Last updated: June 30, 2026
Overview
Coin Kitty is a personal finance tracking app. By default, your financial data is stored locally on your device. Cloud sync is only enabled if you choose to subscribe and create an account.
This policy applies to both our website and our mobile app Coin Kitty.
Data Controller
The data controller responsible for your personal data is:
Tiponuț Alecsandru-George Persoană Fizică Autorizată
CUI: 54896768
ONRC: F2026030773000
Str. Ștefan Augustin Doinaș 2A, Ap. 11, Cluj-Napoca, Cluj, Romania
Email: [email protected]
Data We Collect
Guest users (free):
- No personal information is collected
- All data is stored on your device only
- Anonymous usage analytics (app opens, feature usage) and crash reports are collected to improve the app — no personal or financial data is included
- Technical data collected automatically by analytics and crash reporting: device type, operating system, app version. This data is anonymous and cannot identify you
Subscribers:
- Email address (for authentication)
- Financial data you enter (expenses, income, budgets, categories, tags) — synced to our secure cloud
- Subscription status (managed by Google Play)
- Technical data collected automatically by analytics and crash reporting: device type, operating system, app version. This data is anonymous and cannot identify you
How We Use Your Data
- To provide app features including expense/income tracking, budgets, and reports
- To sync your data across devices (subscribers only)
- To validate your subscription status
We do not sell, share, or use your data for advertising purposes.
We only use your email for authentication and account-related support — never for marketing.
Legal Basis for Processing
We process your data under the following GDPR legal bases:
- Performance of a contract — to provide app features, cloud sync, and subscription validation
- Legitimate interest — to keep the app secure, improve it, and understand anonymous, aggregate usage
Data Storage & Security
- Local data is stored in a local SQLite database on your device
- Cloud data is stored on Supabase (PostgreSQL) servers in the European Union (Frankfurt, Germany) with row-level security
- Authentication is handled by Supabase Auth with secure token management
- All data transfers use HTTPS encryption
- Your financial and account data is stored within the EU (Supabase, Frankfurt). Some providers (Google Play, Sentry, Aptabase) may process limited anonymous technical data outside the EEA under standard contractual clauses or equivalent safeguards
- In the unlikely event of a data breach affecting your personal data, we will notify the supervisory authority (ANSPDCP) within 72 hours and inform you without undue delay where the breach is likely to pose a high risk
Your Rights
Under the GDPR, you can at any time:
- Access the personal data we hold about you
- Export your data, including in a portable format (Settings → Data → Export)
- Correct inaccurate data by editing it in the app
- Delete your account and all data entirely
- Use the app offline without creating an account
- Object to processing based on legitimate interest, including anonymous analytics
- Lodge a complaint with the Romanian supervisory authority (ANSPDCP) or your local data protection authority
Deleting Your Data
- Guest users — Coin Kitty does not collect or store your data outside your device. Uninstalling the app removes all data
- Subscribers — Delete your account and all cloud data from Settings → Danger Zone. You can also contact us to request deletion
- Inactive accounts — Cloud accounts inactive for over 2 years may be deleted along with their synced data, after reasonable notice where contact details are available
Data Retention
- We keep your data for as long as your account is active so you can use the service
- When you delete your account, all cloud data is removed immediately; local data is removed when you uninstall the app
- Inactive cloud accounts may be deleted after 2 years (see above)
Third-Party Services
- Supabase — cloud database and authentication (subscribers only)
- Google Play Billing — subscription management
- Aptabase — privacy-first, anonymous usage analytics (no personal data)
- Sentry — anonymous crash and error reporting
Cookies & Local Storage
The app uses local device storage (SQLite and preferences) to function offline. Our website uses only essential storage and no advertising or tracking cookies. We do not use third-party advertising trackers.
Children
This app is not intended for children under 16. We do not knowingly collect data from anyone under 16.
Contact
For questions about this privacy policy or to request data deletion, contact us at [email protected]
Tiponuț Alecsandru-George Persoană Fizică Autorizată
CUI 54896768·ONRC F2026030773000
Str. Ștefan Augustin Doinaș 2A, Ap. 11, Cluj-Napoca, Cluj, România
[email protected]