1. Who We Are
VAKKA ("we", "us", "our") provides a mobile application that helps users record and share expenses, calculate balances and register settlements among group participants ("pots"). This Privacy Policy explains what data we process, why, on what legal basis, for how long, and the choices and rights you have.
2. Scope
This Policy applies to the VAKKA mobile app, its backend services (hosted in AWS eu‑west‑3), and the
related web pages (*.netlify.app) used for legal documents or invites. By using the Service
you acknowledge this Policy.
3. Summary (Plain Language)
- We collect only the data needed to run expense sharing: account info, group membership, expenses, settlements, optional receipt images for item extraction, and technical security logs.
- Receipt scanning is optional. If you do not use the scan feature no image is sent to OpenAI.
- We do not run ads and do not sell personal data. No analytics or crash profiling services are currently integrated.
- You can delete your account at any time from settings; most data is then removed or irreversibly disassociated (see Retention).
4. Data Categories We Process
- Account Data: Internal UUID, email (as supplied; not always verified beyond Firebase), display name (free text), avatar URL (optional), status flags, timestamps.
- Authentication: Firebase UID (token subject). Password is handled by Firebase Auth; we never store raw passwords.
- Group (Pot) Data: Pot name, description (optional), currency, invite code, membership role (admin/member), joined timestamps, archival status.
- Member Placeholders: For invited or unregistered participants a
member_namecan be stored without a linked user id. This may contain personal data entered by another user (you must have the right to provide it). - Expense Data: Description, date (business date), amount in minor currency units, currency, category, payers (amount each paid), participants (amount each owes), itemized invoice lines (label, quantity, unit & total amounts) and shares per participant, optional structured invoice metadata (e.g. tax, photo reference).
- Settlement Data: Records of who paid whom, amount, currency, optional notes, date.
- Events / Activity Log: Immutable event entries (type, actor id, related entity id, timestamp) for audit and synchronization.
- Receipt Images (Optional Feature): Temporarily stored in a private S3 bucket (lifecycle deletion ~24h). A presigned URL is sent to OpenAI for extraction of line items (name, price, quantity). We retain only structured result; not the image beyond S3 lifecycle.
- Rate Limiting Records: Scan usage counters (user id, period start, count) stored in DynamoDB (~24–25h then TTL removal).
- Technical & Security Data: Server logs (short retention ~5 days), timestamps, error traces, IP addresses in transit logs (not profiled) used for troubleshooting and abuse prevention.
5. Special Notes About User-Provided Free Text
Display names, pot names, expense descriptions and member placeholders are free text fields supplied by users. You should avoid entering sensitive personal data (e.g. government IDs, health data). If you enter personal data about another person you are responsible for having a lawful basis to do so and must remove it upon their request.
6. Purposes & Legal Bases
| Purpose | Data | Legal Basis (GDPR) |
|---|---|---|
| Account creation & authentication | Account, auth identifiers | Contract (Art.6(1)(b)) |
| Expense & settlement management | Group, expenses, settlements, events | Contract; Legitimate Interest (clarity for group) |
| Optional receipt scanning (AI) | Temporary image, extracted items | Consent (feature use) |
| Abuse / rate limit enforcement | Rate limit records, logs | Legitimate Interest |
| Security & troubleshooting | Server logs, error metadata | Legitimate Interest |
| Legal compliance | Any necessary record | Legal Obligation |
7. Optional AI Receipt Scanning
- Disabled unless you explicitly start a scan.
- We generate presigned URLs to fetch your uploaded image from S3 and submit it to OpenAI solely to extract product line items.
- Images auto-expire (S3 lifecycle ~24h). We store only structured item data in our database.
- If you object, simply do not use the scan feature; manual item entry remains available.
- OpenAI may process data outside the EU. Use is subject to OpenAI’s API Terms & Privacy.
8. Data Sharing & International Transfers
- Within your pots: Other members see expenses, settlements, names you entered, and derived balances.
- Service Providers: AWS (hosting, storage), Firebase (auth), OpenAI (optional scanning), DynamoDB (rate limit). Each acts as a processor or independent provider under their own terms.
- Legal Requests: We may disclose limited data if required by applicable law or valid order.
- International Transfer: Core data is stored in AWS eu‑west‑3 (France). Optional AI scanning transmits an image to OpenAI servers which may reside outside the EEA. By initiating a scan you consent to this transfer.
9. Security Measures
We apply: scoped IAM roles, encrypted transport (HTTPS), server-side S3 encryption (AES‑256), short log retention, optimistic locking for data integrity, and row-level security policies in PostgreSQL restricting access to pot members. No system is perfectly secure; report issues to the contact below.
10. Retention
- Account & core expense data: retained while the account is active or until you request deletion. Currently we do not auto-purge historical expenses; this may change (future update will be reflected here).
- Soft-deleted items: flagged with
is_deletedand excluded from normal views but may persist for synchronization integrity until purged. - Receipt images: ~24h (S3 lifecycle) then removed automatically.
- Rate limit records: ~24–25h (DynamoDB TTL) then deleted.
- Server logs: ~5 days then rotated.
- Post account deletion: we attempt to remove or irreversibly disassociate personal identifiers within ~30 days (excluding data required for legal or abuse prevention purposes).
11. Your Rights (EEA / Similar Jurisdictions)
- Access – obtain a copy of your personal data.
- Rectification – correct inaccurate or incomplete data.
- Deletion – request removal; we will soft delete then purge where feasible.
- Portability – export structured expense data (request via email).
- Restriction / Objection – to certain processing based on legitimate interest.
- Withdraw Consent – stop using the optional scanning feature at any time.
To exercise rights contact: vakka.contact@gmail.com. We may need to verify ownership of the account.
12. Unregistered / Invited Participants
If someone adds your name as a placeholder without you creating an account and you want it removed, contact us and (if you can identify the pot or providing user) we will either anonymize or delete the entry, unless retention is required by law or a dispute resolution process.
13. Children & Minimum Age
The Service is intended for users aged 16+. If local law sets a higher age of digital consent we apply that higher age. We do not knowingly process personal data of children below the applicable threshold. If you believe we have such data, contact us for removal.
14. Accuracy of Data
Expense amounts, participant names, and payment notes are user-supplied. We do not independently verify accuracy. Users are responsible for resolving disagreements; we provide only a calculation tool.
15. No Financial Intermediation
We do not move, hold, or process real funds. “Settlements” are informational records only. You must use external payment methods (e.g. bank transfer, cash) to settle debts.
16. Automated Decision Making
No automated decision making producing legal or similarly significant effects is performed. AI scanning simply extracts text/line items you review before saving.
17. Changes to This Policy
We may update this Policy. Material changes will be indicated by an updated “Last updated” date and (where feasible) in‑app notice. Continued use after the effective date constitutes acceptance.
18. Contact
Email: vakka.contact@gmail.com
Please include your account email (if any) for
identity verification.
19. Jurisdiction & Complaints
You may have the right to lodge a complaint with a supervisory authority (EEA users). We welcome the opportunity to address concerns first—reach out via the contact email above.