# Privacy Policy for Budget Tracker
**Last Updated: March 26, 2026**
## 1. Introduction
Welcome to Budget Tracker (“we,” “our,” or “us”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of information when you use our mobile application (“App”).
Budget Tracker is designed with privacy as a fundamental principle. Our app operates primarily offline with minimal online connectivity for currency exchange rate updates. We collect minimal data necessary for app functionality and do not collect, store, or transmit personal data to our servers except as described in this policy.
## 2. Information We Do Not Collect
### 2.1 Personal Information
We do not collect any personally identifiable information, including but not limited to:
– Names, email addresses, phone numbers
– Location data (except as described in Section 3.1)
– Device identifiers
– IP addresses
– User accounts or authentication data
### 2.2 Usage Analytics
We do not collect:
– App usage statistics
– Crash reports or error logs
– Performance metrics
– User behavior analytics
– Any form of tracking data
### 2.3 Financial Data
While you may enter financial information into the app for personal tracking:
– This data remains exclusively on your device
– We never access, collect, or transmit this information
– All processing occurs locally on your device
## 3. Third-Party Services and Data Collection
### 3.1 Google Mobile Ads (AdMob)
If you use the free version of our app, advertisements may be displayed by Google AdMob. Users who decline ad personalization consent see non-personalized ads and are subject to stricter feature limits (see Terms of Service Section 4).
**Consent Management:**
– On first launch, EU/EEA users are shown a consent dialog (Google UMP — User Messaging Platform) in accordance with GDPR and the IAB Transparency & Consent Framework (TCF).
– Personalized ads are only served if the user grants consent. Non-personalized ads may be served otherwise where permitted.
– Consent can be reviewed and changed through the app’s settings.
**Data Potentially Collected by AdMob:**
– Device information (model, OS version, screen size)
– Approximate location data (for location-based ad targeting, with user consent)
– App usage data for ad performance measurement
– Advertising identifiers (may be reset in device settings)
**Important Notes:**
– AdMob data collection is governed by Google’s Privacy Policy: https://policies.google.com/privacy
– You can opt out of personalized advertising through your device settings or the in-app consent dialog
– Premium subscription removes all advertisements
– We do not receive or access any data collected by AdMob
### 3.2 In-App Purchase Processing
For premium subscriptions:
– Payment processing is handled securely by:
– Google Play Billing (Android devices)
– App Store (iOS devices)
– We do not collect, store, or process payment information
– Subscription status is verified server-side through RevenueCat (see Section 3.4); the result is cached locally on your device
– Refund requests are handled directly through the respective app stores
– Premium subscriptions provide unlimited features
– Subscription management through respective app store account settings
### 3.3 Firebase Remote Config (Currency Updates)
The app uses Firebase Remote Config to update currency exchange rates once daily:
**Data Potentially Collected by Firebase:**
– Basic device information (device model, OS version, app version)
– Network connectivity status
– Firebase installation ID (anonymous identifier)
– Basic app usage metrics for Remote Config functionality
– Geographic region (for region-specific currency updates)
**Important Notes:**
– Firebase data collection is governed by Google’s Privacy Policy: https://policies.google.com/privacy
– Data is used solely for delivering currency exchange rate updates
– No personal or financial data is transmitted to Firebase
– Firebase Remote Config operates under Google’s infrastructure security standards
– We do not receive or access any data collected by Firebase
### 3.4 RevenueCat (Purchase Verification)
The app uses RevenueCat to process and verify in-app purchases and manage subscription validity:
**Data Potentially Processed by RevenueCat:**
– Purchase tokens and product IDs (for verification only)
– Basic device information for security validation
– Subscription status and entitlement data
**Important Notes:**
– RevenueCat is used exclusively for purchase processing and verification
– We do not receive or access any financial data through RevenueCat
– Subscription status and entitlement flags (e.g., whether premium is active) are accessible through RevenueCat’s developer dashboard solely to verify premium access; this is not financial data
– No payment, billing, or transaction details are accessible to us through RevenueCat
– RevenueCat operates under enterprise-grade security standards
– All purchase verification is handled server-side for security
– Payment processing is managed through Google Play (Android) and App Store (iOS)
– RevenueCat’s data practices are governed by RevenueCat’s Privacy Policy: https://www.revenuecat.com/privacy
### 3.5 Local Notifications
– Permission is requested to send budget reminders and goal notifications
– All notifications are scheduled and delivered locally on your device
– No notification data is transmitted to external servers
– You can disable notifications at any time in your device settings
## 4. How Information is Used
### 4.1 Local Processing Only
All data processing occurs exclusively on your device:
– Budget calculations and financial analysis
– Currency conversions using stored exchange rates
– Report generation and data visualization
– Goal tracking and progress calculations
### 4.2 Third-Party Usage
– AdMob uses collected data solely for advertising purposes; we do not receive this data
– Payment processors (Google Play / App Store) use payment information only for transaction processing; we do not receive payment details
– RevenueCat: we do not receive or access any financial data; only non-financial subscription status flags (premium active/inactive) are visible to us through RevenueCat’s developer dashboard for verification purposes
– No financial data entered by the user is shared with any third party
## 5. Data Security and Protection
### 5.1 Local Storage Security
– Data is stored in a local SQLite database (SQLCipher). Database-level encryption is optional and must be enabled by the user in Settings → Database Security.
