Overview
Xpense Diary ("we", "our", or "the app") is a personal finance application that helps you track income and expenses, set budgets, manage financial goals, and gain insights into your spending habits.
This Privacy Policy explains what personal information we collect, how we use it, and the choices you have. We are committed to protecting your privacy and handling your data responsibly.
Information We Collect
1. Account Information
Xpense Diary supports three sign-in methods. Depending on how you choose to use the App, we collect different information:
a) Email and password sign-up
- Full name
- Email address
- Password (stored securely via our authentication provider — never in plain text)
- Email verification status (whether your email has been verified)
- Currency preference and language setting
- Account creation date
b) Sign in with Google
If you choose "Continue with Google", Google's native sign-in flow returns a secure ID token that we exchange with our authentication provider to create or log into your Xpense Diary account. From this flow we may receive and store:
- Your Google account email address
- Your Google profile display name (used as your in-app name)
- A unique account identifier issued by our authentication provider
We do not receive your Google password. Google's own Privacy Policy and Terms of Service also apply to the Google sign-in flow. You can revoke Xpense Diary's access at any time from Google Account → Security → Third-party access.
c) Continue as guest (anonymous account)
You can use the App without creating a full account by choosing "Continue as guest". This creates an anonymous account through our authentication provider so that your data can be stored in your private cloud workspace without an email address. For guest accounts we store:
- An anonymous account identifier issued by our authentication provider (no email, no name beyond a generic "Guest User" label)
- A device-level installation identifier provided by the operating system, used for trial and abuse-prevention heuristics on guest profiles
- Currency preference, language setting, and account creation date
Guest accounts are tied to your device and your sign-in session. If you uninstall the App, clear app data, or sign out of the guest session without first upgrading to an email or Google account, you may lose access to data stored under that guest account. You can convert a guest session into a full account at any time by signing up or signing in with Google.
2. Profile Photo
You may optionally upload a profile photo using your device's camera or photo library. This image is stored in your account profile. Camera access is requested only when you explicitly choose to take a new photo.
3. Financial Data You Enter
All financial data is entered voluntarily by you:
- Transactions (amount, date, category, payment type, optional notes)
- Budget limits per category and time period
- Financial goals (target amounts and target dates)
- Payment types you create (e.g., Cash, Credit Card)
- Custom spending categories
- Reminders with title, amount, category, and due date
4. App Preferences and Settings
- Push notification preferences (enabled/disabled)
- Email tracking preferences (enabled/disabled)
- Biometric authentication preference (on/off — we store this flag, not your biometric data)
- Selected currency and language
5. Premium Subscription Status
When you purchase a Premium plan, we store:
- Plan type (Monthly, Yearly, or Lifetime)
- Purchase date and subscription expiry date
- Trial start and end dates
- Whether a plan is currently active
Payment transactions are processed entirely by Google Play. We do not collect or store credit card, bank account, or payment method details.
6. Notifications and Push Tokens
If you enable push notifications, we store a notification token tied to your account so that reminder notifications can be delivered to your device.
7. Device Information (automatically collected)
Our cloud services may automatically collect basic technical data to support the operation of the app, including device type and operating system version. We do not use this for advertising purposes.
8. Local Device Storage
For a smoother experience the App stores a small set of preferences and flags locally on your device (not on our servers), including:
- Whether you have completed onboarding
- Whether you previously accepted the Premium / paywall Terms & Privacy checkbox (so you do not have to re-tick it on every visit)
- Your most recent active user identifier (used to deliver in-app push notifications to the right inbox)
- A flag indicating you signed out of a guest session (so the App can restore the same anonymous account on "Continue as guest")
- Cached UI preferences such as last-used filters
This local storage contains no payment data and no biometric data. You can clear it at any time by uninstalling the App or using your device's "Clear app data" / "Offload app" feature.
9. Advertising Data (AdMob)
In the free version of the app, we use Google AdMob to show banner, native, and interstitial ads. AdMob and its partners may process limited device and ad-related data such as ad identifiers, approximate location, device information, and ad interaction events to provide and measure ads.
Premium users do not see ads. We do not sell your personal financial records to advertisers.
Device Permissions Requested
The app requests the following device permissions:
| Permission | Purpose | Required? |
|---|---|---|
| Camera | Take a new profile photo when you choose "Camera" in your profile screen | Optional |
| Photo Library / Media Images | Choose an existing image from your device gallery as a profile photo | Optional |
| Internet | Sync your data securely with our cloud services and deliver push notifications | Required |
| Advertising ID (AD_ID) | Used by Google AdMob to deliver, limit, and measure advertising in the free app tier | Required for ads |
| Biometrics (Fingerprint / Face) | Unlock the app with your biometric if you enable this security feature | Optional |
| Post Notifications | Deliver budget alerts and payment reminders you have set up | Optional |
We do not access the camera, microphone, or photo library in the background or without your explicit action.
