Privacy Policy

Money Tracker is a personal expense tracking app. This policy explains what data the app accesses, where it is stored, and how it is used. The short version: your data stays on your device and in your own Google Sheet — nothing is stored on any external server.

The app stores the following locally in your browser:

• Expenses — saved to IndexedDB in your browser. Never sent anywhere unless you have an integration configured.
• Settings — your currency and integration credentials stored in localStorage.
• Google refresh token (Sheets API integration) — stored encrypted (AES-256-GCM) in localStorage. The plaintext token is only ever held server-side during an active API request. You can revoke it at any time from your Google account.
• Zapier webhook URL (Zapier integration) — stored in localStorage. Treat it as a private link.

When you use the Sheets API integration, the app requests access to Google Sheets with the following scope:

• https://www.googleapis.com/auth/spreadsheets — read and write access to Google Sheets, used solely to append and fetch expense rows in the spreadsheet you specify.
• email — your email address, displayed in the app to confirm which account is connected.

The app only accesses the specific spreadsheet you provide. It does not read, modify, or list any other files in your Google Drive or Google account.

Your Google credentials are never logged or stored on any server. The refresh token is encrypted with AES-256-GCM before being stored in your browser's localStorage. When you make an API call, the encrypted blob is sent to the server, decrypted using a server-only key, and used solely to obtain a short-lived access token for that request. Access tokens and plaintext refresh tokens are never returned to or stored by the client.

This app has no database. No expense data, no credentials, and no personal information are persisted on any server. Each API request is stateless — credentials are passed in the request body, used for that request only, and discarded.

• Google Sheets API — used via the Sheets API integration to read and write expense data to your spreadsheet. Subject to Google's Privacy Policy.
• Zapier — used via the Zapier integration to forward expense data to your destination via a webhook. Subject to Zapier's Privacy Policy.

To disconnect the app from your Google account, either click Disconnect in Settings → Connect, or go to your Google account at myaccount.google.com/permissions and remove Money Tracker. This immediately invalidates the stored refresh token.

Questions about this privacy policy or the app? hello.sanudin@gmail.com