Privacy Policy for Fiby

1. Introduction

Welcome to Fiby ("we," "our," or "us"). Fiby is a personal finance management application developed and owned by Accie Technologies. The "Fiby" name and trademark (class: 9) are the sole property of Accie Technologies and are subject to trademark registration.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). We are committed to protecting your privacy and ensuring transparency in our data practices.

2. Information We Collect

2.1 Information You Provide Directly

For Authentication Only:

• Email address (required only when using Google Sign-In or Email Sign-In for Firebase Authentication)
• User ID (UID) (automatically generated by Firebase Authentication)

That's it. We do NOT collect or transmit any other personal information to our servers.

2.2 Information Stored Locally on Your Device Only

The following information is stored ONLY on your device and is NEVER transmitted to our servers:

• All your financial transactions (expenses, income, investments)
• Budget information and financial goals
• Notes, shopping lists, and reminders
• Optional profile information (display name, alias, gender, age, country, language preferences) - only if you choose to provide them for personalization
• Theme preferences (dark/light mode, accent color)
• App settings and configurations

2.3 Information Collected Automatically

Firebase Crashlytics (For App Stability)

When the app crashes, we automatically collect:

• Device model and Android version
• App version
• Stack traces and error logs (automatically sanitized - no financial data)
• Crash timestamp
• Anonymous installation ID (not linked to your email)

Purpose: Fix bugs and improve app stability
Retention: 90 days
Privacy: All crash reports are automatically sanitized to remove any personal or financial information

Firebase Analytics (If You Opt-In)

By default, analytics is DISABLED. If you enable it in Settings > Privacy, we collect:

• Screen Views: Which screens you visit (e.g., "Home," "Reports," "Wallet") - screen names only
• Feature Usage: Which features you use (e.g., "expense added," "export completed") - NO amounts, NO merchant names
• Navigation Patterns: How you move through the app
• Session Metrics: How long you use the app
• Device Info: Device type, Android version (aggregate only)
• App Performance: Load times, performance metrics (aggregate only)

What We NEVER Track:

• ❌ Financial amounts
• ❌ Merchant names
• ❌ Account balances
• ❌ Transaction details
• ❌ Your location
• ❌ SMS/notification content
• ❌ Any personal financial information

You Control This: Toggle analytics ON/OFF anytime in Settings > Privacy

2.4 Notification Access (Optional)

If you grant notification access permission, Fiby can:

• Read financial notifications
• Automatically detect and categorize transactions

2.5 Biometric Data

We DO NOT collect biometric data.

Fingerprint/face recognition is handled entirely by Android's secure hardware (Trusted Execution Environment). Fiby only receives a "success" or "fail" response from the operating system. Your biometric data never leaves your device and we never have access to it.

3. How We Use Your Information

3.1 Email Address (Server-Side)

• Purpose: User authentication via Firebase
• Storage: Firebase Authentication servers (Google Cloud Platform)
• Usage: Login, account recovery, security notifications

3.2 Crash Reports (Server-Side)

• Purpose: Identify and fix app crashes
• Storage: Firebase Crashlytics servers for 90 days
• Usage: Improve app stability and fix bugs

3.3 Analytics (Server-Side - If You Opt-In)

• Purpose: Understand how users interact with the app
• Storage: Firebase Analytics servers for 14 months
• Usage: Improve features, optimize user experience, prioritize development

3.4 Local Data (Never Transmitted)

All your financial data, transactions, budgets, goals, and notes are stored only on your device and are used only to provide app functionality (reports, insights, reminders, etc.).

4. Data Storage and Security

4.1 What's Stored on Our Servers (Firebase)

Only 3 things:

1. Email address (Firebase Authentication)
2. Anonymous crash reports (Firebase Crashlytics) - 90 days
3. Anonymous usage analytics (Firebase Analytics - if you opt-in) - 14 months

Data Location: Firebase/Google Cloud Platform servers (United States and global locations)

4.2 What's Stored Locally on Your Device

Everything else:

• All financial transactions
• Budgets and goals
• Notes, shopping lists, reminders
• Optional profile information
• App settings and preferences
• Encrypted backups (if you enable backup feature)

4.3 Security Measures

• Encryption in Transit: All communication with Firebase uses TLS/SSL (HTTPS)
• Encryption at Rest: Firebase encrypts data using AES-256
• Local Security: Optional biometric/PIN lock for app access
• Access Controls: We cannot access your financial data (it's on your device only)
• Data Sanitization: Crash reports are automatically sanitized before transmission

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your information to anyone for any purpose.

