Privacy Policy
Service: Simple Money Tracker ("Simple Money Tracker", "we", "us", "our")
Last Updated: 27/04/2026
1. Introduction
Welcome to Simple Money Tracker ("we," "us," or "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, process, and protect your information when you use our website (https://simplemoneytracker.com), application, Telegram bot, and related services (collectively, the "Service").
This policy is designed to comply with stringent global privacy standards, including the General Data Protection Regulation (GDPR) of the European Union, and Decree 13/2023/ND-CP on Personal Data Protection of Vietnam.
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Zero-Knowledge Security Architecture
Simple Money Tracker operates on a Zero-Knowledge (ZK) security architecture. This means:
2.1 We Cannot Access Your Encrypted Data
Your sensitive data is encrypted end-to-end on your device before it reaches our servers. The encryption keys are derived from your Master Password and are stored only on your device. We do not have the technical means to access, read, or decrypt your encrypted data.
This includes:
- Financial Data: Expenses, budgets, debts, lending records, goals, subscriptions, investments
- Personal Data: Contacts, notes, uploaded files and images
- Messages: Private 1-1 messages (E2E encrypted via ECDH)
- Group Data: Shared group expenses and board messages (encrypted per-group keys)
2.2 Data Categories We Process
We distinguish between two categories of data:
| Category | Description | Our Access |
|---|---|---|
| Vault Data | All user-generated encrypted content: expenses, budgets, debts, files, messages, contacts, notes | No access - encrypted before upload |
| Administrative Data | Account information: email, name, subscription status, authentication tokens | Full access - needed for service operation |
2.3 Cryptographic Architecture
Simple Money Tracker uses industry-standard, independently audited cryptographic algorithms:
| Algorithm | Use Case | Technical Details |
|---|---|---|
| KEK/DEK Architecture | Personal data encryption | PBKDF2 (600,000 iterations, SHA-256) + AES-256-GCM |
| ECDH P-256 | 1-1 messaging (E2E) | Elliptic Curve Diffie-Hellman + AES-256-GCM |
| RSA-OAEP 2048-bit | Group key distribution | Hybrid encryption for sharing encrypted group keys |
| AES-256-GCM | File & thumbnail encryption | Authenticated encryption for stored files |
Key Hierarchy:
Master Password (user-controlled, never sent to servers)
└── PBKDF2 (600k iterations)
└── Key Encryption Key (KEK, cached locally up to 30 days)
└── Data Encryption Key (DEK, stored encrypted on Firestore)
└── Encrypts all personal data (expenses, files, notes, etc.)
2.4 Account Recovery Implications
Because we operate on Zero-Knowledge architecture:
- We cannot reset your Master Password. If you lose your Master Password, you must use your 12-word Recovery Mnemonic (generated during vault creation) to recover access.
- If you lose both your Master Password AND Recovery Mnemonic, your encrypted data is permanently inaccessible. We cannot recover it.
- We recommend storing your Recovery Mnemonic securely offline (e.g., written on paper, stored in a physical safe).
3. Information We Collect
We collect information to provide, secure, and improve our Service. The categories of data we collect include:
A. Administrative Data (We Can Access)
- Profile Information: User name, email address, and date of birth (provided during registration or Google Log-in).
- Authentication Data: Tokens provided via Google Log-in. We do not store traditional passwords.
- Subscription Data: Pro subscription status and transaction reference IDs from PayPal.
- Analytics & Cookies: IP address, browser type, device information, and interaction metrics (collected via Google Analytics) to improve application performance.
- Location Data: Approximate or precise location data for contextual notifications (e.g., weather updates). You can revoke location access at any time via your device settings.
B. Vault Data (We Cannot Access - Encrypted)
All data in this category is encrypted on your device before being stored:
- Financial Records: Spending amounts, categories, titles, notes, budgets, debts, lending records, goals, subscriptions, investments.
- User Content: Contacts, notes, images, receipts, and files uploaded to Storage.
- Messages: Private messages exchanged between users (E2E encrypted).
Important: We store only the encrypted ciphertext. The plaintext content is inaccessible to us, our employees, and any third parties.
C. Payment Information
When you purchase our Pro subscription, payments are securely processed by PayPal. We do not collect, process, or store your raw credit card numbers or bank account passwords. We only store subscription status and indirect transaction reference IDs.
4. Artificial Intelligence (AI) Processing
Crucial Disclaimer: Simple Money Tracker utilizes Google Vertex AI and Conversational Agent (Dialogflow CX) to categorize expenses and provide financial insights.
4.1 How AI Interacts with Your Data
- AI processes only plaintext data on your device - encrypted data must be decrypted locally before AI analysis.
- Text inputs sent to AI are encrypted in transit and processed temporarily.
- AI does not have access to your Vault Data directly - all decryption happens client-side.
4.2 User Responsibility
You are strongly advised NOT to input highly sensitive information into the chatbot, such as:
- Full credit card numbers
- Bank PINs
- Social security numbers
- Government-issued IDs
4.3 Training
We do not use your personal identifiable information (PII) to train public AI models. AI processing is used solely to provide immediate functionality (expense categorization, insights).
5. Legal Basis for Processing (GDPR Compliance)
We process your data based on the following legal grounds:
- Contractual Necessity: To provide the core functionalities of the Service (e.g., account management, subscription handling).
- Consent: For collecting location data, using non-essential cookies, and sending marketing emails. You can withdraw this consent at any time.
- Legitimate Interests: For system security, fraud prevention, and improving our services (using anonymized administrative data only).
- Legal Obligation: To maintain transaction records for tax and legal compliance.
