Permanent URL: quantumcreations.in/privacy/expenseflow
Parent / umbrella policy: quantumcreations.in/privacy (See the parent page for our website's general privacy practices and policies for our other apps.)
This Privacy Policy is specific to the ExpenseFlow mobile application and supersedes the general QuantumCreations privacy policy where the two differ. For privacy practices that aren't ExpenseFlow-specific (e.g. the QuantumCreations website itself, marketing pages, or other apps from us), please see the parent privacy policy.
It explains how QuantumCreations ("we", "us", "our") collects, uses, stores, shares, and protects your information when you use the ExpenseFlow mobile application and related services (collectively, the "Service"). It applies to the Android app published as in.quantumcreations.expenseflow and to the ExpenseFlow iOS app distributed through the Apple App Store or TestFlight.
We designed ExpenseFlow to be privacy-respecting by default. We collect the minimum data needed to make the app work, we never sell your data, and we give you tools to export and delete everything any time. Free plan users may see ads through Google AdMob; Premium users receive an ad-free experience.
If you have questions about this policy, contact us at Quantumcreations.in@gmail.com.
| Data controller | QuantumCreations |
| Registered jurisdiction | India |
| Website | quantumcreations.in |
| Privacy contact | Quantumcreations.in@gmail.com |
| Grievance contact | Quantumcreations.in@gmail.com |
For users in the European Economic Area (EEA), United Kingdom, California (USA), or India, we are the controller of your personal data under the GDPR, UK GDPR, CCPA/CPRA, and DPDPA respectively.
We never collect or have access to:
If you import a bank statement (PDF or CSV), parsing happens on your device by default — the file and its contents stay on your phone. If the on-device parser cannot read a particular statement, we ask for your explicit permission before sending the statement text to our AI provider (Google Gemini) to extract the transactions; if you decline, nothing leaves your device. Statement text sent for AI extraction is used only to pull out transactions and is not stored after processing. Only the extracted transaction descriptions and amounts are saved to your account.
We do not use a separate third-party behavioral analytics SDK for general product analytics. When ads are enabled, the Google Mobile Ads SDK may still process app and ad interaction data for ad delivery, measurement, fraud prevention, security, and compliance.
We use Google Gemini as our AI provider. For AI features, we send only the minimum context needed for the specific request, such as your question, income, monthly spend, safe-to-spend amount, and top category totals. By default, imported bank statements are parsed on your device and not sent to Gemini; if the on-device parser cannot read a statement, its text is sent to Gemini only after you explicitly opt in, and only to extract the transactions. Your full transaction history is never sent. Server AI logs store token/cost metadata with prompt and response bodies redacted wherever our backend logging is used.
ExpenseFlow does not collect precise location, background location, contacts, SMS, call logs, calendar events, health data, bank credentials, card numbers, UPI credentials, OTPs, or raw imported bank statement files. Advertising identifiers may be used only in ad-enabled builds and only for ad delivery, measurement, fraud prevention, security, and compliance.
| Source | What we get |
|---|---|
| Directly from you | Everything you type into the app: expenses, categories, income, goals |
| Authentication providers (Google, Apple) | Email, name, profile photo URL (only with your consent during sign-in) |
| Your device | App version, OS version, push token if enabled, local app settings |
| Bank statements you import | Transaction text and amounts, parsed on your device by default; if a statement can't be read locally, its text is sent to our AI provider (Gemini) to extract transactions only after you explicitly opt in |
We do not collect data from third-party data brokers, social media scraping, or hidden tracking SDKs.
| Purpose | Legal basis (GDPR / UK GDPR) | Equivalent under CCPA / DPDPA |
|---|---|---|
| Provide the Service (sync expenses across devices, run AI categorization, render dashboards) | Performance of contract (Art. 6(1)(b)) | Necessary to provide the Service |
| Maintain account security, prevent abuse | Legitimate interest (Art. 6(1)(f)) | Security |
| Improve the app (local usage counters and support diagnostics) | Legitimate interest (Art. 6(1)(f)) | Improvement, with right to opt out where applicable |
| Personalize features for Pro users | Performance of contract | Necessary to provide the Service |
| Send service notifications (subscription expiring, security alerts) | Performance of contract | Necessary to provide the Service |
| Marketing emails | Consent (Art. 6(1)(a)) | Opt-in only |
| Comply with law | Legal obligation (Art. 6(1)(c)) | Compliance |
| Show ads on the Free plan, measure ad performance, limit repeated ads, and prevent invalid ad activity | Consent where required; legitimate interest or performance of contract where permitted | Advertising/marketing with opt-out rights where applicable |
We rely on legitimate interest only for purposes that we have weighed against your reasonable expectations. You can object to legitimate-interest processing at any time using the contacts in §11.