How We Use Your Information
- Provide core app features: transaction tracking, budgets, goals, categories, and reminders
- Display personalised financial analytics and reports within the app
- Sync your data securely across app sessions and devices via your account
- Authenticate your identity and keep your account secure
- Enable biometric unlock if you activate this feature
- Send push notifications for reminders and budget alerts you configure
- Manage your Premium subscription status and 30-day free trial
- Generate PDF reports of your financial data upon your request
- Respond to your support enquiries
Data Storage and Security
Where Data Is Stored
Your data is stored in a secure cloud database and protected by industry-standard authentication services. Our cloud infrastructure complies with international data-protection standards.
Security Measures
- All data is transmitted over HTTPS / TLS encryption
- Passwords are hashed and never stored in plain text
- Cloud database security rules restrict access strictly to the authenticated account owner
- Biometric data (fingerprint/face) is processed entirely on-device by the operating system — we never see or store it
- No sensitive data is written to device logs in production builds
Data Retention
Your data is retained as long as your account is active. If you delete your account, all associated personal data will be removed from our servers within a reasonable period, subject to any legal retention obligations.
Third-Party Services
We use the following categories of third-party services to operate the app:
| Category | Purpose |
|---|---|
| Authentication Service | Secure account sign-up, sign-in, anonymous (guest) sessions, email verification, and session management |
| Google Sign-In | OAuth-based "Continue with Google" sign-in. Google returns a one-time ID token used to authenticate you with our authentication provider |
| Cloud Database | Secure cloud storage and sync of your financial data |
| Payment Processing | Processing Premium subscription payments via the app store |
| Push Notifications | Delivering local notifications for your reminders and alerts |
| Advertising (Google AdMob) | Serving ads in the free app tier and measuring ad performance |
| Consent Management (Google UMP) | Collecting and storing your privacy choices for applicable regulations (for example GDPR and US state privacy laws) |
Each third-party service operates under its own privacy policy. We partner only with reputable providers that comply with applicable data-protection regulations.
Advertising, Consent, and Privacy Choices
Xpense Diary uses Google AdMob in the free tier. Before requesting ads in regions where required, the app requests consent through Google's User Messaging Platform (UMP).
- Ads are requested only after consent allows ad requests in applicable regions
- You can review or update your ad privacy choices from the app Settings screen
- If consent is required and not granted, ad requests may be limited or disabled
- Premium users do not see ads
Data used for advertising
AdMob may process information such as advertising identifiers, approximate location, device and app information, and ad interaction signals. These data practices are governed by Google's own privacy terms in addition to this policy.
Google policies
Learn more in Google Privacy Policy and How AdMob uses data.
Premium Subscriptions and Payments
Xpense Diary offers optional Premium plans (Monthly, Yearly, Lifetime) and a 30-day free trial for new users. All billing is handled entirely by Google Play Billing.
- We never see, collect, or store your payment card or bank details
- To cancel a subscription, go to Google Play → Subscriptions
- Refund requests are subject to Google Play's refund policy
- We store your subscription status (plan type, expiry date) to unlock Premium features in the app
Children's Privacy
Xpense Diary is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided personal data, we will take steps to delete that information promptly.
Your Rights and Choices
You have the right to:
- Access — view all financial data stored in the app at any time
- Edit — update your name, currency, language, and notification preferences in Settings
- Delete transactions, budgets, goals, and reminders directly within the app
- Disable permissions — revoke camera, photo library, or notification access at any time through your device Settings
- Disable biometric lock — turn off fingerprint/face unlock in the app Settings
- Manage ad privacy choices — re-open the consent/privacy options form from app Settings where available
- Delete your account — use the "Delete Account" option in app Settings for instant deletion, or contact us by email
- Opt out of email tracking — toggle this off in app Settings
To exercise any of the above rights, please contact us at the email address provided below.
PDF Export and File Sharing
The app allows you to export your financial data as a PDF report saved to your device. The generated PDF contains only data you have entered and is stored locally on your device. We do not upload exported files to any server.
Account Deletion
You have the right to permanently delete your account and all associated data at any time. There are two ways to request deletion:
Option 1 — Delete directly in the app (instant)
- Open the app and go to Settings
- Scroll to the bottom and tap Delete Account
- Confirm the deletion in the dialog that appears
Deletion begins immediately. All data listed below is removed from our servers within seconds of confirmation.
Option 2 — Email request
If you cannot access the app, send a deletion request to info@vcs.com.pk with the subject line "Account Deletion Request" and the email address associated with your account. We will process your request within 7 business days.
Data that is permanently deleted
- Account profile (name, email, currency, language, preferences)
- Authentication record (including any linked Google sign-in or anonymous guest session)
- Device installation identifier stored on guest profiles
- All transactions
- All budgets
- All financial goals
- All reminders
- All custom categories and payment types
- Premium subscription status and trial records
- Push notification token
Data that may be retained after deletion
We do not retain personal data after account deletion. However, anonymised or aggregated usage statistics that cannot be linked back to you may be retained for analytical purposes.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the app or applicable laws. When we make significant changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this page periodically. Continued use of the app after any changes constitutes your acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please reach out:
You can also review our Terms of Service.
info@vcs.com.pk