← Back
Privacy Policy
Effective Date: March 15, 2026 · Last Updated: March 15, 2026
René Ricardo (“Developer”, “we”, “us”, or “our”) operates the XPensas mobile application (“App”). This Privacy Policy explains how we collect, use, store, and protect your information when you use the App.
By using XPensas, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.
1. Information We Collect
1.1 Account Information
When you create an account, we collect the following through our authentication provider (Clerk):
- Email address — required for account creation and sign-in.
- Name (first and last) — optionally provided or updated by you in your profile.
- Third-party identity — if you sign in with Google or Apple, the identity tokens provided by those services are processed by Clerk.
We do not collect your password directly. Passwords are submitted to and managed solely by Clerk.
1.2 Financial Data (Stored Locally Only)
All financial data you enter in XPensas is stored exclusively on your device and is never transmitted to any server. This includes:
- Transactions (amounts, dates, notes, categories)
- Budgets and budget allocations
- Savings goals (names, targets, deadlines, images)
- Categories (names, icons, colors)
- Recurring transaction templates
- Monthly financial snapshots and summaries
1.3 App Usage Data (Stored Locally Only)
The following data is generated by the App and stored only on your device:
- Gamification data (XP, coins, streaks, challenges, pets)
- Achievement progress
- Notification history
- User preferences (currency, locale, display settings)
1.4 Subscription Data
If you purchase a subscription (“XPensas Pro”), we use RevenueCat to manage in-app purchases. RevenueCat receives:
- Your anonymous user identifier (derived from your account ID)
- Purchase history and subscription status from the App Store or Google Play
A cached copy of your subscription status (premium flag, expiration date, product ID) is stored locally on your device for offline access.
1.5 Device Information
- Push notification token — if you enable notifications, the App requests a device token through Expo’s notification service. This token is used solely to deliver local scheduled notifications (daily reminders, recurring transaction alerts, goal deadline alerts). It is not sent to any server we operate.
- Photo library access — if you attach an image to a savings goal, the App accesses your photo library with your permission. Selected images remain stored locally on your device and are never uploaded.
1.6 Information We Do NOT Collect
- Location data
- Contacts
- Phone number, physical address, or government identifiers
- Browsing history
- Advertising identifiers
- Analytics or behavioral tracking data
- Biometric data
We do not use any analytics, crash reporting, or behavioral tracking SDKs.
2. How We Use Your Information
| Data | Purpose |
|---|
| Email address and name | Account creation, sign-in, and profile display |
| Financial data | Provide budgeting, expense tracking, and savings features — processed entirely on your device |
| Subscription data | Verify premium subscription status and enable premium features |
| Notification token | Deliver locally scheduled reminders and alerts |
| Photo library images | Display images attached to your savings goals |
We do not use your data for advertising, profiling, or cross-app tracking.
3. Third-Party Services
We use the following third-party services that process limited data on your behalf:
3.1 Clerk (Authentication)
- Data processed: Email address, name, password (hashed), OAuth tokens from Google/Apple sign-in.
- Purpose: Account creation, sign-in, session management.
- Privacy policy: https://clerk.com/legal/privacy
3.2 RevenueCat (Subscription Management)
- Data processed: Anonymous user identifier, purchase history, subscription/entitlement status.
- Purpose: In-app purchase validation, subscription entitlement gating.
- Privacy policy: https://www.revenuecat.com/privacy
3.3 Apple App Store / Google Play Store
- Data processed: Payment and purchase information for in-app subscriptions.
- Purpose: Payment processing for XPensas Pro subscriptions.
- Governed by Apple’s and Google’s respective privacy policies.
3.4 Expo (EAS Updates)
- Data processed: No user data. The App periodically checks for over-the-air code updates.
- Purpose: Deliver app updates without requiring a full App Store release.
- Privacy policy: https://expo.dev/privacy
We do not sell, rent, or share your personal information with any other third parties.
4. Data Storage and Security
4.1 Local Storage
All financial data, gamification data, preferences, and notification history are stored on your device using:
- SQLite — for structured financial data (transactions, categories, budgets, snapshots).
- MMKV — for key-value preferences and state (settings, goals, achievements, gamification).
- Secure Store (iOS Keychain / Android Keystore) — for authentication session tokens.
Each user’s data is isolated using their unique account identifier. Data from one account is not accessible to another account on the same device.
4.2 Data in Transit
- Authentication requests are encrypted via HTTPS (TLS) between the App and Clerk’s servers.
- Subscription verification is encrypted via HTTPS between the App and RevenueCat’s servers.
- No financial or personal data is transmitted from the App to any server we operate.
4.3 No Custom Backend
XPensas does not operate a custom backend server. We do not store any of your data on our own servers. All data processing occurs on your device or through the third-party services listed above.
5. Data Retention and Deletion
5.1 On-Device Data
- Your financial data, preferences, and app data remain on your device as long as you use the App.
- When you sign out, your local database and user-scoped storage are deleted from the device.
- Uninstalling the App removes all locally stored data.
5.2 Third-Party Data
- Clerk: Your account data (email, name) is retained by Clerk until you delete your account. You may request account deletion by contacting us at hello@renerp.dev.
- RevenueCat: Purchase history is retained per RevenueCat’s data retention policy. You may request deletion through RevenueCat’s data subject request process.
5.3 Account Deletion
You may request complete deletion of your account and all associated data by contacting us at hello@renerp.dev. Upon receiving your request, we will:
- Delete your Clerk account and all associated authentication data.
- Instruct RevenueCat to delete your customer record (where applicable).
- Confirm deletion within 30 days.
Local data on your device is deleted when you sign out or uninstall the App.
6. Children’s Privacy
XPensas is not directed to children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hello@renerp.dev and we will promptly delete such information.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
7.1 For All Users
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your account and associated data.
- Portability: Request your data in a structured, commonly used format.
7.2 European Economic Area (GDPR)
If you are located in the EEA, you also have the right to:
- Withdraw consent for data processing at any time.
- Object to processing based on legitimate interests.
- Restrict processing of your personal data.
- Lodge a complaint with your local data protection authority.
Legal basis for processing:
- Contract performance — Processing your email and name is necessary to provide authentication and the App’s services.
- Consent — Push notifications and photo library access are based on your explicit opt-in.
- Legitimate interest — Subscription verification to provide premium features.
7.3 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used.
- Delete your personal information.
- Opt-out of the sale or sharing of personal information.
We do not sell or share your personal information as defined by the CCPA.
To exercise any of these rights, contact us at hello@renerp.dev.
8. International Data Transfers
Your authentication data is processed by Clerk and RevenueCat, which may store data in the United States or other countries. These providers implement appropriate safeguards (such as Standard Contractual Clauses) to protect your data during international transfers.
9. Push Notifications
The App may send you local notifications for:
- Daily expense logging reminders
- Recurring transaction alerts
- Savings goal deadline reminders
- Achievement and gamification notifications
All notifications are scheduled locally on your device. You can enable or disable notifications at any time through the App’s settings or your device’s system settings.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically.
For material changes, we will notify you through the App or other appropriate means before the changes take effect.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: hello@renerp.dev