Privacy Policy.

We use your account + financial data to:

The legal basis (for EU/UK users) is performance of our contract with you, providing the App is only possible if we process this data.

When you contact us, we use the email + message you send to reply. Legal basis: our legitimate interest in running the service, and/or contract performance.

We may use sync metadata (timestamps, error counters) to detect abnormal patterns, repeated auth failures, abusive write volume, etc. Legal basis: our legitimate interest in preventing abuse of the backend.

If we receive a lawful subpoena, court order, or equivalent legal process, we may disclose a narrow subset of your information to comply. We will resist overbroad requests where lawfully possible and notify you unless prohibited.

We do not sell, rent, or share your information with advertisers.

We do not use your data to train machine-learning or AI models, ours or anyone else's.

We do not enrich your data with third-party sources.

We do not send marketing or promotional emails.

We do not run A/B tests on your financial data.

Used exclusively for authentication. Apple sees that you authenticated with Centsly; Apple does not see any of your in-app activity.

Data shared: display name (if you choose to share it), email (real or Apple-relay).

Policy: https://www.apple.com/legal/privacy/

Alternative authentication provider. Google sees that you authenticated with Centsly; Google does not see your in-app activity.

Data shared: display name, email, profile picture (not used in the App).

Policy: https://policies.google.com/privacy

Supabase Inc. is our managed backend provider. It stores your synced data in a PostgreSQL database protected by row-level security: the database server actively rejects any query that isn't scoped to your signed-in user ID.

Data stored: everything described in "Information We Collect" above.

Region: the region configured for the Centsly project (managed on AWS / Fly.io infrastructure).

Policy: https://supabase.com/privacy

When Centsly Pro is available as an in-app purchase, all billing is processed by Apple. We receive only subscription status and receipt verification data, never credit card numbers, billing addresses, or payment credentials.

Policy: https://www.apple.com/legal/privacy/

Centsly does not integrate with Google Analytics, Firebase, Sentry, Mixpanel, Amplitude, Facebook SDK, Segment, or any comparable third-party service. This is a design decision, not an oversight.

All network traffic between the App and Supabase runs over TLS 1.2+. Auth tokens are scoped, time-limited, and rotated automatically by the auth provider.

Data at rest in Supabase's managed Postgres is encrypted per Supabase's infrastructure defaults (AES-256 on the underlying AWS EBS volumes).

On-device, your local SQLite database is stored inside the iOS app sandbox, which is itself encrypted by iOS when the device has a passcode set.

Session tokens persisted on-device live in the iOS Keychain / protected storage.

Row-level security policies on every public table restrict reads + writes to auth.uid(), the database itself enforces that you only see your own rows.

Admin access to the Supabase project is limited to a named list of maintainers protected by strong authentication.

No employee or contractor has routine read access to your data.

No system is unbreakable. We commit to the measures above; we can't guarantee absolute security. If a breach materially affects your data, we will notify affected users by email without undue delay, and we will disclose incidents to supervisory authorities where required.

You have continuous access to your data inside the App. You can also export a full PDF report or a CSV of every transaction from Settings → Export data and hand it off to any app that can read those formats.

Edit any transaction, account, or budget directly, tap the row, change the values, save. For the display-name, Settings → Profile. Email is governed by your Apple / Google account and is read-only in Centsly.

Settings → Delete account. Confirm. Centsly calls a Postgres RPC (delete_current_user) that removes your auth.users row and cascade-deletes every user-owned row across all tables in a single transaction. The local device is wiped immediately afterwards. Nothing recoverable remains on our servers.

CSV export is RFC-4180 compliant; the PDF is a human-readable report. Both are produced on-device from your local copy, so you can export even when offline.

You can stop processing at any time by signing out (local wipe) or deleting your account (server + local wipe).

If you believe we have mishandled your data, please contact us first at hello@oryzen.com so we can fix it. You also have the right to complain to your local supervisory authority, for example, in the EU, your national data-protection agency.

Every row you create stays until you explicitly archive or delete it. Archived items stay indefinitely (soft-hidden); items you delete move to a 30-day trash bin before being permanently purged by a startup job.

Everything is deleted immediately, there is no grace period, no "archive for 30 days" at the account level, no hidden backup of user data. The only things we may retain briefly are operational logs (e.g., abuse prevention) and records required to comply with tax / accounting law, both held for the minimum period permitted.

If your account has no activity for 24 months, we may notify you and delete it if you don't respond within 30 days of the notice. You'll always receive advance warning before automatic deletion.