Privacy Policy
ExpenseFlow (“ExpenseFlow,” “we,” “us”) is a personal finance tracker that helps you log expenses, track budgets, and get AI-powered coaching. This policy explains what we collect, how we use it, and the choices you have. It applies to the ExpenseFlow mobile app (Android and iOS) and the companion web app at expenseflow-mobile-app-web.web.app.
Short version: your expenses are stored primarily on your device and (if you sign in) synced to your private Supabase account. Free plan users may see Google AdMob ads, Premium users get an ad-free experience, and Google Gemini is used for AI features. We do not sell your personal data or share your financial entries with ad networks.
1. Information we collect
1.1 Information you provide
- Account details: email address and (optionally) name when you sign up via email, Google, or Apple Sign-In.
- Financial data you enter: expense amounts, descriptions, categories, merchant names, monthly income, savings goals, sinking funds, budgets, and scratch-pad notes.
- Business tracking data (optional): if you use the Business Tracker, the business income and expense entries, party names, office trip names, and advance amounts you record. This data is stored in your account like your personal expenses, is never mixed into your personal tracking, and is deleted with your account.
- Imported transactions: if you import a Google Pay CSV or PDF statement, we parse it on your device to create expense entries. The raw file is not uploaded to our servers.
- Coach conversations: messages you send to the AI financial coach, which are forwarded to Google Gemini to generate a reply.
1.2 Information collected automatically
- Device identifiers: in ad-enabled versions, Google AdMob may collect or receive identifiers such as the Android Advertising ID, app set ID, and other device or account identifiers for advertising, measurement, analytics, fraud prevention, security, and compliance. On iOS, IDFA access only occurs where allowed by the system App Tracking Transparency setting.
- App interactions and diagnostics: crash logs, SDK diagnostics, app launch data, taps, ad views, rewarded-ad completion, and similar interaction data used to keep the app stable, measure ad performance, and prevent invalid activity.
- Approximate location: Google services, including UMP and AdMob, may use IP address to estimate a general region for consent, fraud prevention, and ad delivery. We do not collect precise GPS location for ads.
1.3 Permissions we request on your device
- Microphone & speech recognition — only when you tap the voice-entry button; audio is processed by your device’s native speech engine and is not recorded or sent to our servers.
- Biometric / Face ID — to unlock the app locally. Biometric data never leaves your device.
- Internet — to sync with Supabase and call the AI coach.
2. How we use your information
- To operate core features: storing expenses, computing your Safe-to-Spend, tracking budgets, and detecting recurring subscriptions.
- To provide AI features: classifying transactions and generating coaching replies via Google Gemini.
- To authenticate you and keep your account secure.
- To manage subscriptions and premium entitlement state.
- To respond to your support requests.
- To monitor aggregate performance and fix bugs — we do not use your financial data for analytics or marketing.
3. Where your data is stored
- On-device first: expenses, categories, funds, and settings are stored locally in an encrypted Hive database so the app works offline.
- Cloud sync via Supabase: when you are signed in, data is mirrored to a Supabase Postgres database (hosted in the region configured for the project). Supabase enforces row-level security so only you can read your rows.
- AI providers: transaction descriptions and coach messages are sent to Google Gemini at request time. We do not retain a copy beyond what is needed to return a response.
4. Third-party services we use
- Supabase — authentication and database hosting. See Supabase Privacy Policy.
- Google Gemini (Generative AI API) — AI classification and coaching. See Gemini API terms.
- RevenueCat — subscription entitlement management.
- Google Play Billing / Apple In-App Purchase — subscription purchase processing handled by the relevant app store.
- Google AdMob — advertising for Free plan users, ad measurement, and fraud prevention. See Google advertising privacy information.
- Google User Messaging Platform (UMP) — consent and privacy-choice management for ads where required, including the EEA, UK, and Switzerland.
- Google Sign-In / Sign in with Apple — optional OAuth login.
- Firebase Hosting — hosts the web companion app and this privacy page.
5. Advertising & consent
ExpenseFlow may show ads to Free plan users through Google AdMob. Premium subscribers receive an ad-free experience. AdMob and related Google SDKs may collect or receive the Android Advertising ID, app set ID, IP address, device and account identifiers, app interactions, ad interactions, diagnostics, and approximate location inferred from IP address. These data types are used to serve ads, limit repeated ads, measure ad performance, detect invalid activity, prevent fraud, and comply with legal obligations.
We do not send your expense amounts, income, savings goals, transaction descriptions, budget details, coach messages, or imported statement files to AdMob for advertising.
In the EEA, UK, and Switzerland, Google UMP may show a consent form before personalized ads are requested. If you decline consent, the app can request non-personalized ads where available. You can revisit ad privacy choices from Settings → Privacy options when that option is shown. You can also reset or delete the Android Advertising ID in Android settings. On iOS 14.5+, IDFA-backed advertising is controlled by the system App Tracking Transparency prompt and iOS tracking settings.
6. Your choices & rights
- Access / export: use Settings → Export data (CSV) to download everything we have.
- Delete: use Settings → Delete account to permanently remove your account and all associated data from Supabase. Locally cached data is cleared at the same time.
- Correct: edit any expense, category, or profile field directly in the app.
- Withdraw ad consent: open Settings → Privacy options to revisit the UMP consent form where available, or use your device advertising and tracking settings.
- EU/UK users: you also have the rights to object, restrict processing, portability, and to lodge a complaint with your local data-protection authority.
7. Data retention
We retain your data for as long as your account is active. When you delete your account, financial data and the account record are removed within 30 days. Backups are overwritten on a rolling 30-day cycle. Aggregated, non-identifying logs may be retained longer for security and debugging.
8. Children
ExpenseFlow is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has used the app, contact us and we will delete the data.
9. Security
On-device settings are stored in an AES-encrypted Hive box. Traffic between the app and our backend is sent over HTTPS. Supabase enforces row-level security so one user cannot read another user’s rows. No system is perfectly secure; if you discover a vulnerability, please report it to the contact address below.
10. International transfers
Some of our processors (Gemini, Firebase, Supabase, and RevenueCat) operate globally and may process your data outside your country of residence, including in the United States. Where required, we rely on the standard contractual clauses published by the European Commission.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced in-app before they take effect. The “Last updated” date at the top reflects the most recent revision.
12. Contact
For privacy questions or to exercise your rights, email Quantumcreations.in@gmail.com.