Privacy Policy

Last updated: — [PLACEHOLDER COMPANY NAME]

This Privacy Policy describes how WhereItsGone (“we”, “our”, or “us”) collects, uses, and protects your personal information when you use our service. By using WhereItsGone, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following types of information:

• Account information — When you sign in with Google, we receive your name, email address, and Google account ID. We do not receive your Google password.
• Financial data — Transaction amounts, descriptions, dates, categories, and wallet names that you enter into the application. This data is stored in your personal Supabase database and is not shared with third parties.
• Usage data — We may collect anonymised information about how the application is used (e.g. feature usage frequency). This data cannot be used to identify you personally.
• Feedback submissions — If you contact us via the feedback form, we store your name, email address, and message in order to respond to you.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the WhereItsGone service
• Authenticate you securely via Google OAuth
• Enable wallet sharing between users you invite
• Respond to feedback and support requests
• Improve the application based on usage patterns

We do not sell, rent, or trade your personal information to third parties. We do not use your financial data for advertising or profiling purposes.

3. Data Storage & Security

Your data is stored using Supabase, an open-source backend platform built on PostgreSQL. Data is stored in the European Union (EU West region) unless otherwise configured. Supabase provides encryption at rest and in transit for all data.

Access to wallet data is controlled by Row Level Security (RLS) policies — you can only access wallets you have been explicitly added to as a member. No other user can view your financial data.

While we take reasonable precautions to protect your data, no internet transmission is 100% secure. You use the service at your own risk.

4. Third-Party Services

We use the following third-party services:

• Google OAuth — for authentication. Google's Privacy Policy
• Supabase — for database and real-time data. Supabase Privacy Policy
• Google Fonts — for typography (DM Sans, DM Serif Display, DM Mono). Fonts are loaded from Google's CDN.

5. Cookies & Local Storage

WhereItsGone uses browser local storage to maintain your authentication session between visits (via Supabase Auth). We do not use tracking cookies or advertising cookies.

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Export your financial data (contact us and we will provide a CSV export)

To exercise any of these rights, contact us at [email protected]

7. Data Retention

We retain your data for as long as your account is active. If you request account deletion, all personally identifiable data will be removed within 30 days. Anonymised, aggregated data may be retained for analytics purposes.

8. Children's Privacy

WhereItsGone is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy, please contact us at [email protected] or use the Feedback link in the app footer (sign-in required).