Privacy Policy
Last updated: February 11, 2026
Tracker Daily Money ("we", "us") builds a personal cash-flow tracker. This page describes, in plain English, what data we collect, why, and what your rights are. No dark patterns, no selling of your data, ever.
The short version: We collect the minimum needed to run the app — your email, your name, and the transactions you type in. We never sell your data to advertisers or data brokers. You can export or delete everything at any time.
1. What we collect
Account information
- Email address (used for sign-in and account recovery)
- Name (used for greeting you in the app; you can enter anything)
- Password (stored only as a one-way bcrypt hash — we cannot see your actual password)
- Preferred currency (locked to USD for the US-only release)
- Approximate country (derived from your IP, used to confirm US eligibility)
Content you create
- Transactions (amount, date, category, optional note)
- Budgets and per-category monthly caps
- Recurring transaction rules
- Ledger names and membership relationships (for shared-ledger features)
Technical data
- IP address — used briefly to (a) confirm you're accessing from within the United States and (b) rate-limit authentication endpoints to prevent brute-force attacks. Cached for 24 hours, then discarded.
- Basic device/browser info (user-agent string), collected only when errors occur to help us diagnose issues.
Payments
If you subscribe to the Couples plan, your payment is processed by Stripe. We store only (a) your Stripe customer ID, (b) whether your subscription is active, and (c) the current renewal date. We never see or store your credit card number, CVC, or bank information. All of that stays with Stripe.
Analytics
We use Google Analytics 4 to understand aggregate usage (which pages are most visited, how many people signed up this week). Google Analytics does not receive your name, email, or any transaction content — only pageviews and anonymized session data.
2. What we DO NOT collect
- Your bank account credentials — the app does not connect to banks
- Your Social Security Number, government ID, or any tax information
- Your location (beyond country-level, one-time, for US-eligibility)
- Your contacts, calendar, camera, microphone, photos, or files
- Any biometric data
3. Why we collect it
- To operate the app — showing you your ledger, saving your transactions, calculating your balance
- To authenticate you — verifying your email/password and keeping you signed in securely
- To improve the app — aggregated analytics help us decide what to build next
- To process payments — only if you subscribe to the Couples plan
- To communicate with you — password-reset emails and, rarely, service-critical announcements (never marketing without your opt-in)
4. Who we share it with
We share limited data with a small number of trusted service providers, only as needed:
- Stripe (payment processing) — receives your email + Stripe customer ID when you subscribe
- MongoDB Atlas / hosting provider — stores your data on servers located in the United States
- Google Analytics — receives anonymized pageview data (no PII)
- ip-api.com (geo-verification) — briefly receives your IP address to return a country code, then we cache the result and stop calling
- Resend / email delivery provider — receives your email address when we send you a password-reset link
We do not sell your data. We do not share it with advertisers, data brokers, or any party not listed above. We do not build profiles for retargeting.
5. How long we keep it
- Your account data and transactions: as long as your account exists
- Cached geo-IP lookups: 24 hours, then automatically discarded
- Password-reset tokens: 1 hour or until used, whichever comes first
- Server logs (error diagnostics): rotated every 14 days
- If you delete your account, we delete all of your data within 30 days
6. Your rights
Regardless of where you live, you can at any time:
- Access your data — export all your transactions and budgets as a CSV file from the Transactions page
- Correct your data — edit any transaction or account detail directly in the app
- Delete your data — email us at privacy@trackerdaily.com and we'll delete your account within 30 days, or use the "Delete my data" option in-app (coming soon)
- Portability — CSV/PDF export is built in; your data is never held hostage
California residents (CCPA) have additional rights, including the right to know what personal information we collect, the right to delete it, and the right to non-discrimination for exercising these rights. To exercise any CCPA right, email privacy@trackerdaily.com from the address associated with your account.
7. Security
Passwords are stored using bcrypt, a one-way hash. Sessions are signed JWTs delivered via httpOnly cookies with the Secure and SameSite=None flags. Payment card data never touches our servers — it is handled exclusively by Stripe (a PCI Level 1 certified processor). Rate limiting protects authentication endpoints from brute-force attacks.
No system is ever 100% secure. If we ever detect a data breach affecting your account, we will notify you by email within 72 hours of discovery and describe what happened, what data was affected, and what steps we are taking.
8. Guest mode
If you use the "Continue without account" option, your transactions are stored only in your browser's local storage — they never touch our servers. You can clear this data at any time by clearing your browser data or by signing out.
If you later sign up for an account, we ask before migrating your local data to the server, and only do so with your explicit consent.
9. Children
Tracker Daily Money is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have inadvertently done so, we delete it immediately. If you believe your child has provided us with information without your consent, please contact us at privacy@trackerdaily.com.
10. Geography
Tracker Daily Money is currently available only to users located in the United States. All data is stored on servers in the United States. We do not intentionally offer the service in the European Union, United Kingdom, or other jurisdictions outside the US, and we do not intentionally collect data from users outside the US.
11. Changes to this policy
When we materially change how we collect or use your data, we will update the "Last updated" date at the top of this page and, if the change is significant, email registered users at least 14 days before the change takes effect. Continued use of the app after a change constitutes acceptance of the updated policy.
12. Contact
Questions, complaints, or data requests: privacy@trackerdaily.com. We aim to respond within 5 business days.
This policy is written to satisfy Google Play's Data Safety requirements, Apple App Store's Privacy Nutrition Label requirements, the California Consumer Privacy Act (CCPA), and general US consumer-protection best practices. It is not a substitute for legal advice.