📄 Privacy Policy for the iOS App “Costify”

Responsible entity:
Marlon Pitters (Dreamcommerce)
Email: support@costify.app

1. General Information

This Privacy Policy explains how personal data is processed when using the Costify iOS app. The legal basis is the EU General Data Protection Regulation (GDPR) and applicable national laws.

2. Data Controller

Dreamcommerce – Owner: Marlon Pitters
Email: support@costify.app

3. Categories of Data Processed

a) User Account & Authentication

• Email address
• Name (optional)
• Profile picture (optional)
• Subscription status (Pro / Free)

Authentication and account management are handled via Firebase Authentication.

b) App Content (Trackers & Expenses)

• Expense data (amount, currency, date, category, description)
• Tracker memberships (group feature)

In group trackers, members can see the names, profile pictures and expenses of other members.

c) Location Data

Location access is used solely to suggest the local currency for the currency converter. Location data are not stored or tracked and are processed only temporarily on the device.

d) Currency Converter & External APIs

The currency converter uses the external service ExchangeRate-API. For technical reasons, the user’s IP address may be transmitted to this provider.

e) Usage Analytics (Firebase Analytics)

Costify uses Google Analytics for Firebase to analyze app usage (e.g. app launches, feature usage, crashes).

• Data processed: pseudonymous usage data, device information, events
• Purpose: app stability, performance optimization, feature improvement
• Legal basis: user consent (Art. 6(1)(a) GDPR)

Analytics can be disabled at any time in the app settings or by revoking consent. More information: Google Privacy Policy

f) Marketing & App Distribution

Costify is distributed via the Apple App Store. Marketing activities may occur on platforms such as Google, Apple, Meta (Facebook/Instagram), TikTok, X (Twitter) and Reddit. No personal data are actively transmitted by the app to advertising networks without consent.

4. Legal Bases for Processing

• Art. 6(1)(b) GDPR – performance of contract (core app functionality)
• Art. 6(1)(a) GDPR – consent (analytics, optional features)
• Art. 6(1)(f) GDPR – legitimate interests (security, error analysis)

5. Data Storage & Retention

Personal data are stored only as long as necessary to provide the app. Users may delete their account at any time.

• Account and expense data: deleted upon account deletion
• Analytics data: retained according to Google Firebase retention policies
• Local cache data (e.g. exchange rates): stored locally for max. 1 hour

6. Data Sharing & International Transfers

Data are shared only with:

• Firebase (Google LLC) for hosting, authentication and analytics
• ExchangeRate-API for currency conversion
• Other tracker members (only within shared trackers)

Some providers may process data outside the EU (e.g. USA). Appropriate safeguards such as EU Standard Contractual Clauses are used where applicable.

7. User Rights

Users have the following rights under GDPR:

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction (Art. 18)
• Data portability (Art. 20)
• Objection (Art. 21)

Requests can be sent at any time to support@costify.app.

8. Data Security

All data transmissions are encrypted (TLS). Firebase stores data in secure, access-controlled data centers.

9. Changes to This Privacy Policy

This Privacy Policy may be updated to reflect new features or legal requirements. The latest version is available in the app and on the website.