Summary: We collect only the data necessary to provide our budget tracking service.
Your financial data is encrypted and never sold to third parties.
1. Data Controller
The controller of your personal data is:
MICODE Sp. z o.o.
ul. Jana Heweliusza 11/811
80-890 Gdańsk, Poland
NIP: 5833510147
KRS: 0001108050
REGON: 528740633
Email: perevertkinma@gmail.com
2. Data We Collect
2.1 Account Data
Email address (required for account creation)
Name (optional, for personalization)
Password (stored encrypted)
Timezone and currency preferences
2.2 Financial Data
Expenses and income records you create
Budget configurations
Categories and tags
Investment portfolio data (if used)
2.3 Technical Data
Device type and operating system
App version
Crash reports and error logs
Usage analytics (anonymized)
2.4 Payment Data
Payment processing is handled by Stripe. We do not store your credit card details.
We only receive confirmation of successful payments and subscription status.
3. How We Use Your Data
Purpose
Legal Basis (GDPR)
Provide the budget tracking service
Contract performance (Art. 6(1)(b))
Process payments
Contract performance (Art. 6(1)(b))
Send service notifications
Contract performance (Art. 6(1)(b))
Improve the app and fix bugs
Legitimate interest (Art. 6(1)(f))
Send marketing emails
Consent (Art. 6(1)(a))
Comply with legal obligations
Legal obligation (Art. 6(1)(c))
4. Data Sharing
We share your data only with:
Stripe - payment processing
Google Cloud / AWS - hosting infrastructure
Firebase - push notifications
OpenAI - AI features (expense descriptions only, no personal data)
We do NOT sell your personal data to advertisers or data brokers.
5. Data Retention
Active accounts: Data retained while account is active
Deleted accounts: Data deleted within 30 days of account deletion request
Backups: Removed from backups within 90 days
Legal requirements: Invoice data retained for 5 years (Polish tax law)
6. Your Rights (GDPR)
As an EU resident, you have the right to:
Access - Request a copy of your data
Rectification - Correct inaccurate data
Erasure - Request deletion of your data ("right to be forgotten")
Portability - Export your data in a machine-readable format
Restriction - Limit how we process your data
Object - Object to processing based on legitimate interest
Withdraw consent - For processing based on consent
To exercise these rights, contact us at perevertkinma@gmail.com.
We will respond within 30 days.
7. Data Security
All data encrypted in transit (TLS 1.3)
Database encryption at rest
Passwords hashed using bcrypt
Regular security audits
Two-factor authentication available
8. International Transfers
Your data may be processed in countries outside the EEA. We ensure adequate protection through:
EU Standard Contractual Clauses
Adequacy decisions where applicable
9. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this policy. Significant changes will be notified via email or in-app notification.