Privacy Policy

Last updated: December 16, 2025

1. Information We Collect

We collect the following types of information:

1.1 Personal Financial Data

• Financial Goals: Your savings goals, target amounts, deadlines, and goal descriptions
• Transactions: Income and expense records, transaction amounts, dates, categories, and notes
• Attachments: Photos and receipts you upload with transactions (may contain personally identifiable information)
• Currency Preferences: Your selected base currency and gold karat preferences

1.2 Device Information

• Device Details: Device model, operating system version, app version
• Security Status: Root detection status (for fraud prevention)
• Unique Identifiers: Device IDs (used for AdMob and billing)

1.3 Usage Data

• App Interactions: Features used, screens viewed, app crashes
• Performance Data: App loading times, error logs

2. How We Use Your Information

We use your information to:

• Provide core GoalBox functionality (goal tracking, transaction management)
• Fetch real-time currency exchange rates and gold prices
• Process in-app purchases and subscriptions
• Display personalized advertisements (via Google AdMob)
• Improve app performance and fix bugs
• Detect and prevent fraud, abuse, or unauthorized use
• Comply with legal obligations

3. Third-Party Services

We share limited data with the following third-party services:

4. Data Storage and Security

4.1 Local Storage

• Primary Storage: All financial data is stored locally on your device in an encrypted SQLite database
• App-Private Directory: Data is stored in the app's private directory, inaccessible to other apps
• No Automatic Cloud Sync: We do NOT automatically upload your data to cloud servers

4.2 Security Measures

4.3 Backup & Export Features

GoalBox provides multiple options to backup and export your data:

• Local Backup: Create encrypted backup files stored on your device (requires password)
• Google Drive Backup: Upload encrypted backups to your personal Google Drive account (requires Google Drive permission and password)
• Data Export: Export your data as encrypted JSON files (requires password)
• Data Import: Restore from local backups or Google Drive backups (requires correct password)
• Encryption: All backup and export files are encrypted with AES-256-GCM using your password-derived key

5. Data Sharing

We do NOT sell, trade, or rent your personal information to third parties. We may share data only in these circumstances:

• With Your Consent: When you explicitly approve data sharing (e.g., Google Drive backup)
• Legal Compliance: To comply with laws, subpoenas, or court orders
• Fraud Prevention: To protect our rights, prevent fraud, or ensure user safety
• Third-Party Services: As described in Section 3 above

6. Your Privacy Rights

6.1 Rights for All Users

• Right to Access: Export your data via the backup/export feature (Settings > Backup & Export)
• Right to Delete: Clear all data via Settings > Clear Data, or uninstall the app
• Right to Correct: Edit your goals and transactions directly in the app
• Right to Opt-Out: Manage ad personalization via device settings or consent dialog
• Right to Data Portability: Export your data in JSON format

6.2 GDPR Rights (EU/EEA/UK Residents)

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under GDPR:

• Right to Data Portability: Request your data in a machine-readable format (use export feature or contact gdpr@goalbox.app)
• Right to Restriction: Request we restrict processing of your data
• Right to Object: Object to data processing for direct marketing or legitimate interests
• Right to Lodge a Complaint: Contact your local data protection authority
• Data Protection Officer: Contact our DPO at gdpr@goalbox.app

6.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request details about the personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out of Sale: We do NOT sell your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Contact for CCPA Requests: ccpa@goalbox.app

Do Not Sell My Personal Information

GoalBox does NOT sell your personal information as defined by CCPA. We only share data with third-party services as described in Section 3 for functional purposes (ads, currency rates, billing).

7. Data Retention

We retain your data as follows:

• Local Database: Data is retained until you delete it or uninstall the app
• Backup Files: Retained until you delete them (user responsibility)
• Google Drive Backups: Retained in your Google Drive until you delete them
• AdMob Data: Google retains advertising data for 90-180 days (see Google's policy)
• Billing Data: Google Play retains purchase history per their retention policy
• API Logs: Our custom ads server does NOT log personal data

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including:

• United States: Google AdMob, Google Play Billing, Google Drive servers
• European Union: Some API providers may use EU servers

We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

9. Children's Privacy

GoalBox is rated 3+ and suitable for all ages. However, we comply with COPPA (Children's Online Privacy Protection Act) requirements for users under 13 years of age.

• Parental Supervision: We recommend that parents or guardians supervise children's use of the app
• No Data Collection from Children: We do not knowingly collect personal information from children under 13 without verifiable parental consent
• Data Stored Locally: All financial data is stored locally on the device, not on our servers
• Parental Rights: Parents can review, delete, or request information about data stored in the app by accessing the device

If you are a parent or guardian and believe we have collected data from a child under 13 without your consent, please contact us immediately at privacy@goalbox.app, and we will provide guidance on how to delete the locally stored data.

10. Cookies and Tracking Technologies

GoalBox uses the following tracking technologies:

• AdMob SDK: Uses advertising IDs and cookies for ad targeting
• Analytics: We may use anonymized analytics to improve app performance
• No Web Cookies: The app does NOT use browser cookies (it's a native mobile app)

You can reset your advertising ID or opt out of personalized ads in your device settings:

• Android: Settings > Google > Ads > Reset advertising ID or Opt out of Ads Personalization

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending an in-app notification for material changes

Continued use of GoalBox after changes constitutes acceptance of the updated policy.

12. Automated Decision-Making and Profiling

GoalBox does NOT use automated decision-making or profiling that produces legal or similarly significant effects.