– When encryption is enabled, AES-256 is applied via SQLCipher; when disabled, the database file is stored without encryption.
– Input validation prevents malicious data entry
– Database integrity is maintained through constraints and checks
### 5.2 No External Transmission
The app transmits data over networks only in the following limited, specific cases:
– **Ad loading** (free users): data transmitted to Google AdMob servers
– **Currency exchange rate updates** (once daily): minimal device metadata transmitted to Firebase Remote Config
– **Subscription verification**: purchase tokens and entitlement data transmitted to RevenueCat servers
No financial or personal data entered by the user is ever transmitted. All other processing occurs entirely on-device.
### 5.3 Data Encryption
– **Database encryption is optional.** When enabled by the user, SQLCipher applies AES-256 encryption with PBKDF2 key derivation. When not enabled, the database is stored without encryption.
– The encryption password is stored in the device’s secure storage (iOS Keychain / Android Keystore) and never transmitted.
– Sensitive app settings (GDPR consent status, premium status) are stored in hardware-backed secure storage (FlutterSecureStorage), separate from the main database.
– Backup files can be additionally encrypted with user-provided passwords.
– No encryption keys are transmitted to external servers.
### 5.4 Data Volume and Performance Considerations
– Premium users have unlimited storage capacity for all data types
– Large datasets (millions of records) may impact app performance on older devices
– The app uses pagination to display data efficiently (10-200 items per page)
– Performance depends on device capabilities and available memory
– We recommend regular data cleanup and backup for optimal performance
– The app is optimized for personal finance tracking, not enterprise-level data processing
## 6. Data Retention and Deletion
### 6.1 Data Retention
– All data remains on your device indefinitely until you choose to delete it
– We do not retain any user data on our servers
– Data persistence is controlled entirely by you
### 6.2 Data Deletion
Your financial data is stored locally on your device and can be deleted in several ways:
**Complete Data Deletion:**
– **Uninstall the app**: This removes all app data including wallets, transactions, and settings
– **Clear app data through device settings**: Go to Settings > Apps > Budget Tracker > Storage > Clear Data
**Partial Data Deletion:**
– **Delete individual wallets**: Access each wallet from the main screen and use the delete option
– **Delete transactions**: Go to each transaction screen and remove individual entries
– **Delete goals**: Access the goals section and remove individual financial goals
**Important Notes:**
– Deleted data cannot be recovered
– We recommend exporting important data before deletion
– Data deletion occurs immediately and locally on your device
### 6.3 Backup and Data Export
– **Local Backup Only**: The app provides export functionality to create backup files stored in the app’s private folder
– **No Cloud Backup**: No data is backed up to external servers or cloud services
– **User Responsibility**: You are solely responsible for backing up your financial data
– **Save Formats**: Data can be saved as encrypted files with user-provided passwords
– **Import Functionality**: Backup files can be imported to restore data, which replaces all existing data
– **Data Security**: Exported files remain on your device and are not transmitted to external services
## 7. International Data Transfers
The app may transmit minimal data to third-party services located outside your country:
– **Firebase Remote Config**: Data may be transferred to Google’s servers for currency update functionality
– **Google AdMob**: Advertising data may be transferred to Google’s servers when using the free version
– **App Store Services**: Payment data may be transferred to Apple/Google servers for in-app purchases
These transfers are governed by the respective third parties’ privacy policies and are necessary for app functionality. We do not control these transfers or have access to the transferred data.
