Privacy Policy
Overview
At Expenses Tracker, we believe your financial data is yours. This Privacy Policy explains what information we collect, why we collect it, and how we protect it. We are committed to transparency and giving you control over your data.
What We DON'T Do:
- ❌ We never sell your personal data
- ❌ We never share your financial data with advertisers
- ❌ We never read your SMS messages for marketing
- ❌ We never use your data to build advertising profiles
Data Collection
Information You Provide
When you use the App, you may provide:
- Account Information: Email address, name, profile picture (optional)
- Financial Data: Expense entries, income records, categories, tags, notes
- Settings: Currency preferences, notification settings, theme choices
Information Collected Automatically
- Device Information: Device type, OS version, app version
- Usage Data: Features used, session duration, crash reports
- Location: Country/region (for regional pricing only, not precise location)
Free vs Pro Data Collection
| Data Type | Free Plan | Pro Plan |
|---|---|---|
| Financial data | Stored locally only | Synced to secure cloud |
| Analytics | Basic (anonymous) | Basic (anonymous) |
| AI processing | Not available | Anonymized for insights |
SMS Permissions (Android)
If you enable SMS tracking (Pro feature), we access your SMS messages to:
- Detect transaction notifications from banks
- Auto-create expense/income entries
- Extract transaction amounts, dates, and merchant names
How SMS Processing Works:
All SMS processing happens on your device. We do not upload, store, or transmit your SMS
content to our servers. Only the extracted transaction data (amount, date, category) is stored.
You can disable SMS tracking at any time in Settings → Privacy → SMS Tracking.
AI & Data Processing
Pro users have access to AI-powered insights. Here's how we handle your data:
- Anonymization: Before processing, all personal identifiers are removed
- Processing: Transactions are analyzed to identify patterns and provide recommendations
- No Training: Your data is never used to train general AI models
- Local Processing: When possible, we use on-device ML for privacy
AI insights are optional and can be disabled in Settings → Privacy → AI Insights.
Data Security
We implement industry-standard security measures to protect your data:
- Encryption in Transit: TLS 1.3 for all network communications
- Encryption at Rest: AES-256 encryption for stored data
- Access Controls: Role-based access with audit logging
- Regular Audits: Annual third-party security assessments
- Secure Infrastructure: Hosted on Google Cloud with SOC 2 certification
Your Security Responsibilities
- Use a strong, unique password
- Enable biometric authentication
- Keep your device OS updated
- Report suspicious activity immediately
Third-Party Services
We use the following third-party services, each with their own privacy policies:
- Google Firebase: Authentication, crash reporting — Privacy Policy
- RevenueCat: Subscription management — Privacy Policy
- Sentry: Error tracking — Privacy Policy
Your Rights (GDPR & CCPA)
Depending on your location, you may have the following rights:
For All Users
- Access: Request a copy of your data
- Correction: Update inaccurate information
- Deletion: Request deletion of your account and data
- Export: Download your data in CSV/PDF format
Additional Rights (EU/UK - GDPR)
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
Additional Rights (California - CCPA)
- Right to know what data is collected
- Right to opt-out of data sales (we don't sell data)
- Right to non-discrimination
To exercise your rights, email privacy@expensestracker.app or use the in-app Settings → Privacy menu.
Children's Privacy
Expenses Tracker is intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal data, please contact us immediately.
Family Sharing allows adult account holders to share with family members, but the primary account holder remains responsible for all data and usage.
Data Retention
- Active Accounts: Data retained as long as your account is active
- Deleted Accounts: Data deleted within 30 days of deletion request
- Inactive Accounts: Accounts inactive for 2+ years may be deleted after notification
- Legal Requirements: Some data may be retained longer if required by law
International Data Transfers
Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (EU-approved)
- Data Processing Agreements with all vendors
- Compliance with applicable data protection laws
Policy Changes
We may update this Privacy Policy periodically. We will notify you of material changes via:
- Email notification (if you have an account)
- In-app notification
- Updated "Last Updated" date on this page
Continued use after changes constitutes acceptance. We encourage you to review this policy regularly.
Contact Us
For privacy-related questions or to exercise your rights:
- Email: privacy@expensestracker.app
- Data Protection Officer: dpo@expensestracker.app
- Address: Expenses Tracker, Bangalore, India 560001
We aim to respond to all requests within 30 days.