XpendsterXpendster

Privacy Policy for Xpendster

Last Updated: 2026-07-02

Introduction

Xpendster ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Xpendster (the "App"). Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

Information We Collect

1. Account Information

  • Email Address: Collected when you create an account using email/password or Google Sign-In
  • User ID: A unique identifier (Firebase UID) assigned to your account
  • Authentication Data: Information required for account authentication and security

2. Financial and Budget Data

  • Plans: Budget plans you create or join
  • Transactions: Income, expenses, and financial transactions you record
  • People: Names and information about people in your plans
  • Categories: Transaction categories you create
  • Templates: Recurring transaction templates
  • Debt Accounts: Debt tracking information
  • Comments: Comments you add to transactions
  • Audit Logs: Records of actions taken in shared plans (for transparency and accountability)

3. User Preferences

  • Display preferences (column visibility, sorting, grouping)
  • Date format preferences
  • Notification preferences
  • UI customization settings

4. Plan Sharing Data

  • Members: Information about users who share plans with you
  • Invitations: Invite codes and QR codes for plan sharing
  • Roles: Your role in shared plans (owner, contributor, read-only)
  • Person Mappings: Which person in a plan you represent

5. Technical Information

  • FCM Tokens: Push notification tokens for sending you notifications
  • Device Information: Basic device information necessary for app functionality
  • Network Status: Information about your internet connectivity (for sync status)

6. Backup Data

  • Local backups you create (stored on your device)
  • Backup preferences and settings

How We Use Your Information

We use the information we collect to:

  1. Provide Core Services:
    • Create and manage your budget plans
    • Store and sync your financial data across devices
    • Enable plan sharing and collaboration features
    • Send push notifications about plan activities
  2. Authentication and Security:
    • Authenticate your identity
    • Secure your account and data
    • Prevent unauthorized access
  3. Improve User Experience:
    • Remember your preferences and settings
    • Provide personalized features
    • Maintain sync status across devices
  4. Communication:
    • Send notifications about plan invitations, member changes, and other plan activities
    • Notify you of important account events

Third-Party Services and SDKs

We use the following third-party services that may collect information:

1. Firebase Services (Google)

2. Google Sign-In

  • Credential Manager API: Enables Google Sign-In authentication

3. Other Libraries

  • Coil: Image loading library (no data collection)
  • ZXing: QR code scanning library (no data collection)
  • MPAndroidChart: Chart rendering library (no data collection)
  • Room Database: Local database (no external data collection)

Data Storage and Security

Local Storage

  • Your data is stored locally on your device using Room Database
  • Local backups are stored on your device and are not transmitted to us

Cloud Storage

  • When you sign in, your data is synced to Firebase Firestore (Google Cloud)
  • Data is encrypted in transit (HTTPS) and at rest
  • We use Firebase security rules to ensure only authorized users can access their data

Data Retention

  • Your data is retained as long as your account is active
  • You can delete your account and data at any time through the app
  • Deleted data may remain in backups for a limited time before being permanently deleted

Data Sharing and Disclosure

Plan Sharing

  • When you share a plan with other users, they can see:
    • Plan data (transactions, people, categories)
    • Your role and person mapping in the plan
    • Audit logs of actions you take in the plan
  • You control who has access to your shared plans through invitations

We Do Not:

  • Sell your personal information to third parties
  • Share your data with advertisers
  • Use your data for marketing purposes unrelated to the App
  • Access your financial data except as necessary to provide the service

Legal Requirements

We may disclose your information if required by law or in response to valid legal requests.

Your Rights and Choices

Access and Correction

  • You can access and modify your data through the App
  • You can update your account information at any time

Data Deletion

  • You can delete individual transactions, plans, or other data through the App
  • You can delete your entire account, which will remove your data from our servers
  • Note: Data in shared plans may remain visible to other members even after you leave

Notification Preferences

  • You can control notification preferences in the App settings
  • You can opt out of push notifications (though this may limit plan sharing features)

Account Deletion

  • To delete your account, use the account deletion feature in the App, or see our Account Deletion page
  • Account deletion will remove your data from our servers, but data in shared plans may remain

Permissions We Request

Camera Permission

  • Purpose: To scan QR codes for plan invitations and to scan receipts
  • When Used: Only when you choose to scan a QR code or a receipt
  • Data: Receipt images are processed on your device; we do not store or transmit camera images
  • Required: Yes, for QR code and receipt scanning features

Internet Permission

  • Purpose: To sync your data with Firebase and enable cloud features
  • Required: Yes, for cloud sync functionality

Network State Permission

  • Purpose: To check internet connectivity and show sync status
  • Required: Yes, for sync status indicators

Notification Permission

  • Purpose: To send push notifications about plan activities
  • Required: Optional, but recommended for plan sharing features

Children's Privacy

Our App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have that information removed.

International Data Transfers

Your data may be stored and processed in servers located outside your country of residence. By using the App, you consent to the transfer of your data to these servers. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy in the App
  • Updating the "Last Updated" date
  • For significant changes, we may provide additional notice

Your continued use of the App after changes become effective constitutes acceptance of the updated Privacy Policy.

Data Controller Information

Contact Information:

For questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at support@xpendster.com.

Compliance

This Privacy Policy is designed to comply with:

  • General Data Protection Regulation (GDPR) for users in the European Union
  • California Consumer Privacy Act (CCPA) for users in California
  • Other applicable privacy laws

Additional Information for EU Users

If you are located in the European Union, you have additional rights under GDPR:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain processing of your data

To exercise these rights, please contact us using the information provided above.

Additional Information for California Users

If you are a California resident, you have rights under CCPA:

  • Right to Know: Request information about data collection and sharing
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell your data)

To exercise these rights, please contact us using the information provided above.