← Back to NotiTracker

Privacy Policy

Last updated: 3 July 2026

1. Introduction

This Privacy Policy explains how NotiTracker (the Android app) and the NotiTracker pre-launch website at notitrackr.web.app (together, the Services) collect, use, store, share, and protect personal data.

By using the Services, you acknowledge that you have read this Privacy Policy. If you do not agree, please do not use the Services.

2. Who is responsible for your data

The data controller is:

Miguel França
Portugal
Email: miguel_franca@outlook.com

In this policy, we, us, and our refer to the operator of NotiTracker.

3. Scope

This policy applies to:

  • The NotiTracker Android app — personal finance tracking with optional notification-based expense capture and Google Sheets mirroring.
  • The pre-launch website — waiting-list signup and product information before general availability.

The app and website are separate experiences but share the same operator and privacy commitments described here.

4. Summary

  • We do not sell your personal data.
  • We do not use your data for third-party advertising.
  • The Android app does not contain ads.
  • We share data only with Google as a service provider (Firebase, Google Sign-In, and optionally Google Sheets in your Google account).
  • Notification content is read only from apps you allowlist, processed on your device, and raw notification text is never uploaded to our servers.
  • You can schedule deletion of your app data and associated cloud copies through an in-app process (see Delete account & data and Section 13).

5. Data we collect in the NotiTracker app

5.1 Account and identity (required to use the app)

NotiTracker requires you to sign in with Google Sign-In. We receive from Google the information needed to authenticate you, which typically includes:

  • Your Google account email address
  • Your display name
  • Your profile photo URL (if available from Google)
  • A unique Firebase Authentication user identifier

We use this information to create and secure your account, display your profile in the app, and associate your data with you.

5.2 Financial and app data you provide

When you use NotiTracker, we store the data you enter or that the app derives from your use, including:

  • Transactions — description, amount, direction (spent or earned), date, and links to category and account
  • Categories and accounts — names, display colors, currency, optional initial balance, and chart visibility preferences
  • Description suggestions — remembered combinations of description, category, and account derived from your transaction history
  • Notification patterns — if you enable learning, mappings from an allowlisted app and merchant fragment to your chosen description, category, and account (see Section 8)
  • Settings and preferences — including overview layout, cloud sync toggle, notification capture configuration, quick-settings tile preference, and Google Sheets connection details (workbook and tab identifiers)

This data is stored in Google Firebase Firestore, scoped to your account, when cloud sync is enabled (the default). See Section 9 for when cloud sync is turned off.

5.3 Data stored locally on your device

NotiTracker keeps a local copy of some data on your Android device to support offline use, quick-settings and notification capture flows, and faster loading. This includes mirrors of your preferences, finance data, and suggestion indexes while you are signed in.

When you sign out, local data for that account is cleared from the device. OS-level app backup is disabled so another user's data cannot be restored from device backups.

5.4 Google Sheets mirroring (optional)

If you connect a Google Sheets workbook and tab, NotiTracker writes transaction rows to your Google account using the Google Sheets API. We store your connection choice (workbook and tab identifiers) in Firestore. The transaction rows themselves are written to Google Sheets under your control — we do not retain a separate copy beyond what is already stored in Firestore and on your device.

Disconnecting or scheduling deletion of your NotiTracker data does not remove rows already written to your spreadsheet. You manage that data directly in Google Sheets.

5.5 Export and import

You may export your transaction history to a file on your device or import a previously exported file. These actions are initiated by you and process data locally or through your account storage as part of normal app operation.

5.6 What we do not collect in the app

  • We do not collect analytics or crash-reporting data in the Android app.
  • We do not read notifications from apps you have not allowlisted.
  • We do not upload raw notification title or body text to our servers.
  • We do not access your SMS, call logs, contacts, or precise location.

6. Data we collect on the pre-launch website

6.1 Waiting list signup

If you join the waiting list, we collect your email address and the time you signed up. We use your email only to notify you about the NotiTracker launch (and related essential product updates for waitlist subscribers).