## 8. Children’s Privacy
Budget Tracker is not intended for children under 13 years old.
The app does not collect, store, or transmit any personal information from any user, including children.
Since no personal data is collected or sent to our servers, there is no personal information to delete or process.
Parents or guardians should supervise children’s use of the app.
The app is designed for personal use only and does not target or appeal to children.
## 9. Your Rights and Choices
### 9.1 Data Access and Control
– You have complete control over all data entered into the app
– You can view, modify, or delete your data at any time
– No third party can access your financial information
### 9.2 Advertising Choices
– **In-app consent dialog:** EU/EEA users can manage ad personalization consent through the Google UMP dialog shown at first launch. This consent can be revisited in the app’s settings.
– **Device settings:** Opt out of personalized ads through your device’s ad settings (Android: Settings → Privacy → Ads; iOS: Settings → Privacy → Tracking)
– **Upgrade to premium:** Removes all advertisements entirely
– Control notification permissions in device settings
### 9.3 App Permissions
You can manage app permissions through your device settings:
– Notification permissions
– Storage permissions (for backups)
– Network permissions (for ads)
## 10. Third-Party Services and Links
### 10.1 Third-Party Services
Our app may integrate with or link to third-party services:
– AdMob for advertising
– App stores for in-app purchases
– Currency exchange rate providers (data stored locally)
### 10.2 Third-Party Links
– The app may contain links to third-party websites
– We are not responsible for the privacy practices of these third parties
– We encourage you to review their privacy policies
## 11. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. We may update this Privacy Policy periodically due to:
– Changes in our app functionality
– Updates to legal requirements and regulations
– Improvements to our privacy practices
– New features or services
– Changes in third-party services we use
**Notification of Changes:**
– Updates will be posted within the app
– The “Last Updated” date will be revised
– Significant changes may be communicated via in-app notifications
– We recommend reviewing this policy periodically
**Your Rights:**
– You can stop using the app if you do not agree with the updated policy
– Continued use of the app after changes constitutes acceptance of the updated policy
– We reserve the right to modify these terms without prior individual notice
Your continued use of the app after changes constitutes acceptance of the updated policy.
## 12. Contact Information
If you have questions about this Privacy Policy or our privacy practices:
**Budget Tracker Support**
– Email: chnbzkrthelp@gmail.com
– Support: chnbzkrthelp@gmail.com
– App Store: Search for “Budget Tracker”
We will respond to your inquiries within 30 days.
## 13. Compliance and Legal Framework
This app complies with applicable privacy laws and regulations:
### 13.1 GDPR (General Data Protection Regulation)
– As a data controller, we ensure minimal data processing
– Privacy by design principles are implemented: all financial data remains on-device and is never transmitted to our servers
– **Legal basis for third-party data processing:** For EU/EEA users, the legal basis for data processed by AdMob and Firebase is **user consent**, obtained through the Google UMP (User Messaging Platform) consent dialog in accordance with the IAB Transparency & Consent Framework (TCF). RevenueCat processes only purchase tokens necessary to fulfill the subscription contract (legal basis: performance of contract).
