Privacy Policy

1. Introduction

Xpensy ("the App") is a group travel expense tracking application developed by Erez Cohen, operating under E-REZULTS ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the App on iPhone, iPad, Apple Watch, or Mac.

2. Information We Collect

2.1 Account Information

• Email address — used for authentication and account recovery
• Display name — shown to other trip members
• Authentication tokens — for secure session management

2.2 Trip & Expense Data

• Trip details (name, destination, dates, currency settings)
• Expense records (amount, category, description, date, who paid)
• Custom expense categories and freeform tags/labels you create
• Trip member information (names, roles, permissions)
• Trip folders and organizational preferences
• Recurring expense schedules
• Expense templates you save for reuse
• Comments and discussions on expenses
• Settlement and debt records between members
• Change history (audit log) of expense modifications

2.3 Receipt Images

• Photos of receipts you upload for expense tracking
• Images are compressed before upload (max 1200px, JPEG quality 30%)
• Stored securely in our cloud storage
• Images shared via the iOS Share Extension from other apps (e.g., WhatsApp, email) are processed in the same manner

2.4 Usage Analytics

• Session duration and pages visited (screen names only)
• Action counts (e.g., number of expenses added)
• No personally identifiable information is included in analytics
• You can opt out of analytics tracking in Settings
• If you deny the App Tracking Transparency (ATT) prompt, all analytics tracking is disabled

2.5 Device & Diagnostic Data

• Push notification token — a device identifier used to deliver push notifications (stored on our server, linked to your account)
• Crash reports and diagnostics — sent to Sentry for stability improvements. These may include device model, OS version, and stack traces. No personal expense data is included.

2.6 On-Device Data (Not Sent to Our Servers)

The following data is processed or stored only on your device and is never transmitted to our servers:

• Biometric data (Face ID / Touch ID) — used solely for local app unlock via iOS system APIs. We never access, store, or transmit biometric data.
• Location data — used only to auto-detect your country and suggest a local currency. Location is processed on-device via reverse geocoding and is not stored or sent to our servers. You will be asked for permission before any location access.
• Contacts — accessed only when you choose to invite friends to a trip. Contact data is used on-device to compose an invitation message and is never uploaded or stored by us.
• Calendar — accessed only when you explicitly choose to add trip dates to your device calendar. Calendar data is never read or uploaded by us.
• Spotlight index — trip and expense data is indexed locally on your device for iOS Spotlight Search. This data stays on-device.
• Widget and Live Activity data — budget summaries and last expense info are shared with the Xpensy home screen widget and Dynamic Island via App Groups (on-device only).
• Apple Watch data — trip budget and recent expenses are synced to the Xpensy Apple Watch app via WatchConnectivity (device-to-device, not via our servers).
• Handoff / Continuity data — activity state (which screen you are viewing) is shared between your devices via Apple's Handoff framework for seamless multitasking.
• Siri interaction data — Siri Shortcuts are registered on-device for voice commands. We do not access Siri audio or transcripts.

2.7 iCloud Backup

If enabled, your app preferences (theme, language, notification settings, custom categories, selected app icon) are backed up to your personal iCloud account via Apple's iCloud Key-Value Storage. This data is encrypted by Apple and governed by Apple's privacy policy. We do not have access to your iCloud data.

2.8 Purchase Data

If you make in-app purchases, transaction data is processed by Apple's App Store and RevenueCat (our subscription management provider). We receive a record of your subscription status but do not have access to your payment method or billing details.

3. How We Use Your Information

• Core functionality — tracking and splitting trip expenses among group members
• AI receipt parsing — receipt images are sent to Google Gemini API to extract expense data (amount, category, description). A consent dialog is shown before any image is sent. Images are processed in real-time and not stored by the AI provider.
• Authentication — verifying your identity via email/password, Apple Sign-In, or Google OAuth
• Push notifications — sending you alerts about new expenses, trip invitations, and budget warnings (configurable per notification type in Settings)
• Background sync — syncing pending offline data, refreshing exchange rates, and checking budget alerts when the app is in the background
• App improvement — anonymous usage analytics and crash reports help us improve the user experience (opt-out available)

4. Data Storage & Security

• All data is stored on Supabase (PostgreSQL database hosted on AWS, EU region)
• All network communication uses HTTPS/TLS encryption
• Authentication credentials are stored in the iOS Keychain (hardware-encrypted)
• Local cache data is encrypted using MMKV with encryption
• Passwords are hashed before any local storage
• App Groups are used for secure on-device data sharing between the main app, widgets, Apple Watch, and Share Extension

5. Data Sharing

We do not sell, rent, or trade your personal data. Your data may be shared in these limited cases:

• Trip members — other members of your trips can see shared expense data, comments, and settlement information
• Google Gemini API — receipt images are sent for AI processing (only with your consent; not stored by Google)
• Supabase — our database and authentication provider
• Sentry — crash reports and diagnostics for app stability (Sentry Privacy Policy)
• RevenueCat — subscription and purchase management (RevenueCat Privacy Policy)
• Legal requirements — if required by law or legal process

6. Data Retention

• Your data is retained as long as your account is active
• Offline cache expires after 7 days
• Audit log entries (change history) are retained for the lifetime of the associated trip
• Crash reports are retained by Sentry for 90 days
• Usage analytics sessions are retained for product improvement purposes

7. Account Deletion

You can delete your account at any time from Settings → Delete Account. This will:

• Permanently delete your profile and personal data
• Delete all expenses you created
• Remove you from all trips
• Delete your authentication record
• Remove your push notification token
• Clear all locally cached data, Spotlight index, widget data, and iCloud backup

Account deletion is irreversible. If you are a trip admin, you will be prompted to transfer admin rights before deletion.

8. Children's Privacy

Xpensy is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal data, please contact us.

9. Third-Party Services

• Supabase — database, authentication, and file storage (supabase.com/privacy)
• Google Gemini API — AI-powered receipt parsing (Google Privacy Policy)
• Apple Sign-In — authentication (Apple Privacy Policy)
• Google OAuth — authentication (Google Privacy Policy)
• Expo — over-the-air updates (expo.dev/privacy)
• Sentry — crash reporting and diagnostics (sentry.io/privacy)
• RevenueCat — in-app purchase and subscription management (revenuecat.com/privacy)
• Apple iCloud — settings backup via iCloud Key-Value Storage (Apple Privacy Policy)
• Apple MapKit — map display for trip locations (processed on-device; Apple Privacy Policy)

10. Your Rights

You have the right to:

• Access your personal data (visible in the app)
• Correct inaccurate data (edit your profile in Settings)
• Delete your account and all associated data
• Opt out of analytics tracking (Settings → toggle)
• Deny or revoke tracking permission via App Tracking Transparency
• Revoke AI receipt processing consent at any time in Settings
• Disable push notifications (Settings → Notifications, or iOS Settings)
• Revoke location, contacts, calendar, or camera permissions at any time via iOS Settings
• Export your data (contact us)

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, contact us at:

• Email: erezults@gmail.com
• Website: xpensy.erezults.com

← Back to Xpensy