Your Privacy Matters: This Privacy Policy explains how Expense Tracker ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you use our expense tracking application and related services (collectively, the "Service"). Please read this policy carefully to understand our practices regarding your personal data.
1. Information We Collect
We collect several types of information from and about users of our Service, including:
1.1 Information You Provide Directly
When you register for an account or use the Service, you may provide us with:
Account Information: Name, email address, username, password, and profile picture
Financial Data: Transaction details, expense categories, income sources, budget information, account balances, and financial goals
Payment Information: Credit card details, billing address, and payment history (processed through secure third-party payment processors)
Communication Data: Messages sent through our support system, feedback, survey responses, and correspondence with our team
User Preferences: Currency settings, notification preferences, category customizations, and display settings
1.2 Information Collected Automatically
When you access and use the Service, we automatically collect certain information, including:
Device Information: Device type, operating system, browser type and version, unique device identifiers, and mobile network information
Usage Data: Pages viewed, features accessed, time spent on different sections, click patterns, and interaction with Service elements
Log Data: IP address, access times, referring URLs, and error logs
Location Data: Approximate geographic location based on IP address (we do not collect precise GPS location)
Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies
1.3 Information from Third Parties
We may receive information about you from third-party sources, including:
Authentication Services: If you sign up using Google, Apple, or other third-party authentication services, we receive basic profile information
Financial Institutions: If you choose to link your bank accounts (with your explicit consent), we receive transaction data through secure third-party financial data aggregators
Analytics Providers: Aggregated usage statistics and performance data
2. How We Use Your Information
We use the information we collect for the following purposes:
Purpose
Types of Data Used
Provide and Maintain Service
Account information, financial data, device information, usage data
Process Transactions
Payment information, account information
Personalize User Experience
User preferences, usage data, financial data
Send Notifications
Account information, user preferences, financial data
Customer Support
Account information, communication data, usage data
Service Improvement
Usage data, log data, feedback and surveys
Security and Fraud Prevention
Device information, log data, IP address, usage patterns
Legal Compliance
All categories as necessary to comply with legal obligations
Marketing Communications
Account information, usage data (only with your consent)
2.1 Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:
Contractual Necessity: Processing necessary to provide the Service you requested
Consent: You have given explicit consent for specific processing activities
Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service and preventing fraud
Legal Obligation: Processing necessary to comply with legal requirements
3. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
3.1 Service Providers
We share information with third-party service providers who perform services on our behalf, including:
Cloud hosting providers (e.g., AWS, Google Cloud)
Payment processors (e.g., Stripe, PayPal)
Email service providers
Analytics services (e.g., Google Analytics)
Customer support platforms
Financial data aggregators (only if you choose to link bank accounts)
These service providers are contractually obligated to protect your data and use it only for the purposes we specify.
3.2 Business Transfers
If we are involved in a merger, acquisition, asset sale, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
3.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to:
Comply with legal obligations, court orders, or government requests
Enforce our Terms and Conditions and other agreements
Protect the rights, property, or safety of Expense Tracker, our users, or others
Detect, prevent, or address fraud, security, or technical issues
3.4 With Your Consent
We may share your information with third parties when you give us explicit consent to do so.
4. Data Security
We implement robust security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction:
Encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols
Data at Rest: Sensitive financial data is encrypted in our databases using AES-256 encryption
Access Controls: Strict access controls limit who can view your data, with multi-factor authentication required for administrative access
Regular Audits: We conduct regular security audits and penetration testing
Secure Infrastructure: Our servers are hosted in secure, SOC 2 compliant data centers
Employee Training: All employees receive security and privacy training
Important: While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to enhance our security measures.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:
Active Accounts: We retain your data while your account is active
Closed Accounts: After account closure, we retain certain information for 90 days to allow for account reactivation, after which most data is permanently deleted
Legal Requirements: Some data may be retained longer to comply with legal, tax, or regulatory obligations
Anonymized Data: We may retain anonymized or aggregated data indefinitely for analytical purposes
6. Your Privacy Rights
You Have the Right To:
Access: Request a copy of the personal information we hold about you
Rectification: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information ("right to be forgotten")
Data Portability: Request your data in a machine-readable format
Objection: Object to processing of your personal information for certain purposes
Restriction: Request restriction of processing in certain circumstances
Withdraw Consent: Withdraw previously given consent at any time
Lodge a Complaint: File a complaint with your local data protection authority
6.1 How to Exercise Your Rights
To exercise any of these rights, you can:
Access your account settings to update or delete information
Use the data export feature to download your information
Contact us at privacy@expensetracker.com with your request
Submit a request through our privacy portal (available in account settings)
We will respond to your request within 30 days. Some requests may require identity verification to protect your privacy.
6.2 California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
Right to know what personal information is collected, used, shared, or sold
Right to delete personal information held by businesses
Right to opt-out of sale of personal information (note: we do not sell personal information)
Right to non-discrimination for exercising your CCPA rights
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience and collect information about how you use the Service.
7.1 Types of Cookies We Use
Essential Cookies: Necessary for the Service to function properly (e.g., authentication, security)
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Help us understand how users interact with the Service
Marketing Cookies: Used to deliver relevant advertisements (only with your consent)
7.2 Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Service. You can also manage your cookie preferences through our cookie consent manager available in the Service.
8. Third-Party Links and Services
The Service may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you interact with.
9. Children's Privacy
The Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected information from a child under 18, we will take steps to delete that information promptly.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
Standard Contractual Clauses approved by the European Commission
Adequacy decisions recognizing equivalent data protection
Privacy Shield certification (where applicable)
Your explicit consent for the transfer
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will:
Update the "Last Updated" date at the top of this policy
Notify you via email (if you have an account)
Display a prominent notice in the Service
Request your consent if required by law
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
12. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want your online activity tracked. Currently, there is no universal standard for recognizing and implementing DNT signals. We do not currently respond to DNT signals, but we provide you with choices regarding cookie use and data collection.
13. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our data protection practices. If you have questions or concerns about how we handle your personal data, you can contact our DPO at:
Email: dpo@expensetracker.com
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@expensetracker.com
Support Email: support@expensetracker.com
Mailing Address: [Your Company Address]
Data Protection Officer: dpo@expensetracker.com
We aim to respond to all inquiries within 30 days.
15. Supervisory Authority
If you are located in the EEA and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority. Contact details for EU data protection authorities can be found at: https://edpb.europa.eu