Privacy Policy

Effective Date: March 16, 2026

Xcounts ("we", "us", or "our") operates the Xcounts mobile application (available on Google Play and Apple App Store) and the website at xcountshome.netlify.app (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you create an account, we collect your email address and, if you sign in via Google or Apple, your name and profile picture as provided by those services.
• User-Generated Content: Expense descriptions, amounts, group names, participant names, categories, and settlement records you enter into the app.
• Communications: If you contact us for support, we may collect the content of your correspondence.

1.2 Information Collected Automatically

• Device Information: Device type, operating system version, and unique device identifiers, collected solely for crash diagnostics and app stability.
• Log Data: IP address, browser type, access times, and pages viewed, collected by our hosting provider in standard server logs.
• Anonymous Session Data: If you use Xcounts without creating an account ("Guest Mode"), a randomly generated anonymous identifier is assigned to enable cloud sync. This identifier cannot be used to personally identify you.

1.3 Information We Do Not Collect

• We do not collect precise geolocation data.
• We do not access your device camera, microphone, or contacts.
• We do not collect financial account numbers, credit card details, or banking information.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and maintain the Service: Syncing your expenses and groups across devices, calculating balances, and generating settlement suggestions.
• Account management: Creating and authenticating your account, enabling password recovery.
• Improve the Service: Diagnosing bugs, analyzing crashes, and understanding usage patterns in aggregate to improve app performance.
• Communications: Sending password reset emails and critical service announcements. We do not send marketing emails.
• Legal compliance: Complying with applicable laws, regulations, or legal processes.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

We may share your information only in the following limited circumstances:

• With other group members: When you join or create an expense group, the other members of that group can see expense data, names, and balances within that group.
• Service providers: We use third-party infrastructure services (listed in Section 4) that process data on our behalf and are contractually bound to protect it.
• Legal requirements: If required by law, subpoena, or other legal process, or to protect the rights, property, or safety of our users or the public.

4. Third-Party Services

Our Service relies on the following third-party services, each with their own privacy policies:

• Supabase (Database & Authentication) — supabase.com/privacy
• Google Sign-In (OAuth Authentication) — policies.google.com/privacy
• Apple Sign-In (OAuth Authentication, iOS only) — apple.com/legal/privacy
• Expo / EAS (Build & Update Services) — expo.dev/privacy
• Netlify (Web Hosting) — netlify.com/privacy

5. Children's Privacy

Our Service is not directed at children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information as quickly as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@mianori.com.

6. Data Retention and Account Deletion

We retain your personal information only for as long as your account is active or as needed to provide you the Service.

You have the right to delete your account and all associated data at any time. Upon deletion, we permanently remove your account information, expense records, group memberships, and any other personally identifiable data from our active databases. This process is irreversible.

You can delete your account through either of these methods:

• In-App: Navigate to Profile → Delete Account in the mobile application.
• Web Portal: Visit xcounts.app/profile and follow the account deletion process.

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit: All data transferred between your device and our servers is encrypted using HTTPS/TLS protocols.
• Encryption at rest: Database backups and authentication tokens are encrypted at rest by our infrastructure provider (Supabase/AWS).
• Secure authentication: Passwords are hashed using bcrypt. OAuth tokens are handled by trusted identity providers (Google, Apple) and are never stored in plain text.
• Row Level Security (RLS): Database-level policies ensure users can only access data belonging to groups they are a member of.

8. Cookies and Local Storage

Our web application uses browser local storage and secure cookies solely for the following functional purposes:

• Session management: Keeping you signed in across page refreshes.
• Offline sync queue: Storing pending expense operations when you are offline, which are synced when connectivity is restored.
• Theme preference: Remembering your dark/light mode selection.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. International Data Transfers

Our Service is hosted on infrastructure located in the United States and other regions. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. By using the Service, you consent to the transfer of your information to these locations.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete personal data.
• Deletion: Request permanent deletion of your personal data (see Section 6).
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to the processing of your personal data in certain circumstances.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of any material changes by updating the "Effective Date" at the top of this page. Your continued use of the Service after such changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: hello@mianori.com
• Website: xcountshome.netlify.app