OweYo Logo
OweYo

Privacy Policy for OweYo

Last Updated: June 2, 2026

At OweYo, we believe shared expense tracking should be frictionless and privacy-conscious. This Privacy Policy explains how we collect, use, store, and share information when you use the OweYo mobile app and related services.

ß OweYo is designed with data minimization in mind: we collect only the information strictly necessary to provide the app’s functionality and support data synchronization and recovery features.

1. Overview & Principles

OweYo is built around the following privacy principles:

  • Privacy by Design: OweYo works without requiring a traditional email/password account. We use anonymous tokens to link your device to your data.
  • Data Minimization: We avoid collecting any information that is not essential to the calculation or synchronization of your shared expenses.
  • Continuous Sync & Recovery: OweYo is an "offline-first" application. You can add expenses without a connection, and the app will automatically synchronize with our secure cloud when connectivity is established. This synchronization is mandatory to enable group collaboration and account-free data recovery.

2. Information We Collect

a. Information You Provide

When you create or join a group, we collect and store:

  • Group names and member aliases.
  • Expense titles, descriptions, amounts, and dates.
  • Group-related settings and settlement preferences.

Note: You are not required to use real names. We encourage the use of nicknames or aliases to further protect your privacy.

b. Anonymous Identifiers

Because we do not use traditional accounts, we use secure, anonymized device/session tokens to:

  • Associate your app installation with your specific groups.
  • Facilitate data recovery if you reinstall the app or switch devices.
  • Ensure your access to a group is authorized.

c. Usage, Diagnostics, and Analytics Data

To maintain app stability and improve the user experience, we collect limited, non-identifying diagnostic information via services such as PostHog or Firebase:

  • App version and operating system type.
  • Anonymous feature usage events (e.g., "group created").
  • Crash reports and error diagnostics.

This data is collected in a pseudonymous or aggregated form where possible and is used strictly for technical performance, stability, and product improvement. We do not intentionally use this information to identify you by real-world identity.

d. Purchase and Subscription Information

If you purchase premium features, subscriptions, or other in-app content, the transaction is processed by the platform provider through which you downloaded the app, such as Google Play or the Apple App Store.

We do not collect or store your full payment card or billing details. However, we may receive limited purchase-related information necessary to:

  • Confirm that a purchase was completed successfully.
  • Unlock paid features or subscription benefits.
  • Restore purchases where supported.
  • Prevent fraud or abuse related to purchases.

This information may include details such as your product or subscription identifier, purchase status, transaction timestamps, and platform-issued purchase or entitlement records.

3. How We Use Information

We use the collected information to:

  • Calculate balances and maintain your expense history.
  • Sync group data across all members in real-time.
  • Allow for seamless data retrieval without a username or password.
  • Diagnose technical issues and prevent app crashes.
  • Comply with legal obligations.
  • Verify purchases, restore premium access, and manage paid features or subscriptions.

4. Data Retention

  • Active Data: Group and expense data is retained as long as the group remains active on our servers.
  • Deletion: When a group is deleted, it is removed from normal access and active use within the app. Associated records may be retained for a limited period for synchronization integrity, fraud prevention, dispute handling, security, backup, and recovery purposes before being permanently deleted or anonymized.
  • Backups: For security and disaster recovery, limited encrypted backups may persist for a short period before being permanently overwritten.

5. How We Protect Your Data

We leverage enterprise-grade infrastructure via Supabase to safeguard your data. Our security measures include:

  • Encryption in Transit: All communication between your device and our servers is protected by SSL/TLS encryption.
  • Encryption at Rest: Data is stored on encrypted disks within our cloud environment (hosted on AWS infrastructure).
  • Row Level Security (RLS): We use strict database policies to ensure that group data is only accessible to users with the valid authorized token for that specific group.

Your Responsibility

Access to shared groups is granted via unique Group Access Codes or tokens. Anyone with these credentials can view that group's data. It is your responsibility to share these codes only with trusted individuals.

6. Sharing of Information

We do not sell your personal data. Sharing is limited to:

  • Backend Infrastructure: Such as Firebase or Supabase or similar (and its sub-processors like AWS) for database and synchronization services.
  • Performance Monitoring: Such as PostHog, Firebase, or similar tools for anonymous analytics and crash reporting.
  • Legal Compliance: We may disclose information if required to do so by a valid legal order, regulation, or court process.
  • Payments and In-App Purchases: Platform providers such as Google Play or the Apple App Store may process payments, subscriptions, and purchase restoration requests on our behalf. If used, third-party subscription management providers may also process limited purchase-related data to validate entitlements and restore access.

7. International Data Transfers

OweYo relies on global cloud infrastructure. Your information may be stored or processed in countries other than your own. We ensure our service providers utilize appropriate safeguards (such as Standard Contractual Clauses) to protect your data across borders.

8. Your Privacy Choices and Rights

You have the right to:

  • Rectify: Edit any expense or member name within the app at any time.
  • Erase: You may delete expenses or request deletion of group data through in-app controls where available. Deleted groups are removed from active use and synchronization, and may be permanently deleted or anonymized after a retention period.
  • Export: (Where supported) Download your ledger data for your own records.

To make a specific privacy request, please contact us. Note that because we do not store emails, we may require your anonymous app identifier to process your request.

9. Cookies and Similar Technologies

Our website uses minimal, non-tracking cookies for essential functionality and basic site analytics. We do not use third-party advertising trackers in the OweYo mobile application.

10. Children’s Privacy

OweYo is not directed to children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us for immediate removal.

11. Changes to This Policy

We may update this policy to reflect changes in our technology or legal requirements. Updates will be signaled by the “Last Updated” date at the top of this page.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:
Email: support@oweyo.app