Privacy Policy - CashDiary

Overview

CashDiary ("the App"), developed by Golden Roots, respects your privacy. This Privacy Policy explains what data the App accesses, how it is used, how it is shared, and your choices regarding your data.

By using the App, you agree to the collection and use of information in accordance with this policy.

Permissions & Local Data

Camera & Photo Library Access

The App uses your device's camera and photo library to attach receipt photos and images to transactions. Selected images are processed entirely on your device. No image data is transmitted to any server or third party unless you explicitly choose to back up your data via Google Drive.

Financial Data

All your financial data - including transactions, accounts, credit cards, loans, budgets, and categories - is stored locally on your device using an encrypted local database. This data never leaves your device unless you explicitly choose to export or back it up.

Notifications

The App may request notification permission to send you bill reminders, budget alerts, and recurring transaction notifications. You can disable notifications at any time through your device settings.

App Security

CashDiary offers robust security features to protect your financial data:

6-digit PIN lock - Required to open the App, keeping your data private
Biometric authentication - Supports fingerprint and face recognition as a convenient alternative to PIN
Password hashing - Your PIN is hashed using PBKDF2 with 100,000 iterations, making it extremely difficult to crack even if device data is accessed
Encrypted local database - All financial data is stored in an encrypted database on your device
Auto-lock - The App automatically locks when you switch to another app or after a period of inactivity

Google Drive Backup

The App offers an optional Google Drive backup feature. When you choose to use this feature:

The App requests access to Google Drive's app-specific storage (appDataFolder) only.
Your financial data is encrypted in transit (HTTPS/TLS) and stored in a private folder that only this App can access.
No other files on your Google Drive are accessed, read, or modified.
You can disconnect your Google account or delete the backup data at any time through the App's settings.

Local Backup & Export

The App provides multiple ways to export and back up your data locally:

Excel (.xlsx) - Export transactions as a spreadsheet
PDF - Generate formatted reports of your transactions
JSON - Export raw data for personal backup or migration
CSV - Export in comma-separated format for use in other applications

Exported files are saved to your device's local storage. These files are not uploaded to any server by the App. You are responsible for managing and securing exported files.

Google Sign-In

If you use the Google Drive backup feature, you will be asked to sign in with your Google account. The App accesses only the following information:

Email address - to display which account is connected
Display name - to show your name in the settings screen
Profile photo - to show your avatar in the settings screen

This information is used only for display purposes within the App and is not stored on any external server or shared with any third party.

Advertising

The App displays advertisements using the following third-party advertising SDKs:

SDK	Data Collected	Purpose
Google AdMob	Device identifiers (Advertising ID), app interactions, diagnostics	Ad serving & personalization
Unity Ads	Device identifiers (Advertising ID), app interactions, diagnostics	Ad serving & mediation
Pangle	Device identifiers (Advertising ID), app interactions, diagnostics	Ad serving & mediation
Liftoff (Vungle)	Device identifiers (Advertising ID), app interactions, diagnostics	Ad mediation & personalization
InMobi	Device identifiers (Advertising ID), app interactions, diagnostics	Ad mediation & personalization

These SDKs may collect data automatically to serve relevant advertisements. You can opt out of personalized ads through your device's advertising settings:

Android: Settings → Privacy → Ads → Delete advertising ID

For more information, see: Google Privacy Policy | Unity Privacy Policy | Pangle Privacy Policy | Liftoff Privacy Policy | InMobi Privacy Policy

Analytics

The App uses Firebase Analytics to collect anonymous usage statistics including:

App opens and session duration
Feature usage patterns
Crash logs and error reports
App performance diagnostics

This data is aggregated and cannot be used to identify individual users. It is used solely to improve the App's performance and user experience.

For more information, see: Firebase Privacy Policy

Data Collection Summary

Data Type	Collected	Shared	Required	Purpose
Financial data (transactions, accounts, cards, loans)	Yes	No	Core	App functionality
Transaction photos	Yes	No	Optional	Receipt attachment
Email address	Yes	No	Optional	Google Drive backup
App interactions	Yes	Yes	Auto	Analytics, Advertising
Crash logs	Yes	No	Auto	Analytics
Diagnostics	Yes	Yes	Auto	Analytics, Advertising
App performance	Yes	No	Auto	Analytics
Device IDs	Yes	Yes	Auto	Advertising, Analytics

All collected data is encrypted in transit using HTTPS/TLS.

Important: Your financial data (transactions, accounts, credit cards, loans) is never shared with any third party. It stays on your device or in your personal Google Drive backup.

Data Deletion

You can request deletion of your data through the following methods:

1. Delete Financial Data (In-App)

Open the App → go to Settings → use "Delete All Data" to clear all transactions, accounts, credit cards, loans, categories, and saved images.

2. Delete Google Drive Backup

Open the App → go to Settings → tap your connected Google account → tap "Disconnect" to revoke access. Then:

Go to Google Drive → Settings → Manage Apps
Find "CashDiary"
Select "Delete hidden app data" to permanently remove all backup files

3. Delete Exported Files

Exported files (Excel, PDF, JSON, CSV) are saved to your device's storage. Navigate to your device's file manager and delete the exported files manually.

4. Delete All Local Data

Uninstall the App from your device to remove all locally stored data, including financial records, images, settings, and PIN configuration.

Important: We do not maintain any user data on our own servers. All data is stored locally on your device or in your personal Google Drive account.

Data Security

We take the security of your financial data seriously. The following measures are in place:

All data transmitted between the App and external services is encrypted using HTTPS/TLS
Financial data is stored in a local encrypted database on your device
App access is protected by 6-digit PIN with PBKDF2 hashing (100,000 iterations)
Biometric authentication (fingerprint/face) provides additional security
Google Drive backup uses Google's secure infrastructure with app-specific isolated storage
The App does not store any user data on external servers owned or operated by Golden Roots

No Account Required

The App is fully functional without creating an account or providing any personal information. Google Sign-In is only required for the optional Google Drive backup feature. You can use all financial tracking, budgeting, and export features without signing in.

Children's Privacy

This App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided personal data through the App, please contact us so we can take appropriate action.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App or applicable laws. Any changes will be reflected on this page with an updated "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, need assistance with data deletion, or have concerns about your privacy, please contact us at:

goldenroots.apps@gmail.com