We do not ask for your name or other personal details on the waiting-list form. A hidden anti-spam field is used to block automated submissions; if triggered, no data is stored.

6.2 Website analytics

The pre-launch website uses Google Firebase Analytics to understand aggregate usage (such as page views and general device or browser characteristics). This analytics runs on the website only — not in the Android app. Google's processing is subject to Google's Privacy Policy.

7. How we use your data

We use personal data to:

  • Provide, maintain, and improve NotiTracker
  • Authenticate you and keep your account secure
  • Store and sync your transactions, categories, accounts, and preferences
  • Prefill expense entries from notifications you allowlist (on-device processing)
  • Learn notification patterns when you enable that feature
  • Mirror transactions to your connected Google Sheet when configured
  • Send launch notifications to waiting-list subscribers
  • Protect the website and app from abuse and spam
  • Comply with legal obligations and respond to lawful requests

8. Notification access

NotiTracker offers optional notification capture on Android. This feature requires you to grant notification access and display-over-other-apps permission so the app can read allowlisted notifications and open a quick expense entry overlay.

Important commitments:

  • We read notification content only from apps you explicitly add to your allowlist in Settings.
  • Parsing (detecting amounts, direction, and merchant hints) happens on your device.
  • Raw notification text is never uploaded to Firebase or our servers.
  • If you enable Learn from notifications, and you save an expense originating from a notification, we store a notification pattern in your Firestore account: the allowlisted app's package name, a merchant fragment, and the description, category, and account you confirmed — not the full notification.
  • You can disable notification capture entirely, disable learning only, or remove apps from your allowlist at any time in Settings.

Because notification access is sensitive, we describe this behavior clearly here and in the in-app permission explanations before you enable the feature.

9. Cloud sync setting

NotiTracker includes a Cloud sync toggle in Settings (on by default).

  • When cloud sync is on: your financial data is stored in Firestore and synced across devices where you sign in with the same account.
  • When cloud sync is off: your financial data (transactions, categories, accounts, and derived indexes) stays on your device and is not uploaded to Firestore. Your account settings and preferences may still sync to Firestore so preferences can be restored when you sign in. Sign-in is still required to use the app.

10. Legal basis for processing (EEA / UK users)

If you are in the European Economic Area or the United Kingdom, we process personal data on the following bases under the GDPR:

  • Performance of a contract — to provide the app and website services you request (account, storage, sync, Sheets mirroring, waiting-list notifications).
  • Consent — for optional features such as notification capture, learning from notifications, Google Sheets connection, and waiting-list signup. You may withdraw consent by disabling the feature or contacting us.
  • Legitimate interests — to keep the Services secure, prevent abuse (including website spam protection), and improve reliability, balanced against your rights.
  • Legal obligation — where we must retain or disclose data to comply with applicable law.

11. Sharing and third parties

We do not sell your personal data. We do not share your data with third parties for their independent advertising or marketing.

We share data only with service providers necessary to operate the Services:

Provider Purpose Data involved
Google Firebase (Auth, Firestore) Account authentication and cloud storage Account identifiers, app data described in Section 5
Google Sign-In Authentication Email, name, profile photo URL
Google Sheets API Optional transaction mirroring Transaction rows written to your Google Sheet
Google Firebase Analytics Website usage statistics Website analytics events (website only)

Google's privacy practices are described at policies.google.com/privacy. Where Google processes data outside your country, Google relies on appropriate safeguards such as Standard Contractual Clauses as applicable.

We may also disclose data if required by law, court order, or governmental request, or to protect the rights, safety, and security of users and the Services.

