, a managed PostgreSQL database service hosted in the United States. The Subsrf extension stores session tokens locally in your browser's chrome.storage.local, which is only accessible to the extension itself.
4. Third-Party Services
- Google OAuth — used for sign-in only. We do not access your Google Drive, Gmail, or any other Google services beyond basic profile info.
- Supabase — database and authentication infrastructure.
- Railway — serverless hosting for our API.
- Figma — if you provide a Figma PAT, it is used exclusively to interact with Figma on your behalf.
5. Data Retention
Your account data is retained as long as your account is active. You may request deletion of your account and all associated data by emailing hello@subsrf.dev.
6. Cookies
The Subsrf website uses no tracking cookies. Authentication state is managed via Supabase session tokens, not browser cookies.
7. Children's Privacy
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13.
8. Your Rights
Depending on your location, you may have rights to access, correct, or delete your personal data. To exercise any of these rights, contact us at hello@subsrf.dev.
9. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.
10. Contact
Questions about this policy? Email us at hello@subsrf.dev.