Privacy Policy

This Privacy Policy explains how Expentrac ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our mobile application and services (collectively, the "Service"). By using Expentrac, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

When you use Expentrac, we collect the following information that you provide:

• Account Information: Email address you provide when registering with email/password, or email obtained through third-party authentication services (Google, Apple, or Facebook)
• Financial Transaction Data: Expense and income records you manually create, including amounts, categories, dates, descriptions, and any notes you add
• Ledger Information: Ledger names, members invited to collaborate, and related settings

1.2 Information Collected Automatically

We automatically collect certain technical information to improve our Service:

• Device Information: Device type, operating system version, unique device identifiers
• Usage Data: App usage patterns, features accessed, interaction with the app, crash reports, and performance metrics
• Log Data: IP address, access times, and technical error logs

1.3 Information from Third-Party Services

When you log in using third-party authentication services, we receive:

• Google Sign-In: Email address, profile picture
• Apple Sign-In: Email address or private relay email
• Facebook Login: Email address, profile picture

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide and Maintain the Service: Enable account creation, store your financial data, facilitate ledger collaboration
• Improve User Experience: Analyze app usage patterns to enhance features and functionality
• Technical Support: Diagnose and fix technical issues, respond to user inquiries
• Security and Fraud Prevention: Detect and prevent unauthorized access, abuse, or fraudulent activity
• Performance Monitoring: Monitor app performance and identify bugs or crashes
• Communications: Send important service announcements, updates to Terms of Service or Privacy Policy
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

3. Data Storage and Security

3.1 Data Storage Location

Your data is stored on secure cloud servers provided by trusted third-party cloud service providers. These providers maintain data centers in multiple regions worldwide and comply with industry-standard security practices.

3.2 Security Measures

We implement industry-standard security measures to protect your data, including:

• Encrypted data transmission using HTTPS/TLS protocols
• Secure authentication through trusted third-party providers
• Regular security monitoring and updates
• Access controls and authentication requirements

However, no method of electronic storage or transmission is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

3.3 Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. When you delete your account, your data enters a 30-day recovery period, after which it is permanently deleted from our servers.

4. Third-Party Services and Data Sharing

4.1 Authentication Services

We use the following third-party authentication services:

• Email Registration: When you sign up directly with an email address and password, we collect the email address.
• Google Sign-In: Google Privacy Policy
• Apple Sign-In: Apple Privacy Policy
• Facebook Login: Facebook Privacy Policy

4.2 Firebase Services

We use Google Firebase services to improve app quality:

• Firebase Analytics: Collects anonymized usage statistics to understand how users interact with the app
• Firebase Crashlytics: Collects crash reports and diagnostic data to identify and fix bugs
• Firebase Performance: Monitors app performance metrics such as load times and network latency

Firebase Privacy Policy: https://firebase.google.com/support/privacy

4.3 Advertising Services

Expentrac displays advertisements through Google AdMob. AdMob may collect and use certain information to provide personalized ads. This includes:

• Device identifiers and advertising IDs
• IP address and approximate location
• Ad interaction data

You can manage your ad preferences or opt out of personalized advertising:

• iOS: Settings → Privacy → Tracking → Limit Ad Tracking

AdMob Privacy Policy: https://support.google.com/admob/answer/6128543

4.4 When We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

• With Your Consent: When you invite collaborators to your ledgers, we share relevant ledger data with those users
• Service Providers: Third-party services that help us operate the app (authentication, analytics, hosting, advertising)
• Legal Requirements: If required by law, court order, or governmental authority
• Protection of Rights: To protect the rights, property, or safety of Expentrac, our users, or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)

5. Your Rights and Choices

5.1 Access and Update Your Information

You can access and update your account information and financial data at any time through the app.

5.2 Delete Your Account and Data

You have the right to request deletion of your account and all associated data:

• You can delete your account directly within the app's Account Settings.
• Deleted data can be recovered within 30 days
• After 30 days, your data is permanently deleted and cannot be recovered

5.3 Export Your Data

If you are a ledger creator, you can export your ledger data at any time through the app.

5.4 Opt Out of Personalized Advertising

You can opt out of personalized advertising through your device settings as described in Section 4.3.

5.5 Withdraw Consent

Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

6. Children's Privacy

Expentrac is a personal finance app and is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that such information was provided without parental or guardian consent, we will take steps to delete the information and terminate the account. Parents or guardians who believe their child has provided information should contact us via the Contact Us section.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

By using Expentrac, you consent to the transfer of your information to these countries. We ensure that such transfers comply with applicable data protection laws and use appropriate safeguards to protect your information.

8. Rights for European Union Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data (subject to legal obligations)
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request a copy of your data in a machine-readable format
• Right to Object: You can object to certain types of processing, such as direct marketing
• Right to Withdraw Consent: You can withdraw consent where processing is based on consent
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide the Service you have requested
• Legitimate Interests: To improve our Service, ensure security, and prevent fraud
• Consent: Where you have given explicit consent (e.g., for personalized advertising)
• Legal Obligation: To comply with applicable laws and regulations

9. Rights for California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, and disclose
• Right to Delete: You can request deletion of your personal information (subject to certain exceptions)
• Right to Opt-Out of Sale: We do not sell your personal information. However, third-party advertising may be considered "sharing" under CCPA. You can opt out through device settings
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, please use the Contact Us section of this policy (Section 14). We will respond to your request within 30 days.

Categories of Personal Information Collected

• Identifiers (email address, device ID)
• Financial information (transaction records you create)
• Internet or network activity (usage data, IP address)
• Geolocation data (approximate location from IP address)

10. Cookies and Tracking Technologies

Expentrac and our third-party service providers (Firebase, AdMob) may use cookies, web beacons, and similar tracking technologies to collect information about your use of the Service. These technologies help us:

• Analyze app usage and performance
• Provide personalized advertising
• Remember your preferences and settings
• Improve user experience

You can manage tracking preferences through your device settings. Note that disabling certain technologies may limit app functionality.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through:

• In-app notifications
• Updating the "Last Updated" date at the top of this page

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

12. Data Breach Notification

In the event of a data breach that may compromise your personal information, we will notify affected users as required by applicable law. Notifications will be sent via email or in-app notification within a reasonable timeframe after discovery of the breach.

13. Third-Party Links

The Service may contain links to third-party websites or services (e.g., through advertisements). We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: [email protected]

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.