1. Introduction

Welcome to Where Money, a personal finance management application. We are committed to protecting your privacy and ensuring the security of your personal and financial data. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service.

2. Data we collect

2.1 Personal information

• Email address (required for account creation)
• Full name (optional)
• Phone number (optional)
• Profile picture / avatar (optional, if provided via Google OAuth)

2.2 Financial data

• Wallet information (name, type, balance, currency)
• Transaction records (income, expenses, transfers)
• Debt and loan data
• Savings goals and progress
• Investment holdings (stocks, gold savings)
• Subscriptions and recurring payments
• Financial plans and budgets

2.3 Technical data

• Device information (device name, type, IP address)
• Browser and operating system data
• Session and authentication token data
• Usage and audit logs

3. How we use your data

We use the data we collect for the following purposes:

• To provide and maintain our finance management service
• To authenticate and secure your account
• To process transactions and manage your financial data
• To generate reports, analytics, and insights
• To send relevant service‑related notifications
• To improve the service and user experience
• To detect and prevent fraud or security issues
• To comply with legal obligations

4. Sharing and disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your data only in the following situations:

• Service providers: We may share data with trusted providers who help operate our service (e.g., cloud hosting, database management), under strict confidentiality agreements.
• Legal requirements: We may disclose data if required by law, court order, or government regulation.
• Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.
• With your consent: We may share data with your explicit consent for specific purposes.

5. Data security

We implement industry‑standard security measures to protect your data, including:

• Encryption: Sensitive data is encrypted using modern encryption standards both at rest and in transit.
• Authentication: Passwords are hashed using strong one‑way hashing algorithms.
• Session management: Authentication tokens are time‑limited and protected against common attacks.
• HTTPS: All communications are encrypted using SSL/TLS.
• Access control: Strict access control and authentication requirements for internal systems.
• Audit logging: Sensitive operations are logged for security monitoring where applicable.

6. Cookies and session management

We use cookies and similar technologies to:

• Maintain your authentication session (for example, secure cookies for refresh tokens)
• Store your preferences (theme, language settings)
• Improve service performance and user experience

You can control cookies through your browser settings, but disabling cookies may affect how our Service works.

7. Your rights

You have the following rights regarding your personal data, subject to applicable law:

• Access: Request a copy of your personal data.
• Correction: Update or correct inaccurate data.
• Deletion: Request deletion of your account and related data.
• Data portability: Export your financial data in a machine‑readable format.
• Withdraw consent: Withdraw consent for data processing where applicable.

To exercise these rights, please contact us through the app settings or via the contact methods provided in the Service.

8. Data retention

We retain your personal data for as long as your account is active or as needed to provide our Service. When you delete your account, we will:

• Revoke access to your account immediately.
• Delete or anonymize your personal data within a reasonable period (for example, within 30 days).
• Retain some data as required by law or for legitimate business purposes (for example, audit logs or security records).

9. Third‑party services

Our Service may integrate with third‑party services, such as:

• Google OAuth: For authentication via Google account (subject to Google's Privacy Policy).
• Payment processors: For subscription payments (subject to their own privacy policies).

We are not responsible for the privacy practices of third‑party services. We encourage you to review their privacy policies.

10. Children's privacy

Our Service is not intended for users under 18 years of age, and we do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately so we can take appropriate action.

11. International data transfers

Your data may be stored and processed on servers located outside your country of residence. By using our Service, you consent to the transfer of your data to these locations, which may have different data protection laws than your country.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

• Publish the new Privacy Policy on this page.
• Update the "Last updated" date at the top of this page.
• Send in‑app notifications for material changes where appropriate.

Your continued use of our Service after changes are published constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and delete your account.

13. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Through the app settings page (support / feedback).
• Via any additional contact methods provided in the Service.