Privacy Policy

Welcome to RoomieExpense. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, share, and protect your information when you use our expense tracking and management service. By using RoomieExpense, you agree to the collection and use of information in accordance with this policy.

We collect and process the following categories of data:

PERSONAL INFORMATION:
• Name and email address (required for account creation)
• Phone number (optional)
• Profile picture (optional)
• Password (encrypted and never stored in plain text)

FINANCIAL DATA:
• Expense details (amounts, descriptions, categories, dates)
• Payment information (amounts, payer/payee, payment methods, status)
• User shares in expenses (individual contribution amounts)
• Currency preferences

APARTMENT & SOCIAL DATA:
• Apartment names and membership information
• Roommate relationships and roles (admin/member)
• Apartment join codes and invitation links

DEVICE & TECHNICAL DATA:
• Device ID and type (Android/iOS)
• FCM (Firebase Cloud Messaging) tokens for push notifications
• Timezone information
• App version and platform information
• IP address and connection data

USAGE & BEHAVIORAL DATA:
• App interactions and feature usage (via Firebase Analytics)
• Screen views and navigation patterns
• Settings and preferences (language, theme, notification settings)
• Ad interactions (impressions, clicks) when ads are displayed

NOTIFICATION DATA:
• Notification types received and read status
• Notification preferences for 5 categories (payment reminders, expense updates, member invitations, apartment activity, summary reports)

We use your data for the following purposes:

SERVICE DELIVERY:
• Create and manage your user account
• Track and split expenses among roommates
• Process and record payments
• Manage apartment memberships and invitations
• Send push notifications about expenses, payments, and apartment activity
• Provide data export functionality (CSV, Excel, PDF)

PERSONALIZATION:
• Remember your language and theme preferences
• Customize notification settings based on your choices
• Display currency in your preferred format

ANALYTICS & IMPROVEMENT:
• Analyze app usage patterns to improve features
• Track feature adoption and user engagement
• Identify and fix technical issues
• Develop new features based on usage data

ADVERTISING (if applicable):
• Display personalized advertisements via Google AdMob
• Track ad impressions and clicks
• Measure ad performance and effectiveness

SECURITY & FRAUD PREVENTION:
• Detect and prevent unauthorized access
• Verify user identity and authentication
• Monitor for suspicious activity
• Ensure data integrity and security

LEGAL COMPLIANCE:
• Comply with legal obligations and regulations
• Respond to legal requests and prevent illegal activities
• Enforce our Terms & Conditions

We use the following third-party services that may collect and process your data:

FIREBASE (Google):
• Firebase Analytics: Collects usage data, events, and user properties
• Firebase Cloud Messaging: Handles push notifications and device tokens
• Firebase Remote Config: Delivers app configuration and feature flags
• Privacy Policy: https://policies.google.com/privacy

GOOGLE ADMOB:
• Displays banner, native, and interstitial advertisements
• Collects advertising ID and ad interaction data
• May use cookies and similar technologies
• Privacy Policy: https://policies.google.com/privacy

GOOGLE PLAY BILLING:
• Processes subscription purchases (Remove Ads feature)
• Handles payment information securely
• Manages subscription status and renewals
• Privacy Policy: https://payments.google.com/privacy

BACKEND SERVER:
• Custom server for data storage and synchronization
• Stores all expense, payment, and apartment data
• Encrypted communication via HTTPS/TLS
• Certificate pinning for enhanced security

We do not sell your personal data. We share your data only in the following circumstances:

WITH OTHER USERS:
• Expense and payment information is visible to all members of your shared apartments
• Your name and profile picture are visible to apartment members
• Payment status and amounts are shared within apartments

WITH SERVICE PROVIDERS:
• Firebase/Google for analytics, notifications, and ads
• Google Play for subscription billing
• Cloud hosting providers for backend infrastructure

FOR LEGAL REASONS:
• To comply with legal obligations, court orders, or government requests
• To protect our rights, property, or safety
• To prevent fraud or illegal activities
• In connection with legal proceedings

BUSINESS TRANSFERS:
• In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner

We implement industry-standard security measures to protect your data:

ENCRYPTION:
• All data transmitted over networks uses HTTPS/TLS encryption
• Sensitive data is encrypted at rest using AES-256-GCM
• Passwords are hashed and never stored in plain text
• Authentication tokens are encrypted in secure storage

SECURE STORAGE:
• Android: Data stored in Android Keystore
• iOS: Data stored in Keychain Services
• Local data encrypted on device

AUTHENTICATION:
• JWT token-based authentication
• Automatic token refresh for session management
• Biometric authentication support (optional)
• Session timeout for inactive accounts

NETWORK SECURITY:
• Certificate pinning to prevent man-in-the-middle attacks
• HMAC-SHA256 request signing
• Secure API communication protocols

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

You have the following rights regarding your personal data:

ACCESS & PORTABILITY:
• View all your personal data stored in the app
• Export your data in multiple formats (CSV, Excel, PDF)
• Download expense and payment history with date range selection

CORRECTION:
• Update your profile information (name, phone, picture)
• Edit expense and payment details
• Correct inaccurate or outdated information

DELETION:
• Delete your account and all associated data
• Account deletion requires password confirmation
• Data is permanently removed within 30 days
• Some data may be retained for legal compliance

CONTROL & PREFERENCES:
• Manage notification preferences (5 categories can be toggled)
• Choose your preferred language and theme
• Enable or disable biometric authentication
• Control which apartments you join or leave

OPT-OUT:
• Disable push notifications in device settings
• Opt out of personalized ads via device settings
• Remove ad tracking by subscribing to Remove Ads

To exercise these rights, use the in-app settings or contact us through the Contact Us section.