5.2 Service Providers

We use only one third-party service:

Google Firebase / Google Cloud Platform

• Services Used: Authentication, Crashlytics, Analytics (opt-in)
• Data Shared: Email (auth only), anonymous crash logs, anonymous analytics (if enabled)
• Privacy Policy: Google Privacy Policy
• Firebase Privacy: Firebase Privacy Information

5.3 Legal Requirements

We may disclose your email address if required by:

• Court orders or subpoenas
• Government investigations
• Compliance with applicable laws

We cannot disclose your financial data because we don't have it (it's on your device).

5.4 Business Transfers

If Accie Technologies is acquired, sold, or merged:

• We will notify you via email
• Only your email address could be transferred (we don't have your financial data to transfer)
• You'll have the option to delete your account before transfer

6. Your Rights and Choices

6.1 Access and Control

• View Data: All your financial data is in the app - you can view it anytime
• Export Data: Settings > Export - export to CSV format
• Delete Account: Settings > Account > Delete Account (irreversible)
• Analytics Control: Settings > Privacy - toggle analytics ON/OFF anytime

6.2 What Happens When You Delete Your Account

Immediately:

• Email address deleted from Firebase Authentication
• You're signed out and cannot sign back in

Within 30 days:

• All Firebase data purged (crash logs, analytics)

On Your Device:

• App data remains until you uninstall the app
• You can manually clear data: Android Settings > Apps > Fiby > Clear Data

6.3 GDPR Rights (For EU Users)

If you're in the European Economic Area (EEA):

• Right to Access: Request a copy of your email address (the only thing we have)
• Right to Erasure: Delete your account (Settings > Account > Delete Account)
• Right to Data Portability: Export your data (Settings > Export)
• Right to Object: Disable analytics (Settings > Privacy)
• Right to Withdraw Consent: Disable analytics anytime

Contact us: support@fiby.app

6.4 California Privacy Rights (CCPA)

If you're a California resident:

• Know: We collect only your email address for authentication
• Access: Request confirmation (contact support@fiby.app)
• Delete: Delete your account (Settings > Account > Delete Account)
• Opt-Out of Sale: Not applicable - we don't sell data
• Non-Discrimination: We don't discriminate based on privacy choices

7. Children's Privacy

Fiby is not intended for children under 18. We do not knowingly collect information from children.

If you believe a child has provided us with their email, contact support@fiby.app and we'll delete it immediately.

8. Third-Party Services

8.1 Firebase Services

We use only Firebase:

• Firebase Authentication: User sign-in
• Firebase Crashlytics: Crash reporting
• Firebase Analytics: Usage analytics (opt-in only)

Governed by:

• Google Privacy Policy
• Firebase Terms

8.2 Advertising and Monetization (Future)

Currently: Fiby is completely free with no ads or sponsored content.

In the Future: To support app maintenance and ongoing development, we may introduce privacy-respecting monetization options:

Non-Intrusive Advertising

• Generic display advertisements unrelated to financial products
• No personalization: Ads will NOT be based on your financial data
• No data sharing: Your transactions and financial information will NEVER be shared with advertisers
• You control it: Option to remove ads via one-time in-app purchase or subscription

Premium Features (Optional)

• Advanced reporting and analytics
• Priority customer support
• Additional export formats
• Custom themes and customization options
• Cloud sync and backup features

Educational Content Partnerships

• Links to financial literacy resources, tools, and educational content
• Clearly labeled: Any sponsored or partnered content will be clearly marked
• No financial advice: We do not provide financial advice or recommend specific financial products
• No tracking: We don't track which external links you visit

Regulatory Compliance: We will not engage in activities that require financial services licensing or regulatory approvals in India (RBI, SEBI, IRDAI, etc.). Fiby is a personal finance tracking tool only, not a financial advisor or product distributor.

We will update this Privacy Policy and notify you 30 days before introducing any advertising or monetization features.

8.3 No Data Brokers or Trackers

We do not and will never use:

• ❌ Data brokers
• ❌ Marketing platforms that sell user data
• ❌ Social media trackers (Facebook Pixel, etc.)
• ❌ Third-party tracking cookies
• ❌ Personalized ad networks that require your data

9. International Data Transfers

Fiby is designed for users in India, but we use Firebase (global infrastructure).

