Privacy Policy

Last updated: March 10, 2026

Physical Entrepreneur (Dmytro Onofriiuk) ("Company", "we", "us", "our") operates the ClearLedger application ("Service"). This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you use our Service, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Physical Entrepreneur (Dmytro Onofriiuk)
Lesi Ukrainky Street 14, App 130
Shchaslyve, Kyiv Oblast, Boryspil District, Ukraine
Email: privacy@managefinance.it.com

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Display name (optional)
• Profile picture (optional, stored as compressed image data)
• Authentication credentials (managed by Firebase Authentication; we do not store passwords directly)

2.2 Financial Data You Provide

ClearLedger stores the budget and financial data you voluntarily enter, including:

• Planned and actual income amounts
• Planned and actual expense amounts across all categories
• Investment allocations
• Savings goals
• Transaction records (date, amount, category, and comments)

This data is entered solely by you and is used exclusively to provide the budgeting features of the Service. We do not connect to your bank accounts, credit cards, or any external financial institutions.

2.3 User Preferences

We store your app settings including: selected theme, preferred currency, dashboard layout configuration, and custom budget categories.

2.4 Subscription and Payment Data

Payment processing is handled entirely by our third-party payment processor (LemonSqueezy and/or Paddle). We store only:

• Your subscription tier (free or pro)
• Subscription status (active, cancelled, expired)
• Payment processor customer ID (for subscription management)

We do NOT store credit card numbers, bank account details, or any sensitive payment information. All payment data is processed and stored by our payment processor under their own privacy policies.

2.5 Automatically Collected Data

When you use the Service, we may automatically collect:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and features used
• Date and time of access
• Referring URL

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases as defined by the GDPR:

• Performance of a contract (Article 6(1)(b)): Processing your account and financial data is necessary to provide the Service you have subscribed to.
• Legitimate interests (Article 6(1)(f)): We process usage analytics data to improve the Service, ensure security, and prevent fraud. Our legitimate interests do not override your fundamental rights and freedoms.
• Consent (Article 6(1)(a)): Where required, we obtain your consent before processing data (e.g., optional analytics cookies). You may withdraw consent at any time.
• Legal obligation (Article 6(1)(c)): We may process data to comply with applicable laws and regulations.

4. How We Use Your Data

We use the collected data for the following purposes:

• Providing and maintaining the Service, including storing your budget data and rendering dashboards
• Processing your subscription and managing your account
• Sending essential service communications (account verification, password reset, subscription updates)
• Improving the Service through aggregated, anonymized usage analytics
• Ensuring security and preventing unauthorized access or fraud
• Complying with legal obligations

We do NOT use your personal financial data for advertising, profiling, automated decision-making, or sale to third parties.

5. Data Storage and Security

5.1 Where We Store Data

Your data is stored using the following infrastructure providers:

• Firebase Authentication (Google): Handles user authentication. Data is processed in accordance with Google's data processing terms and is stored in secure data centers.
• Supabase (PostgreSQL): Stores your budget entries, transactions, and user preferences. Supabase infrastructure is hosted on Amazon Web Services (AWS) with data centers in the EU and US regions.

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

• All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS)
• Database access is restricted through row-level security policies, ensuring users can only access their own data
• Authentication tokens are securely managed and expire automatically
• API keys and secrets are stored in secure environment variables, never in client-side code
• We regularly review and update our security practices

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Analytics Tools

We may use the following analytics tools to understand how the Service is used and to improve user experience:

• Google Analytics / Firebase Analytics: Collects anonymized usage data such as page views, session duration, and feature usage. This data is aggregated and does not identify individual users' financial information. Google Analytics uses cookies; you can opt out using the Google Analytics Opt-out Browser Add-on.

We do NOT use analytics tools to track, analyze, or profile your personal financial data. Analytics are limited to application usage patterns.

7. Cookies

ClearLedger uses only essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking cookies for marketing purposes.

If we introduce optional analytics cookies in the future, we will request your explicit consent before enabling them, in compliance with GDPR and the ePrivacy Directive.

8. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data only with the following categories of third parties, solely for the purposes described:

• Payment processors (LemonSqueezy / Paddle): To process subscription payments. They act as independent data controllers for payment data.
• Infrastructure providers (Google Firebase, Supabase/AWS): To host and operate the Service. They act as data processors under data processing agreements.
• Analytics providers (if applicable): To collect anonymized usage statistics. No financial data is shared.

We may disclose your data if required by law, court order, or governmental authority.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, through our infrastructure providers. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the provider's adequacy certification.

10. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

• Right of Access (Article 15): You may request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): You may request correction of inaccurate personal data.
• Right to Erasure (Article 17): You may request deletion of your personal data ("right to be forgotten"). Upon receiving such a request, we will delete your account and all associated data, except where retention is required by law.
• Right to Restriction of Processing (Article 18): You may request that we restrict processing of your data under certain circumstances.
• Right to Data Portability (Article 20): You may request your data in a structured, commonly used, machine-readable format.
• Right to Object (Article 21): You may object to processing based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@managefinance.it.com. We will respond within 30 days as required by law.

11. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained while your account exists. Deleted within 30 days of account deletion request.
• Financial/budget data: Retained while your account exists. Deleted upon account deletion.
• Transaction records: Retained while your account exists. Deleted upon account deletion.
• Subscription records: Retained for up to 7 years after the end of the subscription for tax and legal compliance purposes.
• Analytics data: Aggregated and anonymized data may be retained indefinitely as it does not constitute personal data.

12. Children's Privacy

ClearLedger is not intended for children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least 30 days before taking effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact and Complaints

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact:

Physical Entrepreneur (Dmytro Onofriiuk)
Email: privacy@managefinance.it.com

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.