Privacy Policy

Last updated: November 8, 2025

1. Who We Are

VAKKA ("we", "us", "our") provides a mobile application that helps users record and share expenses, calculate balances and register settlements among group participants ("pots"). This Privacy Policy explains what data we process, why, on what legal basis, for how long, and the choices and rights you have.

2. Scope

This Policy applies to the VAKKA mobile app, its backend services (hosted in AWS eu‑west‑3), and the related web pages (*.netlify.app) used for legal documents or invites. By using the Service you acknowledge this Policy.

3. Summary (Plain Language)

4. Data Categories We Process

5. Special Notes About User-Provided Free Text

Display names, pot names, expense descriptions and member placeholders are free text fields supplied by users. You should avoid entering sensitive personal data (e.g. government IDs, health data). If you enter personal data about another person you are responsible for having a lawful basis to do so and must remove it upon their request.

6. Purposes & Legal Bases

Purpose Data Legal Basis (GDPR)
Account creation & authentication Account, auth identifiers Contract (Art.6(1)(b))
Expense & settlement management Group, expenses, settlements, events Contract; Legitimate Interest (clarity for group)
Optional receipt scanning (AI) Temporary image, extracted items Consent (feature use)
Abuse / rate limit enforcement Rate limit records, logs Legitimate Interest
Security & troubleshooting Server logs, error metadata Legitimate Interest
Legal compliance Any necessary record Legal Obligation

7. Optional AI Receipt Scanning

8. Data Sharing & International Transfers

9. Security Measures

We apply: scoped IAM roles, encrypted transport (HTTPS), server-side S3 encryption (AES‑256), short log retention, optimistic locking for data integrity, and row-level security policies in PostgreSQL restricting access to pot members. No system is perfectly secure; report issues to the contact below.

10. Retention

11. Your Rights (EEA / Similar Jurisdictions)

To exercise rights contact: vakka.contact@gmail.com. We may need to verify ownership of the account.

12. Unregistered / Invited Participants

If someone adds your name as a placeholder without you creating an account and you want it removed, contact us and (if you can identify the pot or providing user) we will either anonymize or delete the entry, unless retention is required by law or a dispute resolution process.

13. Children & Minimum Age

The Service is intended for users aged 16+. If local law sets a higher age of digital consent we apply that higher age. We do not knowingly process personal data of children below the applicable threshold. If you believe we have such data, contact us for removal.

14. Accuracy of Data

Expense amounts, participant names, and payment notes are user-supplied. We do not independently verify accuracy. Users are responsible for resolving disagreements; we provide only a calculation tool.

15. No Financial Intermediation

We do not move, hold, or process real funds. “Settlements” are informational records only. You must use external payment methods (e.g. bank transfer, cash) to settle debts.

16. Automated Decision Making

No automated decision making producing legal or similarly significant effects is performed. AI scanning simply extracts text/line items you review before saving.

17. Changes to This Policy

We may update this Policy. Material changes will be indicated by an updated “Last updated” date and (where feasible) in‑app notice. Continued use after the effective date constitutes acceptance.

18. Contact

Email: vakka.contact@gmail.com
Please include your account email (if any) for identity verification.

19. Jurisdiction & Complaints

You may have the right to lodge a complaint with a supervisory authority (EEA users). We welcome the opportunity to address concerns first—reach out via the contact email above.