Note: Processing of Vault Data occurs entirely on your device. We only store encrypted ciphertext, which we cannot process or interpret.
6. Third-Party Subprocessors
To operate globally, we share Administrative Data (not Vault Data) with trusted third-party service providers ("Subprocessors"). These providers are bound by strict data processing agreements:
| Subprocessor | Purpose | Data Processed |
|---|---|---|
| Google LLC (Firebase, App Hosting, Vertex AI, Dialogflow CX, Analytics) | Database hosting, cloud storage, AI processing, analytics | Encrypted ciphertext (unreadable), Administrative data |
| PayPal | Subscription payment processing | Payment information, subscription status |
| Telegram FZ-LLC | Message routing between you and our bot | Unencrypted Telegram messages (before client-side encryption) |
| ZeptoMail (Zoho) | Transactional emails | Email address for notifications |
Important: Google Firebase stores your encrypted Vault Data, but they cannot decrypt it because the encryption keys are never transmitted to their servers.
7. International Data Transfers
Your data may be transferred to, stored, and processed in countries outside of your residence (e.g., Google servers in the US, EU, or Asia). We ensure that such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) and adherence to local laws like Vietnam's Decree 13.
For Vault Data: Even if transferred internationally, the encrypted content remains protected by client-side encryption that we cannot bypass.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy.
- Active Accounts: Administrative data is kept as long as your account is active. Vault data remains encrypted until you delete it.
- Deleted Accounts: If you delete your account:
- Your Administrative Data will be permanently erased within 30 days.
- Your Vault Data (encrypted ciphertext) will be permanently erased within 30 days.
- Transaction records required by law may be retained for up to 7 years (but contain no plaintext financial data).
9. Data Disclosure Limitations
Under no circumstances can Simple Money Tracker decrypt and disclose your encrypted Vault Data.
Due to our Zero-Knowledge architecture:
- We cannot comply with requests to provide decrypted expenses, budgets, messages, or files.
- We cannot provide plaintext content in response to legal requests, data export requests, or support inquiries.
- We can only provide: (i) encrypted ciphertext (which is unreadable without your keys), and (ii) Administrative Data (account info, subscription status).
If we receive a binding legal request from competent authorities (Vietnam, GDPR jurisdiction), we will:
- Challenge the request where possible
- Provide only Administrative Data (email, account metadata)
- Explain that Vault Data is encrypted and inaccessible to us
10. Your Rights
Under GDPR and Vietnam's Decree 13, you hold the following rights:
| Right | Applies to |
|---|---|
| Right to Access | Administrative Data + encrypted Vault Data (ciphertext only) |
| Right to Rectification | Administrative Data (you can modify Vault Data directly in the app) |
| Right to Erasure | Full account deletion (both Administrative and Vault Data) |
| Right to Restrict/Object | Administrative Data processing, marketing emails |
| Right to Data Portability | You can export your Vault Data via the app (decrypted on your device) |
To exercise these rights: Please contact us at support@simplemoneytracker.com or use the privacy settings within the app.
11. File Uploads and User Responsibility
You maintain ownership of the files and images you upload to our Storage. Files are encrypted on your device before upload using AES-256-GCM.
11.1 Your Responsibilities
- Do not upload illegal, copyrighted, or highly sensitive content (e.g., government IDs, medical records in plaintext).
- Remember your Master Password and Recovery Mnemonic - we cannot recover encrypted files if you lose both.
- Backup your Recovery Mnemonic securely offline.
11.2 Our Limitations
We reserve the right to delete files or suspend accounts that violate our Terms of Use or DMCA Policy. However:
- We cannot view the content of your encrypted files.
- Violation detection relies on metadata (filename, file size, upload patterns) and user reports.
- Simple Money Tracker is not liable for data breaches of encrypted content, as the encryption keys remain under your exclusive control.
12. Security Measures
We implement robust technical and organizational measures:
12.1 Client-Side Encryption (Zero-Knowledge)
- All Vault Data is encrypted on your device before reaching our servers.
- AES-256-GCM encryption (NIST-approved, military-grade).
- PBKDF2 with 600,000 iterations ( exceeds OWASP recommendations).
- Keys are derived from your Master Password and never transmitted.
12.2 Server-Side Security
- HTTPS/TLS encryption for all communications.
- Firebase security rules restrict data access to authenticated users only.
- Rate limiting on sensitive operations (vault unlock: 5 attempts/hour).
- Input validation with Zod schemas on all server actions.
12.3 Limitations
While we strive for maximum security, no system is 100% immune to breaches. However:
- A breach of our servers would expose only encrypted ciphertext (unreadable without your keys).
- Your Vault Data remains protected by your Master Password, which we never receive.
In the event of a breach affecting Administrative Data, we will notify you and relevant authorities within 72 hours as mandated by law.
13. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in legal requirements or our services. We will notify you of significant changes via email or an in-app alert.
14. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact our Support Team:
Email: support@simplemoneytracker.com
Website: https://simplemoneytracker.com
Summary: What This Means for You
| Question | Answer |
|---|---|
| Can Simple Money Tracker read my expenses? | No - encrypted, we see only ciphertext |
| Can Simple Money Tracker read my messages? | No - E2E encrypted via ECDH |
| Can Simple Money Tracker access my files? | No - encrypted before upload |
| Can I reset my password if I forget it? | Only via Recovery Mnemonic - we cannot reset |
| What happens if I lose my password AND mnemonic? | Permanent data loss - we cannot recover |
| What data can we see? | Email, name, subscription status, analytics |
