duneloop.

Privacy

Your subscriptions are yours. We never see them.

Duneloop is built local-first because finance apps shouldn't need a cloud to count your services. Below is the full picture of what stays on your device, what leaves it, and what we've deliberately chosen not to do.

Last updated 10 May 2026

Local by default

Your subscription data lives in an on-device SQLite database. There is no cloud database, no user table, no server-side record of what you're paying for.

No account

Duneloop has no login. We can't email you. We can't lock you out. The price of that is: no central account to recover — uninstalling the app removes the data with it.

No bank connection

We do not integrate with Plaid or any banking aggregator. We never ask for credentials and never see your transactions. You enter subscriptions manually — it takes about a minute.

No behavioural tracking

There are no analytics SDKs measuring screen views, taps, or session length. No third-party advertising trackers. The product is the product.

What lives where

A clean line between your device and the rest of the world.

There are three categories. The middle one is small on purpose. The third one is empty on purpose.

On your device

  • Subscription names, prices, renewal dates
  • Categories and tags you assign
  • Your watchlist and rotation plan
  • App preferences (theme, currency display)

Sent off your device

  • Crash reports (optional, opt-in)
  • App Store purchase receipts (between Apple and Apple)

Never collected

  • Identity — name, email, phone, photo
  • Banking, financial accounts, or transactions
  • Location, contacts, calendar, photos
  • Behavioural analytics or advertising IDs

Crash reporting

The one thing that does leave the device, and why.

Duneloop ships with crash reporting through Sentry. When the app crashes, a stack trace and basic device metadata (iOS version, device model, app version) is sent so we can fix the bug.

No subscription data is included. Crash reports do not contain the names of services you track, prices, renewal dates, watchlist entries, or anything you typed into the app. They contain code-level information about the failure — the file, the line, the call stack.

Crash reporting can't be turned off. It's the only signal we have that the app is broken — we don't run an analytics backend, and we don't watch user sessions. The reports carry code-level information about the failure, never your subscription data, and they're discarded once the underlying bug is fixed.

Your rights

GDPR, CCPA, and the simple version.

Right to access

Your data is on your device — opening the app is the access. We don't hold a copy on a server you'd need to request.

Right to deletion

Delete the app and the data is gone with it. No retention policy to invoke, no email to send, no waiting period.

Right to portability

Export tooling isn't built yet. If you need your data out of the app, email us — we'll prioritise it.

Children's privacy

Duneloop is not directed at children under 13 and we don't knowingly collect data from them. The app doesn't collect identifying data from anyone.

Questions, concerns, or a thing we should fix?

Privacy is the kind of promise that has to be kept in the small print. If something on this page feels off, or you'd like clarification on a specific behaviour, we want to hear about it.

Send a messageBack to home

Clicking opens your mail client with the message pre-addressed.