Bucktrack — Privacy Policy

Last updated: May 27, 2026

Bucktrack ("we", "our", "the app") is an expense tracking application developed by Bucktrack. This privacy policy explains what data we collect, how we use it, and your rights regarding your information.

1. Data We Collect

Account Information

When you sign in with Google or email link, we receive your name, email address, and profile photo (Google only). This is used to create your Bucktrack profile and identify you to friends and group members.

Financial Information

The app collects expense data including amounts, merchant names, categories, and currencies. This data is entered manually by you or extracted from bank notifications on Android (with your explicit permission).

Notification Data (Android only)

If you grant notification access on Android, Bucktrack reads notifications from banking apps you select in Settings. The notification text is sent to our server for AI-powered parsing to extract the merchant name, amount, category, and currency. The raw notification text is processed in real-time and is not stored on our servers.

Group and Friend Data

When you create groups or add friends, we store group names, member lists, shared expenses, settlements, and balances. Friends are added by email address with mutual consent.

Photos

You may optionally upload a profile photo and group photos. These are stored securely in Firebase Storage.

Device Information

On Android we collect your device's push notification token (FCM token) to send you notifications about group activity, friend expenses, settlements, budget alerts, and occasional reminders to finish setting up or return to the app.

Associated with your account, we also store basic device and app information: device model, Android version, app version, your selected language, when you last opened the app, whether you have granted notification access, how many payment apps you have selected for tracking, whether you have recorded any expenses, and whether the app is currently installed. We use this to operate the app, show it in your language, diagnose device-specific problems, and decide whether to send the reminders described above. We do not collect advertising IDs or location data.

Analytics and Performance Data

We use Firebase Analytics and Firebase Performance Monitoring to understand how the app is used and to identify performance issues. This may include anonymous usage data such as app open events, session duration, device model, OS version, app performance metrics, and a small number of product events (e.g., when you grant notification access or when an expense is automatically detected). A pseudonymous user identifier is attached to these events. We never collect your real name, expense amounts, or merchant names in analytics. We also use Firebase Crashlytics to collect crash reports. You can disable analytics and crash reporting at any time in Settings → Privacy.

Firebase Analytics is linked to Google Ads for the sole purpose of measuring the performance of our own app-acquisition campaigns (e.g., counting installs that came from a Google Ads click). Ad personalization is disabled — no behavioural audience signals flow to Google Ads, and your usage data is never used to target ads at you. You can disable analytics altogether in Settings → Privacy.

2. How We Use Your Data

• To provide the core expense tracking service
• To parse bank notifications into structured expense data using AI (Google Gemini)
• To calculate group balances, simplified debts, and settlements
• To generate analytics, insights, and budget tracking
• To send push notifications about group activity and budget alerts, and occasional reminders to finish setting up or return to the app
• To export your expense data as CSV or PDF when you request it
• To monitor app performance and fix crashes
• To measure the performance of our own app-acquisition ad campaigns (install attribution only — no ad personalization)

3. AI Processing

Bank notification text is sent to Google Gemini (AI) via Firebase Cloud Functions for parsing. Expense descriptions may also be sent to Google Gemini via Firebase AI Logic for category suggestions. This processing happens on Google's servers in the EU (europe-west1 region). The AI does not store or learn from your data.

4. Data Storage and Security

Your data is stored in Firebase (Google Cloud Platform) with the following security measures:

• All data is encrypted in transit (HTTPS/TLS) and at rest
• Firestore security rules ensure users can only access their own data
• Authentication is handled by Firebase Auth
• API keys are stored server-side in Firebase Secrets, never in the app
• Optional biometric lock (fingerprint/face) for Android app access
• App Check (Play Integrity on Android, reCAPTCHA on web) protects API endpoints

5. Data Sharing

We do not sell, rent, or share your personal data with third parties. Your data is shared only in these limited cases:

• With group members: Shared expenses, settlements, and balances within groups you join
• With friends: Shared expenses and balances with friends you add
• With Google: Notification text is processed by Google Gemini AI for parsing. Authentication is handled by Google Sign-In and email link
• With Firebase: Data is stored on Google Cloud Platform (Firebase)
• With Google (Analytics): Anonymous usage and performance data
• With Google Ads: Install + conversion events from Firebase Analytics flow to Google Ads so we can measure the performance of our own app-acquisition campaigns. Ad personalization is disabled — no behavioural audience signals are shared, and your usage data is never used to target ads at you. You can disable this together with analytics in Settings → Privacy.

6. Data Retention

Your data is retained as long as your account is active. You can delete individual expenses, groups, and friend connections at any time from within the app. To delete your entire account and all associated data, contact us at the email below.

7. Your Rights (GDPR)

If you are in the European Union, you have the right to:

• Access: Request a copy of your data
• Rectification: Edit or correct your expenses and profile at any time
• Erasure: Delete your data or request full account deletion
• Portability: Export your data in CSV or PDF format (Android)
• Withdraw consent: Revoke notification access at any time

8. Children's Privacy

Bucktrack is not intended for children under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.

9. Subscriptions

Bucktrack offers optional premium subscriptions (monthly and annual) through Google Play Billing. Subscription management and payments are handled entirely by Google Play. We do not collect or store payment information.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date.

11. Contact

For questions about this privacy policy or to request account deletion, contact us at:

Email: support@bucktrack.app