Privacy Policy
SpendEasy — Last Updated: May 1, 2026 (v1.0.18)
Summary: SpendEasy stores your financial data primarily on your device.
We only collect your email address for authentication. Cloud backup is optional and stored securely
in your own Google Drive account. All spending analysis is performed locally — your financial data never leaves your device.
1. Information We Collect
a) Account Information
- Email address — Used for account creation and authentication via Firebase Authentication.
- Display name — Retrieved from Google Sign-In, displayed within the app.
b) Financial Data
- Expenses, income, budgets, loans, bills, savings goals, categories, bank accounts, and transfers you create.
- Recurring expenses and subscriptions you schedule (including optional "subscription" flag for services like Netflix/Spotify).
- Multi-account data including account names, types, balances, and currencies.
- Optional receipt photos you attach to expenses — stored as local files on your device only.
- Physical assets you choose to track (gold, silver, real estate, stocks, and other) with quantity, unit, purity, purchase price, and optional current market value — stored locally.
- Zakat settings such as your chosen Nisab method (gold / silver / lower), the gold and silver spot prices you enter, and an optional personal Zakat anniversary date — stored locally.
- This data is stored locally on your device in a SQLite database inside the app's private storage area, isolated from other apps by Android's app-sandbox. SpendEasy does not add an additional encryption layer on top of the database file. For additional protection, you can enable PIN + biometric app lock from Settings.
- This data is never sent to our servers.
c) Cloud Backup Data (Optional)
- If you connect Google Drive, your financial data may be backed up to a hidden app-specific folder (Drive's
appDataFolder scope) in your own Google Drive.
- This folder is only accessible by the SpendEasy app on a device signed in to your Google account — it is not visible in the Google Drive UI.
- The backup is a single JSON file. If you have receipts attached to expenses and have enabled receipt cloud backup, those photos are embedded into the backup as base64-encoded data.
- Backups are encrypted in transit using HTTPS. Once stored in your Google Drive, they are protected by your Google account credentials and Google Drive's standard at-rest encryption. SpendEasy does not add an additional encryption layer on top of Google Drive's default security. Base64 encoding is a transport format, not encryption.
- You can delete the backup at any time from Settings, and you can also delete the file directly from
drive.google.com > Settings > Manage Apps.
d) Advertising Data
- We use Google AdMob to display advertisements to free users.
- AdMob may collect your device's Advertising ID (AD_ID), IP address, coarse location, and app-usage signals for ad selection and personalization. We declare the
com.google.android.gms.permission.AD_ID permission for this purpose, as required by Google Play on Android 13+.
- To opt out of personalised ads or reset your Advertising ID, open Android Settings > Google > All services > Ads (or Settings > Privacy > Ads on some devices). SpendEasy honours your device-level opt-out: AdMob will continue to show non-personalised ads if personalisation is disabled.
f) Crash Reports & App Stability Data
- SpendEasy uses Firebase Crashlytics (Google) to detect and diagnose crashes in production. When the app crashes or hits an unhandled error, an automatic crash report is sent to Crashlytics so we can fix it.
- The crash report contains: a Dart / Java / native stack trace, the device model and Android version, the app version, the time of the crash, and a coarse-anonymised installation identifier generated by Firebase (it is not your Google account, your email, or your advertising ID).
- The crash report does not contain your financial data, your transactions, your account names, or any information you have entered into the app. Crashlytics is configured to capture only stack traces and device metadata.
- Crash reporting is disabled in debug builds and is only active in the Play Store release. To opt out completely, you can uninstall the app or contact us to request your Crashlytics installation ID be deleted.
g) Remote Configuration
- SpendEasy uses Firebase Remote Config (Google) to fetch a small set of feature flags from Google's servers (for example, an emergency switch to turn off advertising if a third-party SDK becomes unstable).
- Remote Config is a one-way download: the app receives configuration values from Firebase. It does not upload your financial data, transactions, or account information.
- Firebase may log basic request metadata (timestamp, app version, anonymised installation identifier) on its servers in the normal course of serving the configuration. This is governed by Google's privacy policy.
h) In-App Purchases & Subscriptions
- SpendEasy offers an optional SpendEasy Premium subscription (monthly or yearly) processed by Google Play Billing.
- All payment, card, billing-address, and tax data is handled by Google, not by SpendEasy. We never see, receive, or store your card number, CVV, billing address, or charge history.
- The only thing the app receives from Google Play Billing is an entitlement signal (premium / not premium) plus an opaque purchase token used to verify ongoing subscription validity. We use this to unlock premium features in the app.
- If you redeem a promo code, the redemption happens in Google Play; SpendEasy is told only that an entitlement now exists.
- Subscription cancellation, refunds, and payment-method changes are handled entirely through your Google Play account at
play.google.com/store/account/subscriptions.
i) On-Device Receipt OCR
- Premium subscribers can scan a receipt photo to automatically pre-fill the expense amount, date, and merchant. This is powered by Google ML Kit Text Recognition, which runs entirely on your device.
