ExpenseFlow Privacy Policy

Effective: 5 May 2026 · Last updated: 5 May 2026 · Operator: QuantumCreations (India)

This Privacy Policy explains how QuantumCreations ("we", "our", "us") collects, uses, shares, and protects information when you use the ExpenseFlow mobile application, web application, and related services (the "Service"). By using the Service you agree to this Policy.

Quick summary. ExpenseFlow stores the expenses you enter, your email address, and basic profile info - that's it. We never collect bank credentials, card numbers, OTPs, or your location. AI-assisted features send a minimal slice of your text to Google Gemini for classification or coaching, and Google does not train its models on this data. You can export or delete everything from inside the app or by contacting us.

Contents

Who we are
What data we collect
How we use your data
AI features & Google Gemini
Third-party services
Android permissions
Cookies & local storage (web app)
Family sharing
Subscriptions, billing & refunds
Financial disclaimer
Data retention
Security
Your rights (GDPR / CCPA / DPDPA)
How to delete your account
Children's privacy
International data transfers
Changes to this Policy
Governing law & jurisdiction
Contact & Grievance Officer

1. Who we are

ExpenseFlow is operated by QuantumCreations, a sole-proprietorship based in India. For privacy questions you can reach us at Quantumcreations.in@gmail.com.

2. What data we collect

2.1 Account & profile

Email address - used for sign-in and account recovery.
Display name (optional) - shown in the app.
Profile photo URL (only if you sign in with Google or Apple).
Authentication identifiers issued by Supabase, Google, or Apple.

2.2 Financial data you enter

Expense entries: amount, currency, description, category, subcategory, date, and any optional notes you add.
Budgets, savings goals (sinking funds), recurring subscriptions you tag, and category preferences.
Income and savings target (set during onboarding).

2.3 Imported data (only when you choose to import)

Google Pay or bank statement files (CSV/PDF) you import are parsed entirely on your device. We do not upload the raw files to our servers. Only the parsed expense rows are saved to your account.

2.4 Diagnostic & usage data

Crash reports and basic technical telemetry (app version, device model, OS version, timestamps) used to fix bugs.
Anonymised feature-usage counters (e.g. how many times the AI Coach was opened) - never tied to expense content.

2.5 What we do NOT collect

Bank account numbers, debit/credit card numbers, CVVs, OTPs, UPI PINs.
Tax identification numbers (PAN, Aadhaar).
Precise device location or background location.
Contacts, SMS, call logs, or microphone audio.
Photos or media beyond what you explicitly attach to an expense (if applicable).

3. How we use your data

Purpose	Data used	Legal basis
Provide the core expense tracker	Account, expenses, budgets	Contract
Sync across your devices	Account, expenses	Contract
AI categorisation & coaching	Expense description / chat input	Consent (you trigger the AI feature)
Bug fixing & reliability	Crash logs, telemetry	Legitimate interest
Subscription billing	Account, purchase tokens	Contract
Customer support	Account, message you send us	Legitimate interest
Compliance with law	Whatever is legally required	Legal obligation

We do not sell your personal data, do not use it for behavioural advertising, and do not share it with data brokers.

4. AI features & Google Gemini

ExpenseFlow uses Google Gemini (Flash and Pro models) via the official Gemini API to power the following features. Each feature only runs when you use it, and we send only the minimum data needed to produce a useful response:

Feature	Model	Data sent to Gemini
Auto-categorisation - suggesting a category when our local merchant database does not recognise the merchant	Gemini Flash	Merchant name and expense amount
Batch classification - categorising rows when you import a Google Pay or bank statement	Gemini Flash	Merchant names and amounts in the imported file (parsed locally first)
Subscription detection - flagging recurring charges	Gemini Flash	Aggregated merchant names and frequency patterns
AI Coach chat - conversational financial coaching	Gemini Pro	Your question plus aggregate totals by category (not individual expenses)
Quick tips - short, contextual financial tips	Gemini Flash	Aggregated category totals; no transaction descriptions
Smart insights - periodic spending observations	Gemini Pro	Aggregate totals by category and time period
Budget recommendations - suggested category budgets	Gemini Flash	Income, savings goal, and category-level spend totals
Spending forecast - projected end-of-month spend	Gemini Flash	Daily spend totals; no merchant names
Weekly report insights - auto-generated weekly summary commentary	Gemini Pro	Weekly aggregate totals by category

