Privacy Policy for ExpenseFlow

This Privacy Policy is specific to the ExpenseFlow mobile application and supersedes the general QuantumCreations privacy policy where the two differ. For privacy practices that aren't ExpenseFlow-specific (e.g. the QuantumCreations website itself, marketing pages, or other apps from us), please see the parent privacy policy.

It explains how QuantumCreations ("we", "us", "our") collects, uses, stores, shares, and protects your information when you use the ExpenseFlow mobile application and related services (collectively, the "Service"). It applies to the Android app published as in.quantumcreations.expenseflow.

We designed ExpenseFlow to be privacy-respecting by default. We collect the minimum data needed to make the app work, we never sell your data, and we give you tools to export and delete everything any time.

If you have questions about this policy, contact us at Quantumcreations.in@gmail.com.

1. Who we are

For users in the European Economic Area (EEA), United Kingdom, California (USA), or India, we are the controller of your personal data under the GDPR, UK GDPR, CCPA/CPRA, and DPDPA respectively.

2. What data we collect

2.1 Account data (when you sign in)

• Email address
• Display name (from Google/Apple Sign-In if used, otherwise the local-part of your email)
• Profile photo URL (if you sign in with Google or Apple — we link to it, we do not copy it)
• Authentication provider used (Google, Apple, or email/password)
• Push notification token, if notifications are enabled

2.2 Financial data you enter

• Expense entries: amount, currency, description, category, subcategory, date, optional notes
• Income amount and savings goals you configure during onboarding
• Categories you create or customize
• Sinking funds (savings goals) you set up
• Group memberships and any expenses you share with group members

We never collect or have access to:

• Bank account numbers
• Credit/debit card numbers, CVV, PIN
• UPI IDs, bank login credentials, OTPs
• Tax identification numbers (PAN, Social Security, etc.)
• Identity documents
• GPS location, contacts, call logs, SMS, or advertising ID

If you import a bank statement (PDF or CSV), the parsing happens on your device — the raw file is never uploaded. Only the extracted transaction descriptions and amounts are saved.

2.3 Usage, device, and diagnostics

• App version, OS version, and device model when needed for compatibility, security, support, and push delivery
• Basic in-app counters stored locally or in your account, such as expense count and AI Coach quota usage
• Crash or diagnostic logs only if we enable a crash-reporting service in a future release or you share logs with support

We do not use a third-party behavioral analytics SDK for the v1.0 India launch.

2.4 AI interaction data (Pro users only)

• Prompts you send to the AI Coach
• Responses returned by the AI
• Token count, model used, and quota counters (for cost tracking and abuse prevention)

We use Google Gemini as our AI provider. For AI features, we send only the minimum context needed for the specific request, such as your question, income, monthly spend, safe-to-spend amount, and top category totals. Raw imported bank statement files and full transaction history are not sent to Gemini. Server AI logs store token/cost metadata with prompt and response bodies redacted wherever our backend logging is used.

2.5 Advertising data

• Ads are disabled for the v1.0 India launch. The app does not request the Android Advertising ID permission and does not initialize AdMob while this launch flag is off.

2.6 Data we do not collect

ExpenseFlow does not collect precise location, background location, contacts, SMS, call logs, calendar events, health data, or advertising ID in the v1.0 India launch.

3. How we collect data

We do not collect data from third-party data brokers, social media scraping, or hidden tracking SDKs.

4. Why we use your data (legal bases)

We rely on legitimate interest only for purposes that we have weighed against your reasonable expectations. You can object to legitimate-interest processing at any time using the contacts in §11.

5. Who we share data with

We share only the minimum with these processors, each bound by a Data Processing Agreement:

We do not sell or rent personal data. We do not engage in cross-context behavioral advertising.

If you are part of a shared group within the app (family, roommates, trip), other members of that group can see the expenses you share with the group, your display name, and your share/balance amounts. They cannot see your personal expenses outside the group.