- The receipt image is processed locally. Neither the photo nor the recognised text leaves your device. There is no network call, no server, and no third-party API involved in the OCR step.
- Recognised text is shown to you for editing in the standard Add Expense form before anything is saved. Nothing is auto-saved without your confirmation.
j) Year-End Summary (Wrapped) & Cashflow Forecast
- The premium Year-end summary and Cashflow forecast features are computed entirely on-device from your existing local data. No financial information is uploaded for this analysis.
- If you choose to share your year-end card via Android's share sheet, you control where it goes (Instagram, WhatsApp, email, etc.). SpendEasy does not upload the card anywhere automatically.
e) Locally Processed Data
- AI Spending Insights — All spending pattern analysis is performed entirely on your device using local algorithms. No financial data is sent to any AI service or external server.
- Financial Health Score — Calculated locally on your device from your expense, income, budget, and loan data.
- Subscription annualised cost — Computed on-device by summing active subscriptions; no data leaves the device.
- Offline currency conversion — If your device has no internet and no cached live rates (e.g. on first launch), SpendEasy falls back to a bundled exchange-rate snapshot included in the app package. These rates are static reference data, not derived from any user input or transmission.
- Zakat calculation — Computed entirely on-device from your own liquid cash, savings, physical assets, and loans. The app multiplies your Zakatable wealth by 2.5% when it exceeds the Nisab threshold. No financial data is transmitted to any server or religious authority. The result is a personal estimate only. It is not financial, tax, accounting, or religious advice. Consult a qualified Islamic scholar for fiqh questions and a qualified tax professional before relying on this number for tax-deductibility, Waqf, or estate-planning decisions.
- Financial Calendar — Read-only overlay of your own bills, subscription renewals, recurring income/expenses, and savings goal deadlines. No data is transmitted; it reads only from your local database.
- Duplicate-expense warning — When you enter a new expense, SpendEasy checks your last few recent expenses locally and warns you if it looks like a duplicate entry (same amount, category and account within 10 minutes). This check is entirely on-device; no data is sent anywhere.
- Theme preference and accent color — Stored locally as a device setting only.
2. How We Use Your Information
- Authentication: Your email is used solely to create and manage your account.
- App Functionality: Financial data is used to provide expense tracking, multi-account management, budgeting, analytics, and reporting features.
- Cloud Sync: If enabled, your data is backed up to your Google Drive for cross-device access.
- Currency Conversion: When using the currency converter or multi-currency accounts, only currency codes (e.g., "USD", "PKR") are sent to the exchange rate API — no personal or financial data is transmitted. If your device is offline and no cached rate is available, SpendEasy falls back to a bundled snapshot of rates shipped with the app; no network call is made in that case.
- Advertisements: AdMob uses device data to serve relevant ads (free tier only).
3. Data Storage & Security
- All financial data is stored locally on your device as the primary storage.
- Cloud backups are stored in your personal Google Drive (appDataFolder), not on our servers.
- Authentication is handled by Firebase Authentication (Google's secure infrastructure).
- All network communication uses HTTPS encryption.
- App lock with PIN and biometric authentication is available to protect your data.
- We do not operate any backend servers that store your data.
4. Third-Party Services
We use the following third-party services:
- Firebase Authentication (Google) — For user account management and security. Privacy Policy
- Firebase Crashlytics (Google) — For crash reporting in release builds. Sends stack traces and device metadata only; never financial data. Privacy Policy
- Firebase Remote Config (Google) — For feature flags and emergency kill-switches. App receives configuration only; no personal data is uploaded. Privacy Policy
- Google Play Billing (Google) — For processing optional Premium subscription purchases. SpendEasy receives only an entitlement signal; payment details stay with Google. Privacy Policy
- Google ML Kit Text Recognition (Google) — On-device only. Used for receipt OCR. No data leaves the device. ML Kit Terms
- Google Drive API (Google) — For optional cloud backup using the appDataFolder scope. Privacy Policy
- Google AdMob (Google) — For displaying advertisements to free users. Ad Policy
- Exchange Rate API (open.er-api.com) — For fetching real-time currency exchange rates. Only currency codes are sent (e.g., "USD"). No personal, financial, or device data is transmitted. Privacy Policy
- Historical Currency API (cdn.jsdelivr.net hosting fawazahmed0/exchange-api) — For fetching historical exchange-rate trends shown on the Charts screen. Only currency codes and dates are sent. No personal, financial, or device data is transmitted.
- Gold & Silver Spot Price APIs (gold-api.com, CoinGecko, Yahoo Finance, Stooq) — For fetching live and historical spot prices used in Net Worth, Assets, Zakat calculations, and the Trends chart. Only the metal symbol (e.g., "XAU" for gold, "XAG" for silver, "GC=F"/"SI=F" for futures) and date ranges are sent. No personal, financial, or device data is transmitted. Live prices come from gold-api.com with CoinGecko as regional fallback. Historical prices come from Yahoo Finance with Stooq as fallback.
5. Permissions
- Internet — Required for authentication, cloud backup, currency exchange rates, gold/silver spot prices, and advertisements.
