TapSpendTapSpend

Privacy Policy for TapSpend

Last Updated: September 2025

Introduction

TapSpend ("we," "our," or "us") values your privacy. This policy explains how we collect, use, and protect your information when you use our expense tracking app.

What We Collect

Data Stored on Our Servers

  • Authentication Data: When you sign in using OAuth (Google), we store your email address and authentication tokens to maintain your login session securely.
  • Subscription Information: If you subscribe to premium features, we store subscription status, payment history, and related metadata. Payment processing is handled securely by our payment provider.

Data Stored Locally on Your Device

  • Transaction Data: Detected from payment app notifications (merchant, amount). Stored locally in an encrypted database on your device only.
  • Custom Categories & Rules: User-created categories and preferences, stored locally on your device.
  • AI Categorization (OpenAI): Minimal transaction details (merchant + amount) may be sent securely to OpenAI's API for automatic categorization. No identifiers or full histories are transmitted.
  • Analytics (Optional): Crash logs and performance data via Sentry, never including spending details.

Permissions

Notification Access

  • Required to detect payment notifications for automatic transaction tracking.
  • Although Android grants access to all notifications, TapSpend only processes notifications from selected payment apps (such as banking or card apps you authorize).
  • Other notifications (messages, emails, etc.) are ignored completely.
  • We encourage you to enable access only for your payment-related apps and disable it for all others in your system settings.

Internet

For AI categorization (via OpenAI API) and optional crash reporting.

Biometric Authentication (Optional)

Protects access to your app data, handled by your device.

Foreground Service

Keeps transaction monitoring active.

Boot & Battery Settings (Optional)

Ensure reliable operation on certain devices.

How We Use Your Data

  • Authenticate and maintain your login sessions securely via OAuth.
  • Process and manage subscription payments and premium features.
  • Categorize transactions and generate insights (locally on your device).
  • Provide budgets, charts, and notifications.
  • Improve app stability (if analytics enabled).
  • We never sell, rent, or share your data for marketing.

Storage & Retention

  • Server Data: Authentication and subscription data is stored securely on our servers and retained as long as your account is active.
  • Local Data: All expense and transaction data remains on your device only.
  • Transaction data is deleted when you remove it, clear app data, or uninstall.
  • No automatic cloud backups of your spending history.

Third Parties

  • Google OAuth: Used for secure authentication. We receive your email address and authentication tokens. Google's privacy policy applies to their authentication service.
  • Payment Processor: Subscription payments are processed through our secure payment provider. We do not store credit card details.
  • OpenAI API (AI Categorization): Processes merchant name and transaction amount only. No personal identifiers or account details are sent. Data is processed for categorization and then discarded immediately.
  • Sentry (Optional): Collects technical crash info, no spending data.
  • Open-source libraries: Used for functionality, never for data collection.

Your Choices & Data Deletion

  • Revoke notification access or permissions anytime via system settings.
  • Delete or export your transactions at any time within the app.
  • Delete Your Account: You can delete your account and all associated server data (authentication and subscription information) directly in the app settings or by contacting us through the contact page.
  • Uninstalling the app permanently deletes all local transaction data from your device.

Security

  • OAuth authentication for secure login without storing passwords.
  • Encrypted local database on your device.
  • Secure server infrastructure for authentication and subscription data.
  • Protected by device security features.
  • Regular security updates.

Children's Privacy

Not intended for users under 18. We do not knowingly collect information from children.

Updates

We may update this policy and will notify you of significant changes in the app.

Contact

Email: manabyte.apps@gmail.com

You can also submit data deletion requests or other privacy inquiries through the contact page.

Compliance

This policy aligns with Google Play requirements, GDPR, CCPA, and Android platform privacy guidelines.