6. International transfers

Your data is stored on servers operated by Supabase. Depending on your project region, this may be in the United States, the European Union, or the Asia-Pacific region. When data leaves your region of residence, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission for EEA → US transfers
• UK International Data Transfer Agreement for UK → US transfers
• Adequacy decisions where applicable
• Your consent as a fallback where no other safeguard applies

You can request the SCCs we have in place by emailing Quantumcreations.in@gmail.com.

7. How long we keep your data

You can delete individual expenses, categories, or your entire account at any time in More → Profile & Account → Delete Account, or request deletion at https://quantumcreations.in/expenseflow/delete_account. Deletion is permanent. We acknowledge email deletion requests within 72 hours, usually process verified deletion requests within 7 working days, and backup copies expire within 30 days after deletion.

8. How we secure your data

• Encryption in transit: TLS 1.2+ for all client-server traffic
• Encryption at rest: AES-256 on Supabase infrastructure
• Local device encryption: financial Hive boxes are encrypted on device, with the encryption key stored using Android Keystore-backed secure storage where supported.
• Access control: Row Level Security scopes database queries to the authenticated user. Administrative access is limited to trusted operators for security, support, compliance, and incident response.
• Biometric lock: optional in-app lock with fingerprint/Face ID
• AI minimization: AI prompts use minimized financial context, and the AI Coach has daily/monthly quota controls.

ExpenseFlow is not end-to-end encrypted. Your data is encrypted in transit, encrypted at rest, and access-controlled, but our server-side systems and trusted infrastructure providers process readable data when needed for sync, family sharing, AI features, support, security, and legal compliance.

In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours, in line with GDPR Art. 33–34 and DPDPA equivalents.

9. Your rights

Wherever you live, you have these rights over your personal data:

Additional rights for specific regions:

• California (CCPA/CPRA): right to know, right to delete, right to correct, right to opt out of "sale/sharing" (we do neither), right to limit use of sensitive personal information, right against discrimination
• EEA / UK (GDPR): right to lodge a complaint with your supervisory authority
• India (DPDPA): right to nominate, right to grievance redressal — our grievance contact is Quantumcreations.in@gmail.com with a 30-day response SLA
• Brazil (LGPD): right to anonymization, blocking, or deletion of unnecessary or excessive data

We acknowledge privacy and grievance requests within 72 hours and respond to verified rights requests within 30 calendar days (sometimes extended to 60 days for complex requests, with notice). Verified account deletion requests are usually completed within 7 working days, with backup copies expiring within 30 days after deletion.

10. Children

ExpenseFlow is not intended for children under 13 (under 16 in the EEA, under 18 in India for non-essential processing). We do not knowingly collect data from children. If you believe a child has registered, contact us and we will delete the account.

11. Contact us

• General privacy questions: Quantumcreations.in@gmail.com
• Grievance contact (India, DPDPA): Quantumcreations.in@gmail.com
• Postal address: QuantumCreations, [your registered address], India

For California residents, you may designate an authorized agent to make CCPA requests on your behalf. We will verify their authority before responding.

12. Changes to this policy

We may update this policy as the Service evolves or laws change. When we do, we will:

1. Update the "Last updated" date at the top
2. Show an in-app banner for material changes
3. Email you at least 30 days in advance for material changes affecting your rights
4. Keep prior versions accessible at https://quantumcreations.in/privacy/expenseflow/archive

Continued use of the Service after a change means you accept the updated policy. If you don't agree, you can delete your account before the effective date.

13. Supervisory authorities

If you believe we have violated your rights, you can complain to:

• EEA: your local Data Protection Authority (list)
• UK: Information Commissioner's Office (ICO) — ico.org.uk
• California: California Privacy Protection Agency — cppa.ca.gov
• India: Data Protection Board (once constituted under DPDPA)
• Brazil: ANPD — gov.br/anpd

We would, of course, prefer the chance to resolve your concern first — please reach out to Quantumcreations.in@gmail.com before escalating.

This policy was drafted in plain English and is the authoritative version. If you read a translation, the English version controls in the event of any discrepancy.