Last Updated: February 12, 2026
ComboSub is an independent subscription-cost sharing platform for users 16 and older. It acts as a meeting point connecting people who want to share subscription costs by forming groups ("combos"). ComboSub is NOT affiliated with, endorsed by, sponsored by, or connected to any subscription service provider, including but not limited to Netflix, Disney+, Max (HBO), Spotify, YouTube, Amazon Prime, Apple TV+, or any other platforms displayed in the app. All platform names, logos, and trademarks shown in ComboSub are the property of their respective owners and are used solely for identification purposes. ComboSub does NOT process payments — all financial transactions occur between users through third-party payment services. This Privacy Policy explains what information we collect, how we use it, and your choices.
When you create an account, we collect your email address and a securely encrypted password via Firebase Authentication. If you sign in with Google or Apple, we receive an OAuth token managed by Firebase. We never see or store raw passwords.
We collect your username, display name, profile photo (optional), and country. This information is used for public display, regional matching, and payment method filtering.
To host combos, identity verification is required. We collect your first and last name, a government-issued ID photo, and your national ID number. Your ID number is hashed using SHA-256 encryption before storage — we never store raw ID numbers. ID document photos are stored securely in encrypted cloud storage with access restricted to you and authorized administrators conducting manual verification review. You may request deletion of your verification data at any time.
ComboSub does NOT process financial transactions. We do not collect credit card numbers, bank account numbers, or any direct financial instruments. We store only the payment methods you accept (as text labels like "PayPal" or "PIX") and screenshot images uploaded by users as proof of payment. These screenshots are stored solely to facilitate trust between combo hosts and members. Users should redact sensitive information before uploading.
Messages sent within ComboSub (group chats, private chats, join request negotiations) are stored to provide the messaging service. Messages are accessible only to the intended participants. Group chat messages are visible to all combo members; private chat messages are visible only to the host and the specific member. We do not read, analyze, or share user messages except as required by law or to enforce our Terms of Service in response to reported abuse.
We collect a device identifier (iOS: identifierForVendor, Android: ANDROID_ID) to prevent fraud by limiting account creation to one account per physical device. This identifier is not used for advertising or cross-app tracking. It is stored alongside your account information and deleted upon account deletion.
We calculate and store trust scores based on your transaction history, verification status, and account activity. We also store counts of hosted and joined combos, successful transactions, and member removal records for dispute resolution.
We do not sell, trade, or rent your personal information. Other users can see your username, trust score, verification badge, and profile photo (per your privacy settings). Combo hosts can see member names, payment proofs, and trust scores. Combo members can see the host name and accepted payment methods. We use Firebase/Google as our data processor for storage and authentication. We may share information if required by law, court order, or to protect user safety.
Your data is stored securely using Google Firebase with encryption at rest and in transit. National ID numbers are hashed using SHA-256 before storage. Access is controlled through Firebase security rules. While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure.
Your data is retained while your account is active. When you request account deletion, your account enters a 30-day archival period during which you may recover it. After 30 days, all personal data is permanently deleted, including profile information, verification documents, payment proofs, and chat messages. Device registration records may be retained to prevent banned users from creating new accounts. Chat messages are retained until the associated combo is deleted.
Depending on your location, you may have rights under GDPR, CCPA, LGPD, or other privacy frameworks. These include the right to access, rectify, or erase your personal data; the right to data portability; the right to restrict or object to processing; and the right to withdraw consent. For California residents: we do not sell or share your personal information for cross-context behavioral advertising. For Brazilian residents: you may exercise your rights under LGPD Articles 17-22. To exercise any of these rights, please contact us.
ComboSub uses Google Firebase, which may store data in data centers located in the United States. If you are located outside this region, your personal data will be transferred to and processed there. We rely on Google's Data Processing Terms and Standard Contractual Clauses as the legal mechanism for this transfer, ensuring your data receives adequate protection as required by applicable law.
ComboSub is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a user under 16, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, please contact us.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the updated policy and updating the "Last Updated" date. Continued use of the app after such changes constitutes acceptance of the updated policy.