SpendQ Buddy

Welcome to the SpendQ Buddy application ("Application," "we," "us"). This Privacy Policy explains how we collect, use, share, and store your information and describes your rights regarding data protection. By using the Application and related services ("Services"), you agree to the data processing practices described in this Privacy Policy. If you do not agree with any part of this Policy, please do not use the Application.

Application of the Policy

This Policy applies to all users – natural persons using the Application worldwide. We strive to protect the privacy of users in accordance with applicable regulations in all jurisdictions where we operate. If you have any questions regarding the processing of your personal data or wish to exercise any of the rights you have under this Policy and relevant laws, you can contact us via email: [email protected] (with the subject "Personal Data Protection").

2. Methods of Data Collection and Processing

2.1. Data We Collect

Account Information
Email and password: If you register using an email address and password, we collect your email address in order to provide account access, facilitate communication, and other basic functionalities.
Guest login: If you log in anonymously, a generic Firebase account is created without additional personal data.

Communications
When you contact us (via email), we may collect information you share with us solely for the purpose of resolving your inquiries and improving the Services.

Use of the Application
We collect general information about your interaction with the Application (e.g. how many receipts you process, whether you use a QR code, image, audio recording, or whether you make in-app purchases, date and time of access, device type or operating system) to better understand user needs and improve the Services. In some countries, certain information about your device or how you use the Application may be considered personal data if it enables direct or indirect identification of the user in accordance with applicable laws.

Receipt Processing (QR, images, audio recording, PDF)
Manual entry of items: The user can manually enter receipt items, and such data is stored within the account.
QR codes, photos, audio recordings, and PDF files: The Application enables loading and converting data from QR codes, photos, audio recordings, and PDFs for the purpose of recording and categorizing receipts.
In doing so, extracted textual data may be sent to external services (Google Cloud Vision, OpenAI) in order to create a structured display of receipt items.
We do not store original images, audio recordings, PDFs, or complete receipt contents, except for the necessary information about items (e.g. names, prices, categories) to the extent needed for the functioning of the Application.

2.2. In-app Purchases

There are three types of purchases in the application:

• Subscription to remove ads – Allows removing ad displays while using the Application.
• Credits – Required for processing receipts via images, audio recordings, or PDFs.
• Additional categories – Allows you to make a purchase to obtain more categories.

Please note that to facilitate these purchases, the Application may access information about your transactions within app stores (Google Play Store, Apple App Store) solely to verify the purchase and enable the purchased functionalities. We do not collect, process, or store credit card numbers or other financial payment information.

3. Use of Collected Data

We use the collected data exclusively for:

• Providing services and personalization – To enable access to the Application, create user accounts, categorize receipts, and other key functionalities.
• Receipt processing – To facilitate creating, recording, and categorizing receipts from various sources (e.g. QR code, images, audio recording, PDF).
• Security and maintenance – To prevent misuse, detect errors, update, and ensure reliable operation of the Application.
• Analytics and service improvement – To understand how the Application is used and improve the user experience, aggregated or anonymized data may be collected through analytics services.
• Communication – To notify you about updates, security issues, and new features or offers related to the Application.
• Legal compliance – To fulfill legal or regulatory obligations and comply with requests from competent authorities when necessary.

Legal basis for processing
In most cases, we base data processing on the fulfillment of a contract (use of the Application) or our legitimate interest in improving and protecting the services. For certain activities, such as sending marketing notifications (if any), we may rely on your consent, which you have the right to withdraw at any time.

4. Sharing and Transfer of Data

Trusted service providers
We may engage trusted third parties for technical support, hosting, data processing, or analysis. All such service providers are required to keep any received data confidential and use it solely for the purposes we define.

Analytical services
In order to understand the use of the Application and further improve it, we may share certain data (mainly in aggregated or anonymized form) with analytics platforms (e.g. Google Analytics, Sentry, or similar SDKs). This never includes confidential or sensitive information.

Legal and regulatory reasons
We may disclose information about you if we believe it is necessary to fulfill legal obligations, protect our rights or the rights of other users (e.g. upon court order or request from a competent authority).

