App Identity

Money IO (the 'App') is developed by Shohidul Islam (contact: hridoy.jurain@gmail.com) This Privacy Policy describes how we collect, use, and protect your information when you use the App.

Permissions and Access

The App may request permission to access your Google Drive account for optional cloud backup and sync functionality. This permission is only requested if you choose to enable Google Drive sync, and you can revoke this access at any time through your Google account settings or by disabling sync in the App settings.

Google User Data Policy

If you choose to use Google Drive backup functionality, the App accesses certain Google user data through Google OAuth. This section describes how we access, use, store, and protect your Google user data in compliance with the Google API Services User Data Policy.

Data Accessed

The App accesses the following types of Google user data through the Google OAuth API:

• Profile information: Your Google account name, profile picture, and basic profile information (accessed via the 'profile' scope)
• Email address: Your Google account email address (accessed via the 'email' scope)
• Google Drive files: Limited access to create, read, update, and delete files in a dedicated app folder in your Google Drive (accessed via the 'https://www.googleapis.com/auth/drive.file' scope)

Data Usage

The App uses your Google user data exclusively for the following purposes:

• User authentication: We use your Google profile information (name, email, picture) to authenticate you and personalize your app experience
• Cloud backup: We use Google Drive file access to store backup files of your financial data in a dedicated app folder, allowing you to restore your data across devices. Backup files are stored in JSON format and are not encrypted
• Data synchronization: We use Google Drive to synchronize your backup files, enabling seamless data restoration when switching devices or after app reinstallation

Data Sharing

We do not share your Google user data with any third parties except as necessary to provide the authentication and backup services:

• Supabase (OAuth provider): We use Supabase as our OAuth authentication provider to securely facilitate Google sign-in. Supabase receives your Google authentication tokens only to enable OAuth functionality. Supabase does not access, store, or process your Google user data beyond what is necessary for authentication. You can review Supabase's privacy policy at https://supabase.com/privacy
• No other sharing: We do not sell, rent, or share your Google user data with advertisers, analytics providers, or any other third parties for any other purpose

Data Storage & Protection

We store and protect your Google user data as follows:

• Local storage: Google OAuth access tokens and refresh tokens are stored locally on your device in IndexedDB. These tokens are used only to access Google Drive for backup functionality
• Supabase authentication: Basic authentication information (user ID, email) is stored in Supabase's secure authentication system to enable OAuth sign-in functionality. This is standard OAuth authentication data and does not include your Google Drive files or financial data
• Google Drive: Backup files containing your financial data are stored in your Google Drive in a dedicated app folder. These backup files are stored in JSON format and are not encrypted. Google Drive's own security measures apply to these files as they are stored on Google's servers
• Security measures: We implement industry-standard security practices including secure token storage and encrypted data transmission (HTTPS). Your financial data is stored locally in plain JSON format within IndexedDB for app functionality. No sensitive authentication data (e.g., passwords or tokens) are stored unencrypted. Access tokens are automatically refreshed using secure refresh tokens to minimize security exposure. We never store your Google account password

Data Retention & Deletion

We retain your Google user data as follows:

• Retention period: Google OAuth tokens are retained on your device and in Supabase's authentication system for as long as you have Google Drive sync enabled in the App. Backup files in your Google Drive are retained until you delete them
• Deletion process: You can delete your Google user data at any time by: (1) Disabling Google Drive sync in the App settings, which removes locally stored tokens; (2) Signing out from Google in the App, which revokes access tokens; (3) Deleting backup files directly from your Google Drive folder; (4) Revoking App access in your Google Account settings at https://myaccount.google.com/permissions. Upon deletion, all Google user data is removed from our systems within 30 days, except for backup files in your Google Drive, which you must delete manually
• Immediate revocation: You can immediately revoke the App's access to your Google account at any time through your Google Account settings (https://myaccount.google.com/permissions). This will immediately prevent the App from accessing your Google user data

Data Collection

We collect and store the following information to provide our money management services:

• Transaction details (amount, date, category, memo, and optional images)
• Custom categories and budget settings
• Budget history and preferences

Data Storage

Your data is stored in the following ways:

• Locally on your device using IndexedDB
• Optionally in your Google Drive account if you enable sync

Data Access

Your financial data is private and only accessible by you. We do not have access to your financial information. Your data is not shared with third parties except as described in the AI Features and Analytics sections below.

Data Deletion

You can delete all your data at any time through the app settings. This will remove all information from both local storage and Google Drive if sync is enabled. Note that deleting data from the app does not automatically delete data from third-party AI services if you have used AI features.

Analytics and Usage Tracking

We use Firebase Analytics to understand how the app is used and improve our services. Analytics collects anonymous usage data including:

• User actions and feature usage
• Device type, platform, and screen dimensions
• App performance and error tracking
• Session duration and page views

Analytics does not collect personally identifiable information (PII) or your financial data. All analytics data is anonymized and aggregated.

Anonymous analytics data may be processed by Google's Firebase Analytics servers to generate usage reports.

AI Features and Third-Party Services

If you choose to use AI features (categorization, insights, recommendations), the app supports integration with third-party AI providers:

• Google Gemini
• OpenAI
• Anthropic Claude

When you use AI features, your transaction data (amounts, categories, memos) may be sent to your chosen AI provider to generate insights. You provide your own API keys for these services. Your API keys are encrypted and stored securely. We do not access or store your API keys in plain text. The AI providers' privacy policies apply to data sent to their services. You can disable AI features at any time in the app settings.

Once data is sent to an AI provider (Google, OpenAI, Anthropic), deletion of that data is governed by the provider's own privacy policy. We do not retain control over data sent to AI providers once the request has been transmitted.

Third-Party Services

The app uses the following third-party services:

• Firebase Analytics: For anonymous usage analytics (optional, can be disabled)
• Supabase: For secure user authentication (no financial data stored)
• Google Drive: For optional cloud backup (only if you enable sync)
• AI Providers (Google, OpenAI, Anthropic): Only if you choose to use AI features with your own API keys

Children's Privacy

The App is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will promptly delete it.

Contact Us

If you have any questions about this privacy policy, please contact us through our support page.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will update the 'Last Updated' date at the bottom of this policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.