Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller for personal data collected through this application is Andrea Cittadini, private individual, reachable at [email protected].

2. Data Collected

The application collects the following personal data:

  • Name, surname, and email address (account)
  • Fiscal code (optional, for medical receipt recognition and 730 tax summaries)
  • Password in encrypted form (bcrypt hash)
  • Expense data: amounts, dates, descriptions, categories, stores
  • Family data: member names and configuration

3. Purpose of Processing

Data is processed solely for:

  • User account management and authentication
  • Recording, categorising, and analysing personal and family expenses
  • Generating personal reports and statistics
  • Supporting income tax return preparation (730 summary)

4. Legal Basis

Processing is based on the user's consent (Art. 6(1)(a) GDPR), given at the time of registration.

5. Data Retention

Data is retained for the lifetime of the account. Upon account deletion, all personal data is permanently deleted. If the user was part of a family, shared expenses are reassigned to another family member and remain in the family ledger; all other personal data is permanently erased.

6. Third-Party Sharing

Data is not shared, sold, or transferred to third parties. The application is self-hosted and data resides solely on the server configured by the controller. The only exception is the optional use of Google Gemini APIs for receipt OCR, in which case the image is transmitted to Google under their terms of service.

7. Your Rights

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your account and data
  • Object to processing
  • Request data portability

To exercise these rights, contact the data controller at the email address above.

8. Security

Passwords are stored in encrypted form (bcrypt). Communication uses HTTPS. Data access is protected by JWT authentication.