What we never send to Gemini:

Your email address, name, profile photo, or any account identifier.
Notes attached to expenses, unless you explicitly type them into a coach question.
Your full transaction history - only the minimum aggregates relevant to the feature.
Authentication tokens, payment tokens, or device identifiers.

Google does not use paid Gemini API inputs or outputs to train its generative models. Gemini API data is governed by the Gemini API Additional Terms of Service and the Google Privacy Policy.

You can disable the AI Coach in Settings → AI Features. Other AI features run only on demand, so they will simply skip the Gemini call when you avoid the relevant action (e.g., not opening Smart Insights, not running an import).

AI suggestions and coach responses can be inaccurate or out of date. They are provided for informational purposes only and you should not rely on them as professional advice - see the Financial disclaimer below.

5. Third-party services

Service	Purpose	Data shared	Provider policy
Supabase (PostgreSQL + Auth)	Database, authentication, real-time sync	Account info, expenses, budgets	supabase.com/privacy
Google Gemini API	AI features listed in §4	Merchant text, coach prompt, aggregates	Gemini API Terms
Google Sign-In / Apple Sign In	Authentication	Email, name, profile photo URL	Google / Apple
Firebase Hosting (web app)	Static web hosting at expenseflow-mobile-app-web.web.app	Standard server logs (IP, user-agent, timestamp)	Firebase Privacy
Firebase Cloud Messaging	Push notifications (budget alerts, reminders)	Device push token	Firebase Privacy
Google Play Billing	Subscription purchases on Android	Purchase token, product ID	Google Privacy

Advertising. Advertising is currently disabled in ExpenseFlow. The AdMob SDK is not initialised in the v1.0 build and no advertising identifier is collected. We may, in a future release, re-enable advertising in the free plan (for example using Google AdMob). If we do, we will: (a) give you advance notice in-app and update this Policy at least 14 days before ads appear, (b) update the Data Safety declaration in Google Play, and (c) ensure Premium subscribers continue to have an ad-free experience. Until that happens, the disclosures in this Policy reflect a fully ad-free Service.

6. Android permissions

Permission	Why we ask	Required?
Internet	Sync expenses, AI features, sign-in	Yes
Notifications	Budget alerts, subscription reminders	Optional - denying disables alerts only
Storage / Media access	Importing CSV / PDF bank statements you choose	Optional - only requested when you tap Import
Camera (if enabled)	Scanning receipts	Optional - only requested when you tap Scan
Biometric / Fingerprint	App-lock unlock	Optional - turn on in Settings

7. Cookies & local storage (web app)

The web app uses your browser's localStorage and IndexedDB to keep you signed in and to cache data for offline use. We do not use third-party tracking cookies, pixels, or analytics on the web app. Clearing your browser storage will sign you out and clear cached data - your server-side data remains intact.

8. Family sharing

If you create or join a Family group inside the app:

Other members of the Family can see expenses, budgets, and savings goals you mark as shared.
Members can see each other's display name and email.
Personal expenses you do not mark as shared remain visible only to you.
You can leave the Family at any time from Settings → Family; doing so stops further sharing but does not retroactively remove previously shared entries from other members' history.
Adding a member requires them to accept the invite from their own account.

9. Subscriptions, billing & refunds

ExpenseFlow Premium is sold as an auto-renewing subscription through Google Play Billing. Pricing is shown inside the app before purchase. Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current period.

Manage / cancel: Google Play Store → Profile → Payments & subscriptions → Subscriptions.
Refunds: handled by Google Play under their refund policy. We can support refund requests but the final decision rests with Google.
What we store: the purchase token and product ID returned by Google Play, used to verify your subscription status. We do not see or store your card details - those stay with Google.

