Pausa is a UK-based subscription management service operated as an independent product. For privacy queries contact: vaultguardco@gmail.com
Account data: Your email address and hashed password (we never store plain-text passwords). If you sign in with Google, we receive your email and name from Google.
Subscription data: Names, amounts, and billing cycles of subscriptions you add manually or that are detected from your bank or email.
Bank connection data: We use TrueLayer (a regulated Open Banking provider) to access your bank transactions. We only read transaction history — we cannot move money, make payments, or see your full account details. We store normalised subscription data derived from transactions, not raw bank data.
Usage data: How many AI features you use per day (for rate limiting). We do not track individual conversations or store chat history on our servers.
Technical data: IP addresses (for rate limiting and fraud prevention), session tokens, and standard server logs.
We use your data solely to provide the Pausa service: tracking your subscriptions, powering AI features, sending important account emails (verification, renewal warnings), and preventing abuse of the platform.
Our AI chat and analysis features are powered by OpenAI. When you use these features, relevant subscription data (names, amounts) is sent to OpenAI to generate responses. We do not send your email address or bank credentials. OpenAI's privacy policy applies to this processing: openai.com/privacy
Your account data is retained while your account is active. You can delete your account at any time from Settings, which permanently removes all your data. Session data expires automatically. Bank connections can be revoked at any time.
As a UK resident you have the right to: access your personal data, correct inaccurate data, delete your data, object to processing, and data portability. To exercise these rights contact vaultguardco@gmail.com.
We use one session cookie (HttpOnly, Secure) to keep you logged in. We use Google Analytics to understand site traffic — this places analytics cookies. We do not use advertising cookies.
We use bcrypt password hashing, HTTPS everywhere, HttpOnly cookies, CSRF protection, and rate limiting. Bank connections use TrueLayer's regulated infrastructure.
We'll notify you by email of any material changes to this policy.