# Summary of changes ### **March 2026 : Privacy policy update** #### 1. Broader legal coverage and terminology * We now explicitly reference GDPR, CCPA, LGPD and other international laws, and describe your rights in one consolidated section. * Wording is more direct about “data controller” responsibilities and EU operations. #### 2. Clearer list of data we collect * Usage data, optional app list, transaction details, authentication data, voluntary contact info and only technical cookies are listed with clearer purposes. * We clarified that we do **not** track other apps or websites outside our services. #### 3. Device permissions spelled out * New dedicated section explaining Address Book, Location and Storage permissions, all optional and revocable. #### 4. Data breach notification commitment * We added a promise to notify users and authorities of qualifying breaches within 72 hours where required. #### 5. Data location and transfers * We state data is processed and stored in the EU and that we do not transfer personal data outside the EEA unless adequate safeguards exist. #### 6. Service providers and tools * The list now includes wsrv.nl for image optimization, alongside Firebase, DigitalOcean, Google Drive, OpenWeatherMap and others already disclosed. #### 7. Advertising language toned and clarified * We say ads may be based on location or app usage, and that third‑party policies apply, without the old references to NAI/DAA opt‑outs. #### 8. Children’s privacy * Age thresholds remain (16 minimum, consent if under 18) but wording is streamlined and grouped in one section. #### 9. Your rights and how to exercise them * Rights are expanded and aligned across jurisdictions (access, rectification, erasure, restriction, portability, objection, withdraw consent, non‑discrimination). Response time of 30 days is now stated. * We note that much of our data is anonymous or aggregated, which can limit what can be provided or deleted. #### 10. Data retention details * We now give examples of retention periods (e.g., transactions kept for tax law, marketing data until consent is withdrawn). * The previous generic “retained as long as needed” statement has been replaced.