ProductsAboutContactSupport
Español

VolpeTrack Privacy Policy

Last updated: Oct 25, 2025

VolpeTrack is developed by XADevs LLC (“VolpeTrack”, “we”). We respect your privacy. This Policy explains what data we process, for what purposes and legal bases, which providers we use, how long we keep data, and the choices and rights you have.

1. Data We Process

  • Account / Authentication: name, email, and profile photo via Google Sign-In, Apple Sign-In, and email + password (Firebase Auth or an equivalent provider).
  • Financial data you input: income, expenses, categories, goals, notes, and related records to operate the service.
  • Preferences & usage: language, currency, theme, achievements, notification settings, basic interaction analytics.
  • Technical logs: device/app info, OS version, IP address, error/performance logs for security and diagnostics.
  • AI assistant content: text you send to the assistant to generate responses.
  • Voice transcripts & audio metadata (optional): when you use speech-to-text, your voice input is processed by the OS speech service (Google/Apple) to create a transcript. We store the transcript to provide the feature. We do not keep raw audio.
  • Device identifiers (ads SDKs in Free plan only): advertising identifier (GAID/IDFA), basic device/app signals, and aggregated ad events for frequency capping, measurement, and fraud prevention.

2. Sign-in Methods

Currently available: Google Sign-In, Apple Sign-In, and email + password(via Firebase Auth or an equivalent provider).

3. Purposes & Legal Bases

  • Provide the service (contract): sync and display your financial information and maintain your account.
  • AI assistant (contract/legitimate interest): process your prompts to categorize and assist.
  • Improve & secure (legitimate interest): metrics, diagnostics, fraud/abuse prevention.
  • Notifications (consent): reminders via Firebase Cloud Messaging (FCM).
  • Marketing communications (consent): only if you opt in; you can opt out anytime.

4. Third-Party Providers & Transfers

We use trusted providers and limit data to what is necessary:

  • Auth & Notifications: Google Firebase Auth (Google/Apple Sign-In and email + password) and Firebase Cloud Messaging.
  • Subscriptions & purchases: RevenueCat (payments via Google Play / App Store).
  • AI processing: OpenAI, Azure OpenAI, and/or DeepSeek (text processing only; not for ads; no model training with our data).
  • Profile image storage: Bunny.net.
  • Infrastructure: servers on Linode and Microsoft Azure.
  • Advertising (Free plan only): Unity Ads, AppLovin MAX, and/or Google AdMob (NON-PERSONALIZED ads; see Section 10).

Advertising identifier (AAID/IDFA). Our ad SDKs (e.g., Unity Ads, AppLovin MAX, Google AdMob) may access the device's advertising identifier to serve non-personalized ads, apply frequency capping, measure performance, and prevent fraud/abuse. We do not use the identifier for personalized ads in the Free plan. You can reset or limit the identifier in your device settings.

AI providers process user inputs solely to generate responses for the requested feature. We do not permit the use of your data for advertising, profiling, or model training, and we use contractual and technical controls to enforce this.

Data may be transferred outside your country/EEA. Where required, we use Standard Contractual Clauses (SCCs) or other safeguards.

5. Retention

We keep your data while your account is active. After deletion, backups/logs are retained for 60 days for security and compliance, then are irreversibly purged unless law requires otherwise.

6. Security

Encryption in transit and at rest, access controls, and secure development practices. No system is perfect; if a breach materially affects you, we will notify you as required by law.

7. Your Rights

Depending on your jurisdiction (e.g., GDPR/CCPA), you can request access, rectification, deletion, portability, restriction, objection, and withdraw consent. Contact: privacy@xadevs.com from the email linked to your account.

8. Account Deletion & Data Export

You can request permanent account deletion from the app (or by email). Active data are erased; backups/logs follow the retention in Section 5. Store providers may keep billing data under their own policies.

9. Age

VolpeTrack is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover that we have collected personal data from a minor, we will delete it and may terminate the account.

10. Ads, Plans & Consent

Plans: Free (Ad-Supported) shows advertising; Premium Pro and Founder Pioneer are ad-free.

Non-personalized ads (Free plan only). We show non-personalized ads. Ad partners may process the device advertising identifier (GAID/IDFA), coarse IP region, basic device/app signals, and aggregated ad events solely for frequency capping, measurement, and fraud prevention, in line with platform policies. We do not enable cross-app tracking or interest-based personalization in the Free plan. In the EEA/UK, if consent is required for specific ad SDK operations, we will request it in-app. Upgrading to Premium Pro or Founder Pioneer disables ad SDKs.

11. Permissions (Android)

We request only the permissions needed for the features you choose:

  • INTERNET – connect to our API and third-party services.
  • POST_NOTIFICATIONS – optional app notifications (you can disable them).
  • RECORD_AUDIO – optional speech-to-text for the AI assistant (only when you press the mic).
  • CAMERA – optional profile photo capture.
  • READ_EXTERNAL_STORAGE (Android 12 or earlier only, with maxSdkVersion=32) – pick a profile photo from your gallery on older Android versions. On Android 13+, we use the Android Photo Picker and do not require gallery read access.
  • WAKE_LOCK and VIBRATE – reliable delivery and user feedback for notifications.
  • com.google.android.gms.permission.AD_ID – advertising identifier used by ad SDKs in the Free plan for non-personalized ads, measurement, and fraud prevention.

We do not scan your photo library; we only process the single image you select for your avatar.

12. Purchases & Subscriptions

Payments are handled by Google Play / App Store via RevenueCat. We do not store card data on our servers. Charges appear as "XADevs LLC". Manage or cancel subscriptions in your store account settings.

13. No Sale of Personal Data

We do not sell your personal data. For California residents, you can exercise "Do Not Sell or Share" by choosing non-personalized ads and/or contacting privacy@xadevs.com.

14. Changes to this Policy

We may update this Policy. We will notify significant changes in-app and, where appropriate, by email. The date at the top shows the latest revision.

15. Contact

Privacy: privacy@xadevs.com
Support: support@xadevs.com
Website: https://xadevs.com