10. Financial disclaimer

ExpenseFlow is a personal-finance tracker, not a financial advisor. AI Coach responses, category suggestions, budget recommendations, and any references to financial products (PPF, ELSS, NPS, mutual funds, insurance, etc.) are for general educational and informational purposes only. They do not constitute investment advice, tax advice, or any other professional advice. QuantumCreations is not registered with SEBI, IRDAI, or any other financial regulator. Please consult a SEBI-registered investment adviser or qualified tax professional before making financial decisions.

11. Data retention

Account & expenses: retained until you delete your account.
After account deletion: live data is removed within 7 days; encrypted backups expire within 30 days.
Crash logs & telemetry: 90 days.
Support emails: retained for as long as needed to resolve your query, then up to 12 months.
Billing records: retained as long as required by Indian tax law (typically 8 years for GST records).

12. Security

In transit: TLS 1.2 or higher between your device, our backend, Supabase, and Google services.
At rest: AES-256 on Supabase infrastructure.
Access control: Supabase Row-Level Security ensures each user can only read their own data.
Authentication: JWT-based with short-lived tokens; biometric app-lock available.
Not end-to-end encrypted: server-side systems can read your data when needed for sync, family sharing, AI features, support, and security investigations.

No system is perfectly secure. If you discover a vulnerability, please email us at Quantumcreations.in@gmail.com with the subject line "Security report".

13. Your rights (GDPR / CCPA / DPDPA)

Depending on where you live you have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your data ("right to erasure").
Export your data in a portable format (CSV).
Withdraw consent for AI features (turn off the AI Coach in Settings).
Object to or restrict certain processing.
Lodge a complaint with your local data-protection authority (e.g., DPB of India under DPDPA, ICO in the UK, your EU Member State authority for GDPR).

Most rights can be exercised directly in the app (Settings → Data). For any other request email us - we respond within 30 days.

14. How to delete your account

You can delete your account in two ways:

In-app (fastest): Open ExpenseFlow → Settings → Profile → Delete Account. Type DELETE to confirm. All your data is removed within 7 days.
Web (no app required): email Quantumcreations.in@gmail.com from the email address tied to your ExpenseFlow account with the subject line "Account Deletion Request". We will verify ownership and confirm deletion within 7 working days.

What gets deleted: your profile, all expenses, budgets, sinking funds, family memberships you own, AI coach chat history, and your authentication record. Anonymised aggregate analytics that cannot be linked back to you may be retained.

15. Children's privacy

ExpenseFlow is not directed to children. You must be at least 13 years old to use the Service. In the European Economic Area the minimum age is 16; in India the minimum age for non-essential processing under DPDPA is 18 unless verifiable parental consent is provided. We do not knowingly collect data from anyone below these ages. If you believe a child has created an account, contact us and we will delete it.

16. International data transfers

Supabase, Google, and our other processors operate globally. Your data may be processed in the United States, the European Union, India, or other countries where these providers run infrastructure. Where required by law (GDPR, DPDPA), we rely on standard contractual clauses and the providers' approved transfer mechanisms.

17. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top will reflect the latest revision. For material changes (e.g., new categories of data, new AI processing, enabling advertising, new third-party recipients) we will notify you in-app and / or by email at least 14 days before the changes take effect. Continued use of the Service after the effective date means you accept the updated Policy.

18. Governing law & jurisdiction

This Policy and any dispute arising from it are governed by the laws of India. Subject to your statutory rights as a consumer, the courts of Pune, Maharashtra, India shall have exclusive jurisdiction.

19. Contact & Grievance Officer

For any privacy-related question, request, or complaint:

General privacy contact: Quantumcreations.in@gmail.com
Grievance Officer (DPDPA, India): Quantumcreations.in@gmail.com - please include "Grievance - DPDPA" in the subject line.
Response time: we acknowledge within 72 hours and resolve grievances within 30 days as required by DPDPA.