Privacy Policy

1. Who we are

CroSum (the "app", "we", "us") is operated by Cronicium, a sole proprietorship registered with the Dutch Chamber of Commerce (Kamer van Koophandel).

• KvK number: 42069368
• Business address: Beneluxflat 19, 4701 BD Roosendaal, the Netherlands
• General contact: hello@crosum.app
• Privacy questions: privacy@crosum.app

We act as the data controller for the personal data described below.

2. What data we collect

2.1 Account data

Using CroSum requires an account — you sign in when you first open the app, so your subscription and settings stay tied to you. You can sign in with Google or with an email address and password. Depending on the method, we collect:

• Email address — required to identify your account and send transactional emails (sign-up confirmation, password reset).
• Display name — only if you sign in with Google (or Apple, when an iOS version launches), and only as the provider returns it. You can edit or remove it later.
• Provider user ID — an opaque identifier from your sign-in provider (e.g. the Google "sub" claim). Used to match you to your account on subsequent sign-ins.
• Encrypted password hash — only if you sign up with email + password. We never see the plaintext password; it's hashed by Supabase Auth.

2.2 Financial data — stored on your device

The transactions, budgets, savings goals, and loans you enter are stored locally on your device in the app's private storage. We do not currently transmit or store this data on our servers.

Android's auto-backup is explicitly disabled in our app manifest, so this data does not sync to your Google Drive either. If you want to move the data to a new device, you can use the in-app Backup & Restore feature, which produces a ZIP file you control and transfer manually.

A future "Cloud Sync" feature may opt you into transmitting this data to our servers (Supabase). We will update this policy and request your consent before any such feature becomes active.

2.3 Subscription data (only if you subscribe)

When you purchase a subscription through the Google Play Store, we receive an opaque receipt token from Google Play. We use this to determine whether your account has paid features unlocked. We do not see your payment-card details — those are handled by Google Play, which acts as the seller of record.

2.4 Diagnostic data

We currently do not collect crash reports, analytics, telemetry, or any usage statistics from the app.

3. Why we collect it

We use the data above only to:

• Sign you in and keep you signed in
• Send transactional emails (account confirmation, password reset, subscription receipts)
• Validate your subscription so paid features are unlocked on your account
• Honour your right to delete your account and the data we hold about it

We do not use your data for advertising, profiling, or algorithmic decision-making. We do not sell your data.

4. Legal basis

Under GDPR Article 6, our legal bases are:

• Contract performance (Art. 6(1)(b)): processing your email + auth credentials, and your subscription receipt, is necessary to provide the service you signed up for.
• Legitimate interest (Art. 6(1)(f)): security logs (sign-in attempts, suspicious activity) are processed to keep accounts safe. We balance this against your privacy interests by retaining only what's needed.
• Consent (Art. 6(1)(a)): if we ever introduce optional features that involve additional data processing (e.g. Cloud Sync, opt-in analytics), we will request your explicit consent before activating them.

5. Who we share it with

We share the limited data above with the following sub-processors, each of which is bound by a Data Processing Agreement (DPA) and may only process the data on our instructions:

Sub-processor	Role	Data shared	Region
Supabase	Authentication and database	Email, display name, password hash, provider user ID, subscription state	EU (Frankfurt) — verified per project
Resend	Transactional email delivery	Email address + email content (confirmation links, reset links)	EU / global; data passes through US infra in transit
Google (OAuth)	Optional sign-in provider	OAuth handshake; we receive your IdP user ID + email	Global
Google Play Billing	Subscription processing (seller of record)	Subscription purchase receipts	Global
Netlify	Marketing site + password-reset page hosting	Standard web access logs (IP address, user agent) — not associated with your CroSum account	Global CDN

Apple Sign-In is wired into the codebase but not active in the v1 Android release. When iOS launches, Apple will be added to this list as an OAuth provider and as a billing provider (StoreKit). We will update this policy at that time.

6. Where it's stored

Your account data lives in our Supabase project, hosted in the EU (Frankfurt) data centre. Where a sub-processor routes data outside the EU (e.g. Resend's or Google's global infrastructure), the transfer is protected by Standard Contractual Clauses approved by the European Commission.

Your financial data (transactions, budgets, etc.) lives on your device only and is not transferred to us or to any third party unless you explicitly export it via the in-app Backup feature.

7. How long we keep it

• Account data: kept for as long as your account exists. When you delete your account, we remove all associated rows from our database within 30 days. Backup snapshots (taken nightly by Supabase) are rotated out within 7 days, after which the data is irrecoverable.
• Transactional emails: Resend retains email logs (sender, recipient, timestamp, status) for up to 30 days. Email body content is not retained beyond delivery.
• Subscription records: retained as long as legally required for accounting purposes (7 years under Dutch tax law), even after account deletion. Stored as anonymous receipt tokens not linked to a personal identifier after account deletion.
• Financial data on your device: retained until you uninstall the app or use the in-app delete features.

8. Your rights under GDPR

You have the right to:

• Access a copy of the personal data we hold about you
• Rectification — correct inaccurate data
• Erasure — delete your account and the data we hold about it (use the in-app "Delete Account" button in Settings > Account, or email privacy@crosum.app)
• Portability — receive a machine-readable export of your data (use the in-app "Backup" feature)
• Objection — object to processing based on legitimate interest
• Restriction — ask us to limit how we process your data
• Lodge a complaint with the Dutch supervisory authority, Autoriteit Persoonsgegevens

We respond to rights requests within one month, free of charge.

9. Children

CroSum is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has signed up, contact us at privacy@crosum.app and we will delete the account.

10. Cookies and tracking

The marketing site (crosum.app) does not use cookies, analytics, or tracking pixels. We don't run Google Analytics, Meta Pixel, or any equivalent. Standard server access logs (IP, user agent, timestamp) are kept by Netlify per their own privacy policy and are not linked to your CroSum account.

The mobile app uses the WebView's local storage (localStorage) on your device to keep your settings and your financial data. This is not a "cookie" in the ePrivacy sense — it's first-party app storage, comparable to a document a desktop application would save to disk.

11. Changes to this policy

If we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Email everyone with an active CroSum account, at least 30 days before the change takes effect
• Show an in-app banner on the next session after the change

Previous versions are kept available on request.

12. Contact

Questions about this policy? Want to exercise one of your rights? Email privacy@crosum.app and we'll respond within 30 days.