- Camera — Used for capturing receipt photos (only when you choose to).
- Notifications — Used for bill payment reminders and monthly financial summaries (optional).
- Biometric — Used for app lock with fingerprint or face authentication (optional).
- Storage — Used for local backup export/import, CSV export files, and receipt photo storage.
- AD_ID — Used by Google AdMob for ad personalization (Android 13+).
All permissions are requested only when needed and can be revoked in your device settings.
Home Screen Widget and Launcher Shortcuts
SpendEasy offers an optional Android home-screen widget that displays your current month's spending and income totals, plus a one-tap "Add Expense" button. It also registers long-press app-icon shortcuts (Add Expense, Add Income, Add Bill). These features:
- Display or act on the same on-device data already used inside the app.
- Do not transmit any data off-device.
- Do not require any additional permissions.
Data Export (CSV / PDF / JSON)
You can export your financial data at any time from Settings:
- CSV export for Excel, Google Sheets, or tax-preparation software.
- PDF reports for printing or sharing.
- JSON backup for migrating data to a new device.
Exports are written to a temporary folder on your device and handed to your system share sheet. SpendEasy does not upload these files anywhere — where they go next is entirely your choice (save locally, email yourself, send to your accountant, etc.).
6. Data Sharing
We do NOT sell, trade, or share your personal or financial data with any third party.
The only data shared with third parties is:
- Email address with Firebase (for authentication only).
- Crash stack traces and device metadata with Firebase Crashlytics (for fixing bugs — release builds only, no financial data).
- Device identifiers with AdMob (for advertisement delivery).
- Currency codes with Exchange Rate API (for conversion rates — no personal data).
- Metal symbols (e.g. XAU, XAG) with Yahoo Finance / Stooq / gold-api.com / CoinGecko (for spot prices — no personal data).
7. Data Retention & Deletion
- Your local data remains on your device until you uninstall the app or manually delete it.
- Cloud backup data remains in your Google Drive until you delete it from the app or your Drive.
- Soft delete and the 90-day window: When you delete a record (an expense, income entry, loan, etc.) inside the app, it is marked as soft-deleted in your local SQLite database for 90 calendar days so the app can offer recovery if you tap delete by mistake. After 90 days, the record is permanently purged from local storage on the next launch. This 90-day window applies only to your local device database — cloud backups upload the current visible state and do not preserve soft-deleted rows separately. To erase soft-deleted data immediately rather than waiting 90 days, uninstall the app (which clears all local data) or use Settings > Danger Zone > Delete Account.
- You can delete your account at any time from Settings > Danger Zone > Delete Account.
- Account deletion permanently removes:
- Your Firebase Authentication account
- Your Google Drive backup data
- Local data on your device is not automatically deleted when you delete your account (you can uninstall the app to remove it).
8. Children's Privacy
SpendEasy is not directed at children under the age of 13. We do not knowingly collect
personal information from children under 13. If you believe we have collected such data, please
contact us so we can delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an
updated "Last Updated" date. Continued use of the app after changes constitutes acceptance of the
updated policy.
10. Your Rights
You have the right to:
- Access your data (all data is visible within the app)
- Export your data (via local backup, CSV, or PDF export)
- Delete your data (via account deletion or app uninstall)
- Manage your accounts and financial records at any time
- Opt out of ad personalization (via Google device settings)
- Disable cloud backup at any time (data stays local only)
11. Legal Basis for Processing (EU / UK Users)
If you are in the European Economic Area, the United Kingdom, or another jurisdiction subject to the GDPR or UK GDPR, the lawful bases on which SpendEasy processes the limited personal data described above are:
- Contract (Art. 6(1)(b) GDPR) — processing of your email address through Firebase Authentication is necessary to create and maintain your SpendEasy account.
- Consent (Art. 6(1)(a) GDPR) — cloud backup to your Google Drive, attaching receipt photos, and enabling notifications are optional features you opt in to. You can withdraw consent at any time from Settings (disable cloud backup, remove receipts, turn off notifications).
- Legitimate interest (Art. 6(1)(f) GDPR) — serving advertisements through Google AdMob to support a free tier of the app, balanced against your right to opt out of ad personalisation through your device settings.
You also have the rights of access, rectification, erasure, restriction, portability, and objection under GDPR. Most of these are exercisable directly in the app (view, edit, export, delete account). For any request you cannot fulfil yourself, contact us at the address in Section 13. You may also lodge a complaint with your local Data Protection Authority.
12. California Residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you specific rights regarding your personal information:
- We do not sell or share your personal information as those terms are defined under the CCPA / CPRA. We do not exchange financial data, contacts, or precise location for money or other valuable consideration.
- Categories of personal information collected: identifiers (email, AdMob advertising ID), internet/network activity (limited app usage signals through AdMob), and commercial information you choose to enter (your own expense and budget records, stored on your device).
- You have the right to know, delete, correct, and limit use of your personal information. Most of these rights are exercisable directly in the app; for anything else, contact us at the address in Section 13.
- We will not discriminate against you for exercising any of these rights.
13. Contact Us