We retain your data for the following periods:

ACTIVE ACCOUNTS:
• Personal information: Retained while your account is active
• Expense and payment data: Retained indefinitely for financial records
• Notification data: Retained for 90 days
• Analytics data: Typically retained for 12-24 months

DELETED ACCOUNTS:
• Personal data is deleted within 30 days of account deletion
• Financial records may be retained for legal compliance (up to 7 years)
• Anonymized analytics data may be retained indefinitely

SESSION DATA:
• Authentication tokens: Valid until expiration or logout
• FCM tokens: Removed on logout or device change
• Local cache: Cleared on logout or app uninstall

LEGAL RETENTION:
• Data may be retained longer if required by law
• Records related to legal disputes preserved as necessary

ANALYTICS:
We use Firebase Analytics to collect usage data, including:
• Screen views and navigation patterns
• Feature interactions and button clicks
• User properties (account type, language, theme preference)
• Custom events (60+ events tracking app usage)
• Session duration and engagement metrics

LOCAL STORAGE:
• We use local storage to save:
- Authentication tokens
- User preferences (language, theme)
- Cached data for offline access
- Notification settings

ADVERTISING:
• Google AdMob may use cookies and advertising IDs
• Ad personalization can be controlled in device settings
• Subscribe to Remove Ads to eliminate ad tracking

THIRD-PARTY COOKIES:
• Firebase and Google services may set their own cookies
• Refer to their privacy policies for more information

We use Firebase Cloud Messaging (FCM) to send push notifications:

NOTIFICATION TYPES:
We send notifications for 15 different events, grouped into 5 categories:
• Payment Reminders: Overdue payments and payment requests
• Expense Updates: New expenses, expense changes, expense closures
• Member Invitations: Join requests, membership approvals/rejections
• Apartment Activity: Member joins/leaves, apartment updates
• Summary Reports: Monthly summaries and expense reports

NOTIFICATION PREFERENCES:
• You can enable/disable each of the 5 categories independently
• Settings are synced across devices
• Changes take effect immediately

FCM TOKEN:
• A unique FCM token is generated for your device
• Token is registered with our server when you log in
• Token is removed when you log out or uninstall the app

DEVICE PERMISSIONS:
• You can disable notifications entirely in device settings
• Disabling may affect app functionality and user experience

ADVERTISEMENTS:
RoomieExpense displays ads through Google AdMob:
• Banner Ads: Displayed on home, settings, and apartment screens
• Native Ads: Integrated into home and history screens
• Interstitial Ads: Full-screen ads between screen transitions

AD PERSONALIZATION:
• Ads may be personalized based on your interests and usage
• Google's advertising ID is used for ad targeting
• You can opt out of personalized ads in device settings

AD-FREE SUBSCRIPTION:
• Subscribe to 'Remove Ads' to eliminate all advertisements
• Subscription is processed through Google Play Billing
• Subscription auto-renews monthly unless cancelled
• Manage subscriptions in Google Play Store
• No personal payment information is shared with us

AD DATA COLLECTION:
• Ad impressions, clicks, and interaction data are collected
• This data is used to measure ad performance
• Refer to Google AdMob privacy policy for details

Your data may be transferred to and processed in countries other than your own:

• Our backend servers may be located in different countries
• Firebase and Google services operate globally
• Data transfers comply with applicable data protection laws
• We use standard contractual clauses and other safeguards

By using RoomieExpense, you consent to the transfer of your data to countries that may have different data protection laws than your country of residence.

RoomieExpense is not intended for users under 18 years of age:

• We do not knowingly collect data from children under 18
• If we discover we have collected data from a child, we will delete it promptly
• Parents/guardians who believe their child has provided data should contact us
• We will verify the request and delete the data within 30 days

If you are under 18, please do not use RoomieExpense or provide any personal information.

We may update this Privacy Policy from time to time:

• Material changes will be communicated via:
- In-app notification
- Email to registered address
- Updated 'Last Updated' date in the policy

• Continued use after changes constitutes acceptance
• You can review the policy anytime in Settings > Privacy Policy
• Previous versions are available upon request

We encourage you to review this policy periodically to stay informed about how we protect your data.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

• Use the Contact Us section in Settings
• We will respond to privacy inquiries within 30 days
• For data subject requests (access, deletion, correction), we may require identity verification

You can also contact us for:
• Data access requests
• Account deletion assistance
• Privacy concerns or complaints
• Questions about data processing
• Technical support related to privacy features