Bucktrack — Privacy Policy

Last updated: April 2, 2026

Bucktrack ("we", "our", "the app") is an expense tracking application developed by Bucktrack. This privacy policy explains what data we collect, how we use it, and your rights regarding your information.

1. Data We Collect

Account Information

When you sign in with Google, we receive your name, email address, and profile photo from your Google account. This is used to create your Bucktrack profile and identify you to friends and group members.

Financial Information

The app collects expense data including amounts, merchant names, categories, and currencies. This data is entered manually by you or extracted from bank notifications (with your explicit permission).

Notification Data

If you grant notification access, Bucktrack reads notifications from banking apps you select in Settings. The notification text is sent to our server for AI-powered parsing to extract the merchant name, amount, category, and currency. We do not read notifications from non-selected apps. The raw notification text is processed in real-time and is not stored on our servers.

Group and Friend Data

When you create groups or add friends, we store group names, member lists, shared expenses, settlements, and balances. Friends are added by email address with mutual consent.

Photos

You may optionally upload a profile photo and group photos. These are stored securely in Firebase Storage.

Device Information

We collect your device's push notification token (FCM token) to send you notifications about group activity, friend expenses, settlements, and budget alerts. We do not collect advertising IDs or location data.

Analytics and Performance Data

We use Firebase Analytics and Firebase Performance Monitoring to understand how the app is used and to identify performance issues. This may include anonymous usage data such as screen views, app open events, session duration, device model, OS version, and app performance metrics (startup time, network latency). This data is aggregated and cannot be used to identify you personally. We also use Firebase Crashlytics to collect crash reports, which may include device state and stack traces, to help us fix bugs.

2. How We Use Your Data

• To provide the core expense tracking service
• To parse bank notifications into structured expense data using AI (Google Gemini)
• To calculate group balances, simplified debts, and settlements
• To generate analytics, insights, and budget tracking
• To send push notifications about group activity and budget alerts
• To export your expense data as CSV or PDF when you request it
• To monitor app performance and fix crashes (Firebase Analytics, Performance Monitoring, Crashlytics)

3. AI Processing

Bank notification text is sent to Google Gemini (AI) via Firebase Cloud Functions for parsing. Expense descriptions may also be sent to Google Gemini via Firebase AI Logic for category suggestions. This processing happens on Google's servers in the EU (europe-west1 region). The AI does not store or learn from your data — each request is processed independently.

4. Data Storage and Security

Your data is stored in Firebase (Google Cloud Platform) with the following security measures:

• All data is encrypted in transit (HTTPS/TLS) and at rest
• Firestore security rules ensure users can only access their own data
• Authentication is handled by Firebase Auth with Google Sign-In
• API keys are stored server-side in Firebase Secrets, never in the app
• Optional biometric lock (fingerprint/face) for app access

5. Data Sharing

We do not sell, rent, or share your personal data with third parties. Your data is shared only in these limited cases:

• With group members: Shared expenses, settlements, and balances within groups you join
• With friends: Shared expenses and balances with friends you add
• With Google: Notification text is processed by Google Gemini AI for parsing. Authentication is handled by Google Sign-In
• With Firebase: Data is stored on Google Cloud Platform (Firebase)
• With Google (Analytics): Anonymous usage and performance data is collected by Firebase Analytics, Performance Monitoring, and Crashlytics

6. Data Retention

Your data is retained as long as your account is active. You can delete individual expenses, groups, and friend connections at any time from within the app. To delete your entire account and all associated data, contact us at the email below.

7. Your Rights (GDPR)

If you are in the European Union, you have the right to:

• Access: Request a copy of your data (use the CSV/PDF export feature)
• Rectification: Edit or correct your expenses and profile at any time
• Erasure: Delete your data or request full account deletion
• Portability: Export your data in CSV or PDF format
• Withdraw consent: Revoke notification access at any time in your device settings

8. Children's Privacy

Bucktrack is not intended for children under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.

9. Notification Access

Bucktrack uses Android's NotificationListenerService to read bank notifications. This permission is optional and must be explicitly granted by you. You select which banking apps to monitor in Settings. We only read notifications from apps you select — all other notifications are ignored. You can revoke this permission at any time in your device's notification settings.

10. Subscriptions

Bucktrack offers optional premium subscriptions (monthly and annual) through Google Play Billing. Subscription management and payments are handled entirely by Google Play. We do not collect or store payment information.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Continued use of the app after changes constitutes acceptance.

12. Contact

For questions about this privacy policy or to request account deletion, contact us at:

Email: support@bucktrack.app