Data Transfer:

• Your email address may be stored on Firebase servers in the United States or other locations
• Your financial data stays on your device (no transfer)

Safeguards:

• Standard Contractual Clauses (SCCs) for EU transfers
• Google Cloud Platform compliance certifications
• GDPR compliance for EU users

10. Changes to This Privacy Policy

We will notify you of changes via:

• In-app notification
• Updated "Last Updated" date

Your continued use after changes = acceptance of revised policy

11. Contact Information

12. Compliance and Certifications

This Privacy Policy complies with:

Indian Regulations:

• Information Technology Act, 2000
• IT Rules, 2011
• IT (Intermediary Guidelines) Rules, 2021

International Standards:

• GDPR (General Data Protection Regulation - EU)
• CCPA (California Consumer Privacy Act - USA)
• COPPA (Children's Online Privacy Protection Act - USA)

Platform Compliance:

• Google Play Store Developer Policy
• Google Play Data Safety Requirements
• Firebase Privacy Guidelines

13. Transparency Commitment

What We Actually Have Access To:

On Our Servers (Firebase):

• ✅ Your email address (for authentication)
• ✅ Anonymous crash logs (device model, Android version, error stack trace - no financial data)
• ✅ Anonymous usage analytics (if you opt-in: screen views, feature usage - NO amounts, NO merchants)

That's literally everything we have.

What We DO NOT Have Access To:

• ❌ Your financial transactions
• ❌ Your account balances
• ❌ Your budgets or goals
• ❌ Your notes or shopping lists
• ❌ Your expense/income amounts
• ❌ Merchant names
• ❌ Your location
• ❌ Your SMS messages
• ❌ Your biometric data
• ❌ Optional profile info (gender, age, alias, etc.) - stored locally only

Analytics Example (If You Opt-In):

Event: screen_view
Parameters:
  - screen_name: "reports"
  - app_version: "1.0.0"
  - device_type: "Pixel 6"

Event: transaction_added
Parameters:
  - amount: ₹500  ← NEVER SENT
  - merchant: "Starbucks"  ← NEVER SENT
  - category: "coffee"  ← NEVER SENT

We literally just see: "Someone opened the Reports screen."

14. Your Data, Your Control

Key Points:

• ✅ Email only for auth - That's all we need from you
• ✅ Financial data stays local - On your device, encrypted, private
• ✅ No data selling - Ever. To anyone.
• ✅ Analytics opt-in - Disabled by default, you control it
• ✅ Easy export - CSV format, take your data anywhere
• ✅ Easy deletion - One tap, account gone
• ✅ No tracking - We don't track your spending, merchants, or habits

15. Data Breach Notification

If your email address is compromised (unlikely), we'll notify you within 72 hours via:

• Email to your registered address
• In-app notification
• Website notice

Your financial data cannot be breached because it's on your device, not our servers.

16. Legal Basis for Processing (GDPR)

For EU users, we process your email address based on:

• Contract Performance: To provide authentication service
• Consent: For analytics (you can withdraw anytime)

We process crash logs based on:

• Legitimate Interest: To fix bugs and improve app stability

17. Important Disclaimers

17.1 Not a Financial Service Provider

Fiby is a personal finance tracking tool, NOT a financial service provider.

We are NOT:

• ❌ A financial advisor or consultant
• ❌ A registered investment advisor (RIA)
• ❌ A stockbroker or securities dealer
• ❌ An insurance agent or broker
• ❌ A lending platform or NBFC
• ❌ A payment service provider or payment aggregator
• ❌ A credit bureau or credit information company
• ❌ Subject to RBI, SEBI, IRDAI, or NPCI regulations

We DO NOT:

• ❌ Provide financial, investment, tax, or legal advice
• ❌ Recommend specific financial products or services
• ❌ Facilitate financial transactions
• ❌ Access your bank accounts directly
• ❌ Store or transmit payment information
• ❌ Earn commissions from financial product sales

What Fiby Does: Fiby is a software tool that helps you manually track and organize your personal financial information on your own device. Any financial decisions you make are entirely your own responsibility.

17.2 No Account Aggregation

Fiby does NOT perform account aggregation services as defined under RBI's Account Aggregator framework. We do not:

• Connect to your bank accounts via APIs
• Aggregate financial data from multiple institutions
• Share your financial data with any financial institutions
• Require account aggregator licensing or RBI approval

All transaction data is manually entered by you or detected from notifications with your explicit permission.

18. Acknowledgment

App Sustainability

Fiby is free to use because we believe everyone deserves access to good financial management tools. To maintain and improve the app:

Current: We rely on our own resources to keep Fiby running and bug-free.

Future: We may introduce privacy-respecting revenue sources:

• Generic advertising: Non-intrusive ads (NOT financial products to avoid regulatory issues)
• Premium features: Optional paid features (advanced analytics, cloud sync, premium themes)
• In-app purchases: Remove ads, unlock additional features
• Educational partnerships: Sponsored financial literacy content (clearly labeled)

Regulatory Clarity: Fiby is a personal finance tracking and budgeting tool only. We do not and will not:

• Provide financial advice or recommendations
• Sell, distribute, or promote financial products (loans, investments, insurance, credit cards)
• Act as a financial intermediary or aggregator
• Require licensing from RBI, SEBI, IRDAI, or other financial regulators

Thank you for trusting Fiby with your financial journey.