Summary of chages

September 2024 : Privacy policy update (Draft, not effective yet)

1. Broader legal coverage and terminology

• We now explicitly reference GDPR, CCPA, LGPD and other international laws, and describe your rights in one consolidated section.

• Wording is more direct about “data controller” responsibilities and EU operations.

2. Clearer list of data we collect

• Usage data, optional app list, transaction details, authentication data, voluntary contact info and only technical cookies are listed with clearer purposes.

• We clarified that we do not track other apps or websites outside our services.

3. Device permissions spelled out

• New dedicated section explaining Address Book, Location and Storage permissions, all optional and revocable.

4. Data breach notification commitment

• We added a promise to notify users and authorities of qualifying breaches within 72 hours where required.

5. Data location and transfers

• We state data is processed and stored in the EU and that we do not transfer personal data outside the EEA unless adequate safeguards exist.

6. Service providers and tools

• The list now includes wsrv.nl for image optimization, alongside Firebase, DigitalOcean, Google Drive, OpenWeatherMap and others already disclosed.

7. Advertising language toned and clarified

• We say ads may be based on location or app usage, and that third‑party policies apply, without the old references to NAI/DAA opt‑outs.

8. Children’s privacy

• Age thresholds remain (16 minimum, consent if under 18) but wording is streamlined and grouped in one section.

9. Your rights and how to exercise them

• Rights are expanded and aligned across jurisdictions (access, rectification, erasure, restriction, portability, objection, withdraw consent, non‑discrimination). Response time of 30 days is now stated.

• We note that much of our data is anonymous or aggregated, which can limit what can be provided or deleted.

10. Data retention details

• We now give examples of retention periods (e.g., transactions kept for tax law, marketing data until consent is withdrawn).

• The previous generic “retained as long as needed” statement has been replaced.

11. Sharing information

• New explicit scenarios: mergers/acquisitions and legal compliance.