Legal
Data Usage
Last updated: April 23, 2026
What this page covers
This page explains, feature by feature, what SettleEase stores locally, what it sends to Supabase, and what is shared with Google services such as Gemini, Google Play, and Firebase Cloud Messaging.
1. Account and authentication
1.1 Email / password sign-up
- →Full name, username, email address, phone hash, country code, and currency preference
- →Optional profile photo URL
Stored in Supabase Auth and PostgreSQL.
1.2 Google Sign-In
- →Google account email address
- →Display name
- →Profile photo URL
1.3 Sessions
Session state is managed by Supabase Auth. Session timestamps and related security data are stored server-side for account protection and diagnostics.
2. Expenses, groups, goals, and reports
Core finance data you create is stored in Supabase and shown only within the sharing contexts you choose, such as your own account, a group, or an event.
- →Expenses, categories, budgets, goals, subscriptions, wallet records, and reports
- →Group memberships, balances, reminders, and settlement records
- →Support tickets and replies
3. Contact discovery
- →Phone numbers are normalized on-device
- →Numbers are hashed before upload
- →Only hashed values are compared against hashes stored for registered users
- →Raw contact lists are not uploaded
4. Receipt scanning and attachments
When you scan or attach a receipt image:
- →The image can stay on-device for ML Kit OCR when you use the receipt scan flow
- →Recognized text may be sent to the backend for structuring and categorization
- →Optional manual receipt images and payment proof images are uploaded to Supabase Storage
- →Those uploaded files are stored in the public receipts bucket and are accessible to anyone with the direct URL
- →Structured extraction data is stored in your account as OCR extraction records
Free plan: 3 receipt scans per calendar month. Pro plan: unlimited.
5. Voice expense logging
When you use voice logging:
- →Speech recognition runs on-device
- →Audio is not uploaded for transcription
- →Only the recognized text is sent to the backend to structure expense entries
- →The resulting extraction records are stored in your account
6. Bank statement import
Bank statement import is currently unavailable in the active build. The previous cloud parsing pipeline was removed and no replacement is active at this time.
7. AI assistant and TaxBot
The assistant and TaxBot use Google Gemini. Inputs sent to Gemini can include your message, recent chat history, extracted text you explicitly submitted, and aggregated finance context needed to answer the request.
- →Your prompt text
- →Recent session history
- →Category names, goal names, and relevant group/member names
- →Aggregated finance summaries rather than raw full-database exports
8. Push notifications
Firebase Cloud Messaging receives your device token and notification metadata so SettleEase can deliver reminders, payment updates, and support notifications.
9. Subscription and billing
- →Google Play processes payments
- →SettleEase receives purchase tokens and subscription state
- →Those tokens are verified server-side before Pro access is granted or renewed
10. Diagnostics and limits
- →Usage counters are stored server-side to enforce plan limits
- →Onboarding completion state is stored to drive the app flow
- →Session timestamps are retained for account security
- →No third-party analytics SDK is used for ad-tech style profiling
11. Data flow summary
| Feature | External service receiving data |
|---|---|
| Account / auth | Supabase |
| Google Sign-In | Google OAuth |
| Core finance data | Supabase only |
| Receipt attachments | Supabase Storage (public receipts bucket) |
| Receipt OCR text structuring | Google Gemini API when triggered |
| Voice logging | Supabase + Gemini using locally transcribed text |
| Bank statement import | Unavailable in current build |
| Push notifications | Firebase Cloud Messaging |
| Subscriptions | Google Play Billing |
12. Contact
- →Email: privacy@settleease.app
- →Response time: within 30 business days