– **Data subject rights under GDPR:**
– Right of access: All your data is stored locally on your device and is directly accessible to you at all times
– Right to rectification: You can edit or correct any data directly within the app
– Right to erasure: You can delete all data by clearing app data or uninstalling the app
– Right to data portability: You can export your data using the app’s built-in backup/export feature
– Right to withdraw consent: You can withdraw ad consent at any time through the app’s consent settings
– Right to object to processing: You can decline ad personalization at any time
– Since we do not store personal data on our servers, no data deletion request to us is necessary or possible
### 13.2 CCPA (California Consumer Privacy Act)
– No sale of personal information
– No sharing of personal information
– Right to delete is fully supported
### 13.3 App Store Guidelines
– Apple App Store Review Guidelines compliance
– Transparent permission usage
– Clear privacy disclosures
### 13.4 Google Play Policies
– Google Play Developer Program Policies compliance
– Data safety requirements met
– Transparent data practices
## 14. App Permissions and Justification
### 14.1 Android Permissions
**Network Permissions:**
– `android.permission.INTERNET`: Required for loading advertisements and Firebase Remote Config currency updates
– `android.permission.ACCESS_NETWORK_STATE`: Required to check network connectivity for ads and currency updates
**Notification Permissions:**
– `android.permission.POST_NOTIFICATIONS`: Required for budget reminders and goal notifications (Android 13+)
– `android.permission.RECEIVE_BOOT_COMPLETED`: Required to reschedule notifications after device restart
– `android.permission.SCHEDULE_EXACT_ALARM`: Required for precise notification scheduling on Android 12+ (requires user permission)
– `android.permission.USE_EXACT_ALARM`: Required for exact alarm scheduling for specific notification use cases
– `android.permission.VIBRATE`: Required for notification alerts
– `android.permission.WAKE_LOCK`: Required to ensure notifications are delivered
**Billing Permissions:**
– `com.android.vending.BILLING`: Required for in-app purchase processing through Google Play
**Camera Permission:**
– `android.permission.CAMERA`: Required for taking photos to attach to transactions
**Storage Permissions:**
– `android.permission.READ_EXTERNAL_STORAGE`: Required for importing backup files (API 32 and below)
– `android.permission.WRITE_EXTERNAL_STORAGE`: Required for exporting backup files (API 32 and below)
– `android.permission.READ_MEDIA_IMAGES`: Required for accessing photos from gallery (Android 13+)
### 14.2 iOS Permissions
**Required Permissions:**
– **Notifications** (`NSUserNotificationsUsageDescription`): Required for budget reminders and financial goal notifications
– **Camera** (`NSCameraUsageDescription`): Required for taking photos to attach to transactions
– **Photo Library Read** (`NSPhotoLibraryUsageDescription`): Required for accessing photos from the gallery to attach to transactions or export reports
– **Photo Library Write** (`NSPhotoLibraryAddUsageDescription`): Required for saving budget reports to the photo gallery
– **In-App Purchase**: Required for premium subscription processing
– **File Sharing** (`LSSupportsOpeningDocumentsInPlace`, `UIFileSharingEnabled`, `UISupportsDocumentBrowser`): Required for backup file access and document-based file management
– **Background Modes** (`UIBackgroundModes` with `fetch`, `remote-notification`, and `processing`): Required for notification scheduling, delivery, and background task processing
## 15. Data Safety (Google Play Requirements)
In accordance with Google Play’s Data Safety section requirements:
– **Data Collection**: Minimal data collected by third parties (AdMob and Firebase Remote Config) for app functionality
– **Data Sharing**: No data shared with third parties by us
– **Data Security**: Database encryption is optional. When enabled by the user in Settings → Database Security, AES-256 encryption (via SQLCipher) is applied. When not enabled, the database is stored locally without encryption.
– **Children Privacy**: App not directed at children under 13
– **Advertising**: AdMob may collect data for advertising purposes
– **Analytics**: No analytics data is collected by the app
## 16. Governing Law and Dispute Resolution
This Privacy Policy is governed by the laws of Turkey. Disputes must first be reported to chnbzkrthelp@gmail.com. Unresolved disputes are subject to exclusive jurisdiction of Turkish courts, conducted in Turkish language.
**Notwithstanding the above**, for users located in the European Economic Area (EEA) or United Kingdom, the applicable EU/UK data protection laws — including the General Data Protection Regulation (GDPR) and the UK GDPR — apply in addition to Turkish law. To the extent of any conflict between Turkish law and GDPR/UK GDPR, the applicable EU/UK data protection legislation shall prevail with respect to the processing of personal data of EEA/UK residents.
## 17. Severability
If any provision of this Privacy Policy is found to be unenforceable, the remaining provisions will remain in full force and effect.
## 18. Entire Agreement
This Privacy Policy constitutes the entire agreement between you and Budget Tracker regarding the collection and use of information.
—
**Budget Tracker is committed to protecting your privacy. Your financial data stays on your device, giving you complete control and security.**
By using Budget Tracker, you acknowledge that you have read and understood this Privacy Policy.