SharedBudget app icon SharedBudget
Legal

Privacy Policy

Last updated: April 24, 2026 · Effective: April 24, 2026

This Privacy Policy explains how SharedBudget (the "App", "we", "us", "our") collects, uses, stores, and protects your information when you use our mobile application. The App is published on the App Store and Google Play by Vladislav Mershkov (sole developer, acting as a natural person), the "Data Controller". This policy is written to be compliant with the EU General Data Protection Regulation (GDPR) and includes a dedicated section for California residents (CCPA / CPRA). If you have questions, contact merbelcorp@outlook.com.

Contents
  1. Who we are
  2. What data we collect
  3. How we use your data
  4. Third-party processors
  5. Data sharing
  6. Retention & deletion
  7. Your rights (GDPR)
  8. Your rights (California)
  9. Children's privacy
  10. Security
  11. Changes to this policy
  12. Contact

1. Who we are (Data Controller)

Name: Vladislav Mershkov
Role: Independent app developer (App Store / Google Play publisher)
Contact: merbelcorp@outlook.com
App: SharedBudget (iOS and Android)

For GDPR purposes, Vladislav Mershkov acts as the Data Controller for personal data processed through SharedBudget.

2. What data we collect

2.1 Account data (provided by you via sign-in)

SharedBudget supports only social sign-in. We do not ask you for a password. When you sign in with Apple or Google, we receive:

  • A unique identifier from the provider (Apple ID sub claim or Google ID sub claim)
  • Your email address (used only to verify your identity at sign-in; not stored on a per-session basis beyond what is required to link your account)
  • Optionally, a display name that you can set inside the App

2.2 Profile data (created by you inside the App)

  • Display name (optional)
  • Avatar configuration (background color, emoji or icon choice)
  • Language / currency preferences

2.3 Financial data (entered by you)

SharedBudget is a personal finance app. The following data is created by you and stored in our database:

  • Accounts / wallets: name, currency, balance, icon, color
  • Transactions: amount, currency, exchange rate, type (income/expense), name, category, date
  • Categories: custom categories you create (name, icon, color, hierarchy)
  • Recurring transactions: schedule, frequency, amounts
  • Budget limits: spending limits per category/period
  • CSV import data: historical transactions you choose to import

We do not connect to your bank account. All financial data is entered manually by you or imported from files you choose to upload.

2.4 Shared accounts (multi-user feature)

SharedBudget lets you invite other users to a shared account. When you do:

  • We store the invite code and the list of users who have access to each account
  • We store the role of each user (owner, member, viewer)
  • Transactions created by one member are visible to other members of the same shared account

If you accept an invite, the inviter will be able to see the account data you contribute to that shared account.

2.5 Subscription data

SharedBudget offers optional paid features via in-app purchase. Purchases are processed by Apple (App Store) and Google (Google Play); we never see or store your payment card details. We use RevenueCat to validate receipts and track subscription status. RevenueCat receives a pseudonymous user identifier and subscription events.

We store locally:

  • Trial start timestamp
  • Subscription override flags
  • Active wallet selection for the free tier

2.6 Push notification data

If you enable push notifications, we store:

  • A device push token (APNs for iOS, FCM for Android)
  • Platform (iOS / Android)
  • Last-seen timestamp and active status
  • Your notification preferences (budget warnings, shared-account activity, monthly summaries)
  • A log of notifications we have delivered (type, timestamp, de-duplication key) — used to avoid sending duplicates

Push tokens are used only to deliver notifications you have enabled. You can disable notifications at any time in your device settings.

2.7 Technical data

We do not use any third-party analytics SDK, crash reporting SDK, advertising SDK, or tracking SDK. We do not collect your IP address, device advertising ID, location, contacts, photos, or microphone data.

Standard server logs may temporarily contain your IP address for security and abuse prevention; these logs are automatically rotated and are not used to profile you.

3. How we use your data

We use your data only for the following purposes:

PurposeLegal basis (GDPR)
Authenticating you via Apple / GooglePerformance of a contract (Art. 6(1)(b))
Storing and displaying your budget dataPerformance of a contract (Art. 6(1)(b))
Sharing data between members of a shared accountPerformance of a contract (Art. 6(1)(b))
Validating and managing your subscriptionPerformance of a contract (Art. 6(1)(b))
Sending push notifications you enabledConsent (Art. 6(1)(a)) — withdraw any time
Auto-suggesting categories during CSV import (via OpenAI)Legitimate interest (Art. 6(1)(f)) and/or your explicit action of importing a file
Converting between currencies (via CurrencyLayer)Performance of a contract (Art. 6(1)(b))
Security, fraud prevention, abuse mitigationLegitimate interest (Art. 6(1)(f))

We do not use your data for advertising, profiling, or automated decision-making that produces legal effects.

