SpendQ Buddy

Welcome to the SpendQ Buddy application (“Application”, “we”, “us”). This Privacy Policy explains how we collect, use, share, and store your data and outlines your rights regarding data protection. By using the Application and related services (“Services”), you agree to the data processing practices described in this Privacy Policy. If you do not agree with any part of the Policy, please do not use the Application.

1. Scope of the Policy

This Policy applies to all users – individuals who use the Application worldwide. We strive to protect users’ privacy in accordance with applicable regulations in all jurisdictions where we operate. If you have questions regarding the processing of your personal data or wish to exercise any of the rights you are entitled to under this Policy and relevant laws, you can contact us via email: [email protected] (with the subject “Data Protection”).

2. Methods of Data Collection and Processing

2.1. Data We Collect

Account Information
Email and Password: If you register using an email address and password, we collect your email address to access your account, facilitate communication, and provide other essential functionalities.
Anonymous Registration: If you register anonymously, a generic Firebase account is created without additional personal data.

Communications
When you contact us (via email), we may collect information you share with us solely for the purpose of resolving your inquiries and improving the Services.

Use of the Application
We collect general data about your interaction with the Application (e.g., how many bills you process, whether you use QR codes or images, if you make in-app purchases, date and time of access, device type or operating system) to better understand user needs and enhance the Services. In certain countries, specific information about your device or how you use the Application may be considered personal data if it allows for direct or indirect identification of users in accordance with applicable laws.

Account Processing (QR, Images, PDF)
Manual Entry of Items: Users can manually enter bill items, and this data is stored within their account.
QR Codes, Photos, and PDF Files: The Application allows uploading and converting data from QR codes, photos, and PDFs to record and categorize bills.
In doing so, extracted textual data may be sent to external services (e.g., OCR, AI analytics) to create a structured display of bill items.
We do not store original images, PDFs, or complete bill contents, except for necessary information about items (e.g., names, prices, categories) to the extent required for the functioning of the Application.

2.2. In-app Purchases

The application offers three types of purchases:

• Ad Removal Subscription – Allows you to remove ads while using the Application.
• OCR Credits (Consumable Product) – Required for processing bills via image or PDF.
• Lifetime Purchase of Additional Categories – Allows you to permanently obtain a greater number of user-defined categories with a one-time purchase.

Please note that to facilitate these purchases, the Application may access information about your transactions within app stores (Google Play Store, Apple App Store) solely to verify the purchase and enable the purchased functionalities. We do not collect, process, or store payment card numbers or other financial payment data.

3. Use of Collected Data

We use the collected data exclusively for:

• Providing Services and Personalization – To enable access to the Application, create user accounts, categorize bills, and other key functionalities.
• Bill Processing – To facilitate the creation, recording, and categorization of bills from various sources (e.g., QR codes, images, PDFs).
• Security and Maintenance – To prevent misuse, detect errors, perform updates, and ensure the reliable functioning of the Application.
• Analytics and Service Improvement – To understand how the Application is used and enhance the user experience, aggregated or anonymized data may be collected through analytical services.
• Communication – To inform you about updates, security issues, new functionalities, or offers related to the Application.
• Legal Compliance – To fulfill legal or regulatory obligations and respond to requests from competent authorities when necessary.

Legal Basis for Processing
In most cases, we base data processing on fulfilling a contract (using the Application) or legitimate interests for improving and protecting services. For certain activities, such as sending marketing notifications (if any), we may rely on your consent, which you can withdraw at any time.

4. Data Sharing and Transfer

Trusted Service Providers
We may engage trusted third parties for technical support, hosting, data processing, or analytics (e.g., OCR, AI categorization, cloud hosting). All such service providers are required to keep the data they receive confidential and use it solely for the purposes we define.

Analytical Services
To understand the use of the Application and further enhance it, we may share certain data (primarily in aggregated or anonymized form) with analytical platforms (e.g., Google Analytics, Sentry, or similar SDKs). This never includes confidential or sensitive information.

Legal and Regulatory Reasons
We may disclose information about you if we believe it is necessary to comply with legal obligations, protect our rights, or the rights of other users (e.g., by court order or other competent authority).

International Transfer
Your data may be processed and stored on servers outside the country where you reside (e.g., if we use servers in the EU, USA, or another country). When we make such transfers, we take appropriate protective measures in accordance with applicable regulations (e.g., standard contractual clauses, encryption, etc.).

We Do Not Sell Personal Data
We do not rent, sell, or otherwise monetize users’ personal data.

5. Data Security

We implement technical and organizational security measures (e.g., TLS protocol encryption, limited data access, authorization, and authentication) to prevent unauthorized access, disclosure, or misuse of data. However, no system is 100% secure; therefore, we cannot guarantee absolute security during data transmission or storage. Users are responsible for keeping their access credentials (passwords, tokens) secure and for notifying us in case of suspected misuse.

6. Cookies and Tracking Technologies

The Application does not use traditional cookies (HTTP cookies). However, we may use similar technologies or tools to collect aggregated data on the use of the Application and improve the user experience. These technologies enable performance tracking, error detection, and analytics but do not record immediate personal data such as names, addresses, etc. If you want more information on how these identifiers are used or wish to limit or disable such tracking, you can contact us or check the privacy settings options on your device.

7. Children and Minors

The Application is not intended for children under the age of 13 (or the age defined by local child protection laws). We do not knowingly collect data from children. If you believe that a child has provided us with their data, please contact us so we can remove it.

8. Your Rights

In accordance with applicable data protection regulations (e.g., GDPR, CCPA, LGPD, etc.), you may have the following rights regarding your personal data:

• Access and Data Copy – You have the right to request information about the personal data we process and, where applicable, to obtain a copy of that data.
• Correction and Supplementation – You can request the updating or correction of inaccurate, incomplete, or outdated data.
• Deletion (“Right to Be Forgotten”) – You can request that we delete your personal data if there is no longer a legal basis or contractual obligation preventing us from doing so.
• Restriction of Processing – In certain situations (e.g., disputing data accuracy), you have the right to request temporary restriction of the processing of your data.
• Objection to Processing – You can object to the processing of your data at any time, especially if the processing is for direct marketing or profiling purposes.
• Data Portability – When processing is based on your consent or contract, you can request that we transfer your data to another controller where technically feasible.
• Withdrawal of Consent – If processing is based on your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.
• Filing a Complaint – If you believe we are processing your data contrary to applicable regulations, you have the right to file a complaint with the relevant data protection authority (e.g., Data Protection Commissioner, EU authority, California Attorney General, or another competent body).

Response Time
We strive to respond to all requests within 30 days of receipt, unless additional time is needed, in which case we will inform you.

Contact for Exercising Rights
To exercise any of these rights or for additional information, you can contact us via email: [email protected]

9. Changes to the Privacy Policy

We reserve the right to periodically update and modify this Privacy Policy. All changes take effect immediately upon being posted in the Application or on the website. In the case of significant changes, we will notify you (e.g., via email, notification, or prominent notice within the Application). The date of the last update will be highlighted at the top of the Policy.

10. Contact

If you have any questions, concerns regarding data processing, wish to exercise any of the aforementioned rights, or report a potential privacy breach, you can contact us at: [email protected]

11. Acceptance of the Policy

By registering (either via email and password or anonymously) and using the Application, you confirm that you have read, understood, and accepted this Privacy Policy, and that you agree to the processing of your data in accordance with it.

---

Contact Email: [email protected]