12. How long we keep data

  • App account data: retained until you schedule deletion through the in-app process (see Section 13) and, once scheduled, for up to 90 days before permanent removal from Firestore.
  • Waiting list emails: retained until we send the launch notification, then deleted within 90 days. You may request earlier removal at any time (see Section 13).
  • Local device data: cleared when you sign out (see Section 5.3). Scheduling partial data deletion does not clear local data on the device. If you schedule deletion of all data categories, you are signed out and local data is then cleared on sign-out.
  • Website analytics: retained according to Google Firebase Analytics settings and Google's default retention periods unless we configure shorter periods.

13. Data deletion and removal

13.1 Scheduling deletion of your app data

Step-by-step instructions for deleting some or all of your data, and for deleting your entire account, are on our Delete account & data page (required for Google Play).

You can schedule deletion of your data from within the app (Settings → Delete my data). You choose which categories to remove: transactions, categories, and accounts together; settings and preferences; learnt patterns and description suggestions; or all categories at once.

When you confirm a deletion request:

  1. Your request is scheduled — we record it in our systems and mark your account as pending deletion. Settings shows an “Account scheduled for deletion” notice while the request is active.
  2. On your device, your existing data generally remains available and you can continue using the app normally after scheduling, unless you chose to delete all categories (see below).
  3. Cloud data in Firestore for the categories you selected is kept for up to 90 days, then permanently deleted by an automated backend process. This includes transactions, categories, accounts, description suggestions, notification patterns, and settings, depending on what you selected.
  4. If you selected all data categories, you are signed out after scheduling. Local data on the device is cleared when you sign out (see Section 5.3). You may sign in again before the 90-day period ends; your cloud data will still be present until the scheduled purge runs.
  5. If you selected all data categories, your Firebase Authentication / Google sign-in identity is permanently deleted when the 90-day purge runs. For partial deletions, your sign-in identity is kept — only the app data you selected is removed from Firestore.

Cancelling a scheduled deletion: contact us at miguel_franca@outlook.com before the 90-day period ends if you wish to cancel.

Data already mirrored to your Google Sheet is not deleted by NotiTracker and remains in your Google account until you remove it.

13.2 Removing your waiting list email

Waiting list signup is separate from an app account. To remove your email from the waiting list before or after launch, contact us at miguel_franca@outlook.com from the address you used to sign up (or identify that address clearly). We will remove it as soon as reasonably practicable.

13.3 Other requests

For other privacy requests (access, correction, restriction, or portability under applicable law), contact us at miguel_franca@outlook.com. We will respond within the timeframes required by applicable law (generally within one month under the GDPR).

14. Your privacy rights

Depending on where you live, you may have rights regarding your personal data, including:

  • Access to the personal data we hold about you
  • Correction of inaccurate data
  • Deletion of your data
  • Restriction or objection to certain processing
  • Data portability
  • Withdrawal of consent where processing is based on consent

To exercise these rights, contact miguel_franca@outlook.com.

If you are in the EEA and believe we have not handled your data properly, you have the right to lodge a complaint with your local supervisory authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD) — www.cnpd.pt.

15. Security

We use industry-standard measures appropriate to the nature of the data, including encrypted connections (HTTPS/TLS), Firebase Authentication, and Firestore security rules that restrict each user's data to their own account. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

You are responsible for keeping your Google account credentials secure and for choosing which apps to allowlist for notification capture.

16. International data transfers

We are based in Portugal. Your data may be processed by Google (Firebase, Google Sign-In, Google Sheets, Firebase Analytics) on servers located in the European Union and/or other countries, including the United States. Where required, we rely on appropriate safeguards such as Google's standard contractual clauses and data processing terms.

17. Children

NotiTracker is intended for users aged 16 and older. It is not directed at children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will take steps to delete it.

18. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If changes are material, we will provide additional notice where appropriate (for example, in the app or by email to waiting-list subscribers). Continued use of the Services after the effective date constitutes acceptance of the updated policy.

19. Contact

For privacy questions, requests, or complaints:

miguel_franca@outlook.com

© NotiTracker · Home · Terms of service · Delete account & data