Last updated: April 2026
The data controller for personal data collected through this application is Andrea Cittadini, private individual, reachable at [email protected].
The application collects the following personal data:
Data is processed solely for:
Processing is based on the user's consent (Art. 6(1)(a) GDPR), given at the time of registration.
Data is retained for the lifetime of the account. Upon account deletion, all personal data is permanently deleted. If the user was part of a family, shared expenses are reassigned to another family member and remain in the family ledger; all other personal data is permanently erased.
Data is not shared, sold, or transferred to third parties. The application is self-hosted and data resides solely on the server configured by the controller. The only exception is the optional use of Google Gemini APIs for receipt OCR, in which case the image is transmitted to Google under their terms of service.
You have the right to:
To exercise these rights, contact the data controller at the email address above.
Passwords are stored in encrypted form (bcrypt). Communication uses HTTPS. Data access is protected by JWT authentication.