International transfer
Your data may be processed and stored on servers outside the country in which you reside (e.g. if we use servers in the EU, the US, or another country). When we perform such transfers, we take appropriate protective measures in accordance with applicable regulations (e.g. standard contractual clauses, encryption, etc.).

Use of Google AdMob and Personalized Ads
We use the Google AdMob platform to display ads within the Application. Google AdMob may collect device identifiers (including Apple’s Advertising Identifier IDFA on iOS and the Google Advertising ID on Android) to provide personalized or targeted advertisements based on user behavior and interactions. These identifiers can be treated as personal data, as they may be linked to your identity or device. App Tracking Transparency (ATT): On iOS devices, if you grant permission for tracking (via the ATT prompt), AdMob may use your device’s IDFA to serve more relevant ads based on your app usage patterns and interactions.
Opting Out of Personalized Ads: If you choose not to allow tracking or have disabled personalized ads in your device’s settings, you will still see ads, but they will be non-personalized and based on more general context (such as the content of the app) rather than your personal interests or browsing history. For more information on how Google handles user data, please see Google’s Privacy Policy.

We do not sell personal data
We do not rent, sell, or otherwise monetize users’ personal data.

5. Data Security

We implement technical and organizational security measures (e.g. TLS encryption, restricted data access, authorization, and authentication) to prevent unauthorized access, disclosure, or misuse of data. However, no system is 100% secure; therefore, we cannot guarantee absolute security during data transmission or storage. Users are responsible for safeguarding their access credentials (passwords, tokens) and for notifying us if they suspect any misuse.

6. Cookies and Tracking Technologies

The Application does not use traditional HTTP cookies. However, we may use similar technologies or tools to collect aggregated data about the use of the Application and improve the user experience. These technologies enable performance monitoring, error detection, and analytics, but do not record immediate personal data such as name, address, etc. If you would like more information about how these identifiers are used or wish to limit or disable such tracking, you can contact us or review the privacy settings options on your device.

7. Children and Minors

The Application is not intended for children under 13 years of age (or the age defined by local child protection laws). We do not knowingly collect data from children. If you believe a child has provided us with their data, please contact us so we can remove it.

8. Your Rights

In accordance with applicable data protection regulations, you may have the following rights regarding your personal data:

• Access and copy of data – You have the right to request information about which personal data we process and, where applicable, to obtain a copy of such data.
• Rectification and supplementation – You can request the updating or correction of inaccurate, incomplete, or outdated data.
• Erasure ("right to be forgotten") – You can request that we delete your personal data if there is no longer any legal basis or contractual obligation preventing us from doing so.
• Restriction of processing – In certain situations (e.g. you dispute the accuracy of the data), you have the right to request the temporary restriction of the processing of your data.
• Objection to processing – You can object at any time to the processing of your data, especially if processing is carried out for direct marketing or profiling purposes.
• Data portability – When processing is based on your consent or a contract, you may request that your data be transferred to another controller, where technically feasible.
• Withdrawal of consent – If processing is based on your consent, you have the right to withdraw it at any time, without affecting the legality of processing carried out before withdrawal.
• Lodging a complaint – If you believe that we are processing your data contrary to applicable regulations, you have the right to lodge a complaint with the competent data protection authority (e.g. the Commissioner, the authority in the EU, the California Attorney General, or another relevant body).

Response time
We strive to respond to all requests within 30 days of receipt, unless additional time is required, in which case we will notify you.

Contact for exercising rights
To exercise any of these rights or for additional information, you can contact us at: [email protected]

9. Changes to the Privacy Policy

We reserve the right to periodically update and change this Privacy Policy. Any changes become effective immediately upon publication in the Application or on the website. In the event of significant changes, we will notify you (e.g. via email, notification, or prominent notice within the Application). The date of the last update will be indicated at the top of the Policy.

10. Contact

If you have any questions or concerns regarding data processing, wish to exercise any of the mentioned rights, or report a possible privacy violation, please contact us at: [email protected]

11. Acceptance of the Policy

By registering (whether via email address and password or anonymously) and using the Application, you confirm that you have read, understood, and accepted this Privacy Policy, and that you consent to the processing of your data in accordance with it.

---

Contact email: [email protected]