Privacy Policy
Expense Pro Manager by techcybo.com. We collect only what is needed to sync your finances across devices. No ads, no analytics, no data sold.
Last updated:
✓ At a Glance
- ● Your financial data is stored in your own Firebase account scope — no one else can read it.
- ● We use Firebase Auth and Cloud Firestore only — no Firebase Analytics, no Crashlytics, no Storage.
- ● No advertising SDKs. No analytics SDKs. No crash-reporting SDKs.
- ● We do not sell, rent, or trade your personal information to any third party.
- ● You can permanently delete all your data from inside the app at any time.
1. Who We Are
Expense Pro Manager is a personal finance tracker developed by techcybo.com.
App identifiers:
Android package: com.techcybo.expense_manager_app
iOS bundle: com.techcybo.expenseManagerApp
Questions about this policy: support@techcybo.com
2. Data We Collect
All data is stored in Google Cloud Firestore, scoped to your authenticated user ID. Firestore security rules reject any query that does not match your own user ID.
Account & Authentication Data
| Data | Sign-in method | Stored where |
|---|---|---|
| Firebase Auth UID | All methods | Firebase Auth (Google-managed) |
| Email address | Email/Password, Google, Facebook, Apple (if provided) | Firebase Auth + Firestore userProfiles |
| Display name | Apple, Facebook (if provided by those platforms) | Firestore userProfiles |
For Google Sign-In, only the Firebase UID is stored by us — your name and email are held by Google and shown within the app UI via the Google Sign-In SDK.
Financial Data (user-entered)
- Transactions — amount, currency code and symbol, conversion rate, category, sub-category, account name and ID, transaction type (income / expense / transfer), lend/borrow type, date, note, and description.
- Accounts — account type name, account name, whether the account is included in the net-worth total.
- Budgets — category name, budget amount, period, and currency.
- Liabilities — person or institution name, direction (lent / borrowed), principal amount, remaining amount, due date, status, note, and associated repayment records.
- Recurring templates — all fields of a transaction plus frequency, start date, and next due date.
- Currency preferences — list of enabled currencies with their codes, symbols, and user-set conversion rates.
- Categories — category and sub-category names created by the user.
All documents include your Firebase Auth UID so that Firestore security rules can enforce per-user isolation.
Local-only Data (never transmitted)
- Theme preference (light / dark / system) — stored in
SharedPreferenceson-device only, never synced to Firestore. - Firestore offline cache — Firestore persists your data locally (IndexedDB on web, SQLite on mobile) so the app works without an internet connection. This is managed entirely by the Firebase SDK.
3. How We Use Your Data
- → Authenticate you — verify your identity with Firebase Auth so only you can access your data.
- → Sync across devices — store and retrieve your financial records in Firestore so they are available on all your signed-in devices.
- → Enable app features — budgets, recurring automation, analytics charts, and liability tracking all read from and write to your Firestore documents.
- → Export on demand — when you export data, it is assembled in memory and shared via the OS share sheet. Nothing is written to shared device storage by the app.
We do not use your data for advertising, profiling, or training machine-learning models.
4. Third-Party Services
The following third-party services receive limited data as described.
Firebase (Google LLC)
We use Firebase Authentication and Cloud Firestore only. Firebase is a Google service subject to Google's Privacy Policy (policies.google.com/privacy). Data is stored in Google Cloud's infrastructure. We have not enabled Firebase Analytics, Crashlytics, Performance Monitoring, or any other Firebase product.
Google Sign-In (Google LLC)
If you sign in with Google, the google_sign_in SDK authenticates you via Google's OAuth 2.0 flow. We receive a Firebase UID and, optionally, your email address and display name from Google. We do not store any Google OAuth tokens.
Sign in with Apple (Apple Inc.)
If you sign in with Apple, Apple's sign-in service authenticates you. Apple may provide a relay email address and your name (given and family, on first sign-in). We store this name and email in Firestore so the app can display them. Apple's privacy practices are described at apple.com/legal/privacy.
Facebook Login (Meta Platforms, Inc.) — optional
If you choose to sign in with Facebook, the flutter_facebook_auth SDK communicates with Facebook's servers. On iOS, we request Apple's App Tracking Transparency (ATT) permission before initiating Facebook login. If you deny ATT, we use Facebook's Limited Login flow, which prevents Facebook from tracking you across other apps and websites. If you grant ATT, Facebook's standard login is used.
Facebook may provide your email address and display name. We store these in Firestore if provided. Meta's privacy practices: facebook.com/policy.
Currency Exchange Rate API
The app fetches current exchange rates from a free, open-source API (latest.currency-api.pages.dev via jsDelivr CDN). These requests contain no user-identifiable information — only a currency code in the URL path. No API key or account is used.
Google Fonts CDN (Google LLC)
The web version of the app loads the Inter font from Google Fonts (fonts.googleapis.com). This is a standard HTTP request for a font file; no user data is transmitted beyond a standard browser IP address and user-agent header. After the first load the font is cached by the browser.
5. Device Permissions
Android
- INTERNET — Required to connect to Firebase Auth, Firestore, and the currency rate API. Added automatically by Flutter.
No camera, microphone, contacts, location, or storage permissions are requested on Android.
iOS
| Permission | