Last update of this document

30th May 2018

Permissions requested by the application

The following permissions are requested by the application. The list is not exhaustive, only most sensitive permissions are explained here.

• Read Contacts: When you add a friend, the application will propose names and pictures of your contacts in order to improve your user experience. The contact email and mobile phone number is collected and modifiable by the user. Email and mobile phone number may be used by the application to help the user when he wants to share an event. The event can be shared by SMS using the contact's mobile phone number, or by email using the contact's email address. When an event is shared, the event members emails and mobile phones are not shared anymore since version 3.1 of the application (they were shared in previous versions and have been removed for privacy purposes). All collected contact data is visible and modifiable by the user.
• Get Accounts: This permission is needed to access the user Google Drive data. The application can interact with the user Google Drive data in 2 situations:
  1. when automatic backup is activated by the user on an event. Once a day, if an event data has changed, the application will save the event data in a private directory of the user Google Drive account.
  2. when an event receipts sharing is activated using Google Drive. In this case, all shared receipts are placed in a public Google Drive folder (public but not referenced by Google, anyone having the link to the Google Drive folder can browse and modify it).
• Get Location: The application can request the mobile location in a very specific case: when a new operation is created and the location field is activated by the user. This function will store the location in the created operation as a text format (like the city name). The location is visible and modifiable by the user.
• Camera: This permission is needed only for the functionality "Scan a receipt". When entering an operation, it is possible to take a picture of a receipt or anything to attach to the operation. This option is available only if the permission is granted.
• SMS: In case of event sharing the application may need to manage SMS. Some SMS can be sent or read by the application in following cases:
  1. Sending: When the user wants to share an event with some friends, the application allows to do it by SMS. In this case the application generates and send itself the SMS in order to guaranty that it will not be modify by the user and that it will be correctly interpreted by the application installed on the destination mobile phones.
  2. Reading: When an SMS coming from an ABCBA application is received on a mobile having the application installed, it is automatically analysed by the application and a notification is displayed to the user to inform that an new event has been shared to him. The user can connect to the new event with one single click on the event.
• Storage: Several functionalities depend on that permission. All functionalities needing access to files like an event import, a receipt scan, attachement of a PDF to an operation...

Special warning about event sharing

When the user shares an event almost all the data of the event is published on a server. This publication is public but normally not referenced by search engines like Google. This means that anybody having the link to the event can have access to the data it contains. If the event contains sensitive data it must not be shared.

Developer responsibility

The application is proposed as is to the users. The developer responsibility cannot be involved in case of data loss. This is true in any cases, even if the data loss is due to an application bug. The application proposes automatic backup and manual export features. It is highly recommended to use them to limit the risk of data loss.

The application is doing some calculations. This is the user responsibility to verify that calculations are correct. Even if the developer is doing his best to avoid bugs, a bug can be introduced at any time during the application maintenance, the developer is not responsible in case of calculation errors.

If the user shares an event he exposes the event data to the world. The developer is not responsible in case of shared data retrieved by third party.