We share only the minimum with these processors, each bound by a Data Processing Agreement:
| Processor | Purpose | Location | Data shared |
|---|---|---|---|
| Supabase Inc. | Database hosting, authentication, real-time sync | USA, with EU/AP regions for our project | All app data |
| Google Cloud (Gemini API) | AI categorization, Smart Insights, Forecast, and AI Coach responses (Pro only) | USA, EU, AP | Prompt content + minimal financial context |
| Google Firebase Cloud Messaging | Push notifications | Global | Device push token and notification delivery metadata |
| Google Play Billing / Apple In-App Purchase | Android and iOS subscription purchase processing | Global | Purchase and subscription data handled by the relevant app store |
| Google AdMob | Ads for Free plan users, ad measurement, frequency capping, fraud prevention, security, and compliance | Global | Advertising ID where available, app set ID, IP address, device/account identifiers, app and ad interactions, diagnostics, and approximate region inferred from IP address |
| Google User Messaging Platform (UMP) | Consent and privacy-choice management for ads | Global | Consent status, region signals, device information, and related privacy-choice metadata |
| RevenueCat Inc. | Subscription management | USA | Pseudonymous user ID + subscription state |
We do not sell or rent personal data. We do not share your financial entries, income, savings goals, coach messages, or imported statement files with ad networks. Where privacy laws treat personalized advertising as "sharing," "targeted advertising," or similar, you can opt out through the in-app privacy options where available and through your device advertising settings.
If you are part of a shared group within the app (family, roommates, trip), other members of that group can see the expenses you share with the group, your display name, and your share/balance amounts. They cannot see your personal expenses outside the group.
Your data is stored on servers operated by Supabase. Depending on your project region, this may be in the United States, the European Union, or the Asia-Pacific region. When data leaves your region of residence, we rely on:
You can request the SCCs we have in place by emailing Quantumcreations.in@gmail.com.
| Data | Retention |
|---|---|
| Your account and financial data | Until you delete it or request account deletion. Verified deletion requests are usually processed within 7 working days; backup copies expire within 30 days after deletion. |
| AI prompts/responses | Processed to answer your request. The primary Edge Function does not store prompt/response bodies; backend fallback chat sessions, if used, remain until account deletion unless removed earlier. |
| AI token/cost/quota metadata | Up to 24 months |
| Crash reports | 30 days if crash reporting is enabled in a future release |
| Ad request, ad interaction, and consent metadata | Handled by Google AdMob/UMP according to Google's policies. ExpenseFlow does not store your advertising ID in its own database. |
| Subscription receipts | 7 years (tax law requirement) |
| Local/anonymized usage counters | 24 months |
You can delete individual expenses, categories, or your entire account at any time in More → Profile & Account → Delete Account, or request deletion at https://quantumcreations.in/expenseflow/delete_account. Deletion is permanent. We acknowledge email deletion requests within 72 hours, usually process verified deletion requests within 7 working days, and backup copies expire within 30 days after deletion.
ExpenseFlow is not end-to-end encrypted. Your data is encrypted in transit, encrypted at rest, and access-controlled, but our server-side systems and trusted infrastructure providers process readable data when needed for sync, family sharing, AI features, support, security, and legal compliance.
In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours, in line with GDPR Art. 33–34 and DPDPA equivalents.
Wherever you live, you have these rights over your personal data:
| Right | What it means | How to exercise |
|---|---|---|
| Access | Get a copy of all data we hold about you | More → Export CSV, or email Quantumcreations.in@gmail.com |
| Correction | Fix inaccurate data | Edit in-app, or email Quantumcreations.in@gmail.com |
| Deletion | Erase your account and data | More → Profile & Account → Delete Account |
| Portability | Get your data in a machine-readable format (CSV) | More → Export CSV |
| Restriction | Pause processing in specific cases | Email Quantumcreations.in@gmail.com |
| Objection | Object to processing based on legitimate interest | Email Quantumcreations.in@gmail.com |
| Withdraw consent | For processing that relies on consent | Toggles in Settings, ad privacy options where available, Android Advertising ID settings, iOS tracking settings, or email Quantumcreations.in@gmail.com |
Additional rights for specific regions:
We acknowledge privacy and grievance requests within 72 hours and respond to verified rights requests within 30 calendar days (sometimes extended to 60 days for complex requests, with notice). Verified account deletion requests are usually completed within 7 working days, with backup copies expiring within 30 days after deletion.
ExpenseFlow is not intended for children under 13 (under 16 in the EEA, under 18 in India for non-essential processing). We do not knowingly collect data from children. If you believe a child has registered, contact us and we will delete the account.
For California residents, you may designate an authorized agent to make CCPA requests on your behalf. We will verify their authority before responding.
We may update this policy as the Service evolves or laws change. When we do, we will:
Continued use of the Service after a change means you accept the updated policy. If you don't agree, you can delete your account before the effective date.
If you believe we have violated your rights, you can complain to:
We would, of course, prefer the chance to resolve your concern first — please reach out to Quantumcreations.in@gmail.com before escalating.
This policy was drafted in plain English and is the authoritative version. If you read a translation, the English version controls in the event of any discrepancy.