Privacy Policy

Last updated: March 23, 2025

1. Who are we?

Tracekash is a personal finance app that helps you know your net financial position, track income, expenses, accounts, credit cards, and loans. The service is available at tracekash.com.

2. Information we collect

  • Account data: name, email address, and profile picture, obtained when you register directly or via Google OAuth.
  • Financial data: bank accounts, credit cards, loans, income, and expenses that you enter manually on the platform.
  • Email data (Gmail): with your explicit authorization, we read emails from your Gmail account solely to detect financial transaction vouchers and bank statements to facilitate automatic expense recording. We do not store your email content; we only extract structured financial information.
  • Usage data: basic technical information such as device type and application errors to improve the service.

3. How we use your information

  • Provide and maintain the Tracekash service.
  • Display your net financial position, expenses, and income on the dashboard.
  • Automatically detect transactions from Gmail emails, only when you request it.
  • Send you account-related notifications (email verification, password reset).
  • Improve the user experience and fix system errors.

We do not sell, rent, or share your personal information or financial data with third parties for commercial purposes.

4. Gmail access

Tracekash uses the Gmail API with the gmail.readonly scope to read emails and detect financial information (amounts, dates, merchants) from vouchers and bank statements.

  • Access is optional and requires your explicit authorization.
  • We only read emails relevant to detecting financial transactions.
  • We do not store the full content of your emails on our servers.
  • You can revoke access at any time from myaccount.google.com/permissions.

Tracekash's use of information received from Google APIs is governed by the Google API Services User Data Policy, including the Limited Use requirements.

5. Storage and security

Your data is stored in PostgreSQL databases hosted on secure infrastructure. We use Vercel as our deployment platform. Passwords are stored using bcrypt hashing and never as plain text. Authentication sessions are managed using JWT with expiration.

6. Your rights

  • Access: you can view all the information we hold about you within the app.
  • Deletion: you can request complete deletion of your account and data.
  • Portability: you can export your financial data.
  • Gmail revocation: you can revoke Gmail access at any time without affecting the rest of the service.

7. Third-party services

  • Google OAuth / Gmail API: for authentication and optional email reading.
  • Vercel: hosting and deployment platform.
  • Google Gemini API: for processing financial documents (bank statements).

8. Contact

For questions about privacy, data deletion, or how your information is used, contact us at privacy@tracekash.com.

← Back