4. Third-party processors

We use the following third-party services ("sub-processors") to operate SharedBudget:

ProcessorPurposeData sharedLocation
Supabase (PostgreSQL hosting)Primary databaseAll account, profile, and financial dataAWS EU-West-3 (Paris, France / EU)
RailwayBackend hostingApplication traffic, processed dataUnited States / EU (depending on region)
AppleSign-in with Apple, App Store, APNsOAuth identifier, push tokenUnited States
GoogleSign-in with Google, FCMOAuth identifier, push tokenUnited States / Global
RevenueCatSubscription managementPseudonymous user ID, subscription eventsUnited States
CurrencyLayer (apilayer)Exchange rate lookupsCurrency codes only (no personal data)Global
OpenAIAuto-categorization of transactions during CSV import onlyThe name/description text of transactions you are importingUnited States

4.1 About OpenAI

When you import transactions from a CSV file, SharedBudget sends the transaction description text to OpenAI in order to suggest a category. We do not send your identity, email, account balance, or any other personally identifying information in this request. OpenAI processes the request under their API data usage policy and does not use this data to train their models (per OpenAI's API Terms). If you do not want this feature to be used, simply do not import CSV files.

4.2 International data transfers

Some processors (Apple, Google, RevenueCat, OpenAI, and parts of Railway) are based in the United States. Where we transfer personal data outside the EU/EEA, such transfers are covered by the EU Standard Contractual Clauses (SCCs) and/or equivalent safeguards offered by the respective processor.

5. Data sharing

We do not sell your personal data. We do not share your personal data with third parties for their own marketing purposes.

We share data only:

  • With the processors listed in §4, strictly to operate the App
  • With other users who are members of the same shared account (at your invitation)
  • If required by law, a valid court order, or to protect the rights, property, or safety of the Data Controller or our users

6. Data retention and deletion

  • Your data is retained for as long as your account exists.
  • When you delete your account, all your personal data is deleted immediately and permanently from our database. This includes your profile, wallets, transactions, categories, budget limits, device tokens, and shared-account memberships.
  • Transactions you contributed to a shared account owned by another user will remain in that account (because they belong to that shared account), but will no longer be associated with your identity.
  • Backups are rotated on a regular schedule; residual copies in encrypted backups are overwritten within 30 days at most.

To delete your account, open the App → Profile → Delete Account. Alternatively, email us at merbelcorp@outlook.com and we will process the deletion within 30 days.

7. Your rights (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

  • Right of access — obtain a copy of the data we hold about you
  • Right to rectification — correct inaccurate data (you can edit most data directly in the App)
  • Right to erasure ("right to be forgotten") — delete your data (see §6)
  • Right to restriction of processing
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent at any time, where processing is based on consent (e.g., push notifications)
  • Right to lodge a complaint with your local Data Protection Authority

To exercise any of these rights, email us at merbelcorp@outlook.com. We will respond within 30 days.

8. Your rights (California residents — CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and share
  • Delete the personal information we have collected from you
  • Correct inaccurate personal information
  • Opt out of sale or sharing of personal information — we do not sell or share personal information for cross-context behavioral advertising
  • Limit use of sensitive personal information — we do not use sensitive personal information for purposes beyond those listed in §3
  • Non-discrimination — we will not discriminate against you for exercising your rights

To exercise these rights, email merbelcorp@outlook.com.

9. Children's privacy

SharedBudget is rated "4+" on the App Store and is intended for general audiences. However, we do not knowingly collect personal information from children under 13 (or the applicable age of digital consent in your jurisdiction, up to 16 in parts of the EU). If you believe a child has provided us with personal information, please contact us at merbelcorp@outlook.com and we will delete the data promptly.

10. Security

We take reasonable technical and organizational measures to protect your data:

  • All traffic between the App and our backend is encrypted with HTTPS (TLS)
  • Data in our database is encrypted at rest (provided by Supabase / AWS)
  • Access to production systems is restricted to the Data Controller and protected by strong authentication
  • We do not store passwords (authentication is delegated to Apple and Google)

No system is perfectly secure. If we become aware of a data breach affecting your personal data, we will notify you and the relevant authorities in accordance with GDPR Article 33–34.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we will notify you in the App or by email before they take effect.

12. Contact

For any question, request, or concern about this Privacy Policy or your personal data, contact:

Vladislav Mershkov
Email: merbelcorp@outlook.com
Privacy Policy URL: /privacy/

This Privacy Policy was last updated on April 24, 2026.