# Privacy Policy — Finance App
**Last updated:** March 6, 2026
SunflowerCode, Entreprise Individuelle ("we", "us", or "our"), operated by Oleksandr Skrykulyak, publishes and operates the Finance App mobile application (the "App"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our App.
**Publisher:** SunflowerCode — Entreprise Individuelle
**Representative:** Oleksandr Skrykulyak
**Email:** sunflowercode@hotmail.com
**Country:** France
By using the App, you agree to the collection and use of information as described in this policy.
---
## 1. Information We Collect
### 1.1 Account Information
When you create an account, we collect:
- **Email address** and **password** (if you register with email)
- **Name**, **email**, and **profile photo URL** (if you sign in with Google or Facebook)
Authentication is handled securely by Firebase Authentication. Passwords are never stored in plain text.
### 1.2 Financial Data (Entered by You)
The App allows you to manually enter and manage:
- Bank account names and balances
- Transactions (amounts, dates, descriptions, categories)
- Recurring payments and direct debits
- Budgets and budget envelopes
- Savings accounts (livrets) and financial goals
- Advances and debts
- Tax-related expenses (mileage, professional charges, real estate)
- Meal vouchers and overtime hours
- Net worth history
**This data is stored locally on your device** and is not sent to any server unless you explicitly use the shared family/group features.
### 1.3 Receipt Scanning (Camera)
If you use the receipt scanner, the App accesses your camera to photograph receipts. Images are processed **entirely on-device** using Google ML Kit (text recognition). The extracted data (store name, amount, VAT) is saved locally. **No receipt images are uploaded to any server.**
### 1.4 Biometric Data
If you enable biometric app lock, your fingerprint or face data is processed **entirely by your device's operating system**. We never access, store, or transmit biometric data.
### 1.5 Shared Family Spaces (Cloud Data)
If you choose to create or join a shared family/group space ("Room"), the following data is stored in Firebase Firestore (Google Cloud):
- Room name, members (name, email, role)
- Shared expenses, debts, and budgets
- Shared calendar events, to-do lists, and shopping lists
- Shared savings accounts
**Only room members can access this data.** Access is controlled by Firestore security rules that enforce authentication and membership verification.
### 1.6 Notifications
- **Local notifications:** Budget alerts, payment reminders, daily summaries — processed entirely on-device.
- **Push notifications:** If you join a shared room, we use Firebase Cloud Messaging (FCM) to notify you of room activity (new expenses, debts, members). Your FCM device token is stored in your user profile on Firestore.
### 1.7 AI Financial Coaching
If you use the AI financial coach, **aggregated and anonymized** financial summaries are sent to the Google Gemini API:
- Total expenses, revenues, balance, savings
- Budget health score (numeric)
- Top spending category name
- Detected anomalies (category name and amounts only)
**We do NOT send:** transaction descriptions, account names, personal names, bank account numbers, or any individually identifiable financial details.
### 1.8 Distance Calculation (Google Maps)
If you use the mileage distance calculator, the App sends your **home address** and **work address** to the **Google Maps Directions API** to calculate the driving distance between the two locations (A→B and B→A). This calculation is performed **in the background** without displaying a map.
**What is sent:** The two addresses you enter (origin and destination).
**What is received:** Driving distance in kilometers and estimated duration.
**No location tracking:** The App does NOT track your GPS location, does NOT use geolocation, and does NOT access your device's location services.
The addresses are stored **locally on your device** as part of your mileage configuration. They are not shared with anyone except Google Maps API for distance calculation purposes.
For more details, see [Google Maps Platform Terms of Service](https://cloud.google.com/maps-platform/terms).
### 1.9 Open Banking (Plaid)
If you choose to link a bank account via Plaid, bank connection data is processed server-side through secure Cloud Functions. Plaid access tokens are stored securely on our servers and are never exposed to the client app. This feature is optional and requires your explicit consent.
### 1.10 Crash Reports
We use Firebase Crashlytics to collect anonymous crash reports, including:
- Stack traces, device model, OS version
- App version and crash timestamps
**No personal financial data or user-identifiable information is included in crash reports.**
### 1.11 Advertising Data
The App uses **Google AdMob** to display advertisements to users of the free (Essential) version. AdMob may collect and use:
- Device advertising identifier (AAID/IDFA)
- Approximate location (IP-based)
- Device information (model, OS version, screen size)
- App usage data and ad interaction data
Google AdMob uses this data to serve personalized or non-personalized ads depending on your consent preferences. You may opt out of personalized advertising through your device settings at any time.
**Premium subscribers do not see advertisements.** Ads are only displayed to free-tier users.
For more details, see [Google's Advertising Privacy Policy](https://policies.google.com/technologies/ads).
### 1.12 Subscription and Purchase Data
If you subscribe to the Premium plan (monthly or annual), your purchase is processed entirely by **Google Play Billing**. We do NOT collect or store:
- Credit card numbers or payment details
- Billing address
We only receive from Google Play:
- Your subscription status (active, expired, cancelled)
- Purchase token (to verify your subscription)
- Subscription type (monthly or annual)
All payment processing is handled by Google. See [Google Play's Terms of Service](https://play.google.com/about/play-terms/).
---
## 2. App Versions and Features
The App is available in two tiers:
| Feature | Essential (Free) | Premium (Subscription) |
|---------|-------------------|----------------------|
| Basic financial management | ✅ | ✅ |
| Advertisements | Yes (Google AdMob) | **No ads** |
| AI Financial Coaching | Limited | Full |
| Shared Family Rooms | Limited | Full |
| All premium features | ❌ | ✅ |
---
## 3. How We Use Your Information
We use the information collected to:
- Provide and maintain the App's features
- Authenticate your identity
- Synchronize shared family/group financial data
- Send you relevant notifications (budget alerts, payment reminders)
- Provide AI-powered financial coaching insights
- Display advertisements to free-tier users
- Verify subscription status for Premium users
- Diagnose crashes and improve App stability
- Link your bank accounts (if you opt in to Open Banking)
**We do NOT:**
- Sell your personal financial data to third parties
- Share your financial data with advertisers
- Share your financial data with anyone except the members of your shared rooms (which you control)
---
## 4. Third-Party Services
The App uses the following third-party services, each with their own privacy policies:
| Service | Purpose | Privacy Policy |
|---------|---------|----------------|
| **Firebase Authentication** | User sign-in | [Google Privacy Policy](https://policies.google.com/privacy) |
| **Firebase Firestore** | Cloud storage for shared rooms | [Google Privacy Policy](https://policies.google.com/privacy) |
| **Firebase Cloud Messaging** | Push notifications | [Google Privacy Policy](https://policies.google.com/privacy) |
| **Firebase Crashlytics** | Crash reporting | [Google Privacy Policy](https://policies.google.com/privacy) |
| **Google AdMob** | Advertising (free tier only) | [Google Ads Privacy](https://policies.google.com/technologies/ads) |
| **Google Play Billing** | Subscription management | [Google Play Terms](https://play.google.com/about/play-terms/) |
| **Google Gemini AI** | AI financial coaching | [Google AI Privacy](https://ai.google/responsibility/privacy/) |
| **Google Maps Directions API** | Distance calculation (mileage) | [Google Maps Terms](https://cloud.google.com/maps-platform/terms) |
| **Google ML Kit** | On-device receipt OCR | Processed on-device, no data sent |
| **Facebook Login** | Social authentication | [Facebook Data Policy](https://www.facebook.com/policy.php) |
| **Plaid** | Open Banking integration | [Plaid Privacy Policy](https://plaid.com/legal/#end-user-privacy-policy) |
---
## 5. Data Storage and Security
- **Local data** is stored on your device in an encrypted application sandbox. The App supports encrypted backups.
- **Cloud data** (shared rooms only) is stored on Google Firebase servers in secured infrastructure with access controlled by authentication and Firestore security rules.
- **Advertising data** is processed by Google AdMob according to Google's privacy policies. You can manage your ad preferences in your Google account settings.
- **Communication** between the App and cloud services is encrypted via HTTPS/TLS. Cleartext traffic is disabled (`android:usesCleartextTraffic="false"`).
- **Release builds** employ code obfuscation (R8/ProGuard) and resource shrinking, removing debug logs.
---
## 6. Data Backup and Export
- The App performs automatic daily local backups saved to your device.
- You can manually export and import your financial data as JSON files.
- Backup files are stored **on your device only** and are never automatically uploaded to any cloud service. You control where you save or share them.
---
## 7. Data Retention
- **Local data:** Stored on your device until you delete it or uninstall the App.
- **Cloud data (shared rooms):** Retained as long as the room exists. Room creators can delete rooms and all associated data.
- **Account data:** Retained as long as your Firebase account exists. You can request account deletion at any time.
- **Crash reports:** Retained for 90 days by Firebase Crashlytics.
---
## 8. Your Rights
You have the right to:
- **Access** your personal data stored in the App
- **Export** all your financial data at any time (JSON backup)
- **Delete** your data by clearing the app data or uninstalling
- **Delete your account** and associated cloud data by contacting us
- **Opt out** of biometric lock, AI coaching, push notifications, or Open Banking at any time
- **Opt out** of personalized ads via your Google account ad settings
- **Upgrade to Premium** to remove all advertising
- **Leave shared rooms** to stop sharing financial data with other members
---
## 9. Children's Privacy
The App is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately.
---
## 10. Permissions Used
| Permission | Why |
|-----------|-----|
| Internet / Network State | Cloud sync, API calls |
| Camera | Receipt scanning (optional) |
| Biometric / Fingerprint | App lock (optional) |
| Storage (Android ≤ 12) | Backup import/export |
| Media Images (Android 13+) | Receipt photo access |
| Notifications | Budget alerts, payment reminders, room activity |
| Boot Completed | Restart scheduled reminders after reboot |
| Exact Alarm | Daily reminders, recurring payment alerts |
| Wake Lock | Prevent sleep during backup |
---
## 11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or via the email associated with your account. The "Last updated" date at the top indicates the most recent revision.
---
## 12. Contact Us
If you have any questions or requests regarding this Privacy Policy or your personal data, please contact us at:
**SunflowerCode**
Entreprise Individuelle — Oleksandr Skrykulyak
Address: 35 Rue du Brévail, 21470 Brazey-en-Plaine, France
Email: **sunflowercode@hotmail.com**