Privacy Policy

1. Who are we?

Tracekash is a personal finance app that helps you know your net financial position, track income, expenses, accounts, credit cards, and loans. The service is available at tracekash.com.

2. Information we collect

• Account data: name, email address, and profile picture, obtained when you register directly or via Google OAuth.
• Financial data: bank accounts, credit cards, loans, income, and expenses that you enter manually on the platform.
• Email data (Gmail): with your explicit authorization, we read emails from your Gmail account solely to detect financial transaction vouchers and receipts to facilitate automatic expense recording. We do not store your email content; we only extract structured financial information.
• Usage data: basic technical information such as device type and application errors to improve the service.

3. How we use your information

• Provide and maintain the Tracekash service.
• Display your net financial position, expenses, and income on the dashboard.
• Automatically detect transactions from Gmail emails, only when you request it.
• Send you account-related notifications (email verification, password reset).
• Improve the user experience and fix system errors.

We do not sell, rent, or share your personal information or financial data with third parties for commercial purposes.

4. Gmail access

Tracekash uses the Gmail API with the gmail.readonly scope to read emails and detect financial information (amounts, dates, merchants) from transaction vouchers and receipts. The Gmail import does not process bank statements; bank-statement parsing is a separate feature where you manually upload the PDF.

• Access is optional and requires your explicit authorization.
• We only read emails relevant to detecting financial transactions.
• We do not store the full content of your emails on our servers.
• You can revoke access at any time from myaccount.google.com/permissions.

Tracekash's use of information received from Google APIs is governed by the Google API Services User Data Policy, including the Limited Use requirements.

5. Storage and security

Your data is stored in PostgreSQL databases hosted on secure infrastructure. We use Vercel as our deployment platform. Passwords are stored using bcrypt hashing and never as plain text. Authentication sessions are managed using JWT with expiration.

6. Your rights

• Access: you can view all the information we hold about you within the app.
• Deletion: you can delete your account and all your data from Settings → Account → Delete account. Deletion is immediate in our database and completes, including backups, within at most 30 days. Deleting your account also revokes any Gmail access you had granted.
• Portability: you can export your financial data.
• Gmail revocation: you can revoke Gmail access at any time from Settings, without affecting the rest of the service.

7. Third-party services

• Google OAuth / Gmail API: for authentication and, optionally, reading emails to detect transaction receipts.
• Vercel: hosting and deployment platform.
• Neon: database (managed PostgreSQL, encrypted at rest).
• Google Gemini API (by Google): when you enable importing, the content of detected emails and of documents you upload is sent to Gemini to extract the transaction data. It is the same Google that provides Gmail; on the paid plan we use, Google does not use this data to train its models. We do not store the email content, only the structured data extracted from it.
• Upstash: rate limiting; stores only per-IP counters, no content of yours.
• Paddle: payment processor (Merchant of Record); we never see your card details.

8. Contact

For questions about privacy, data deletion, or how your information is used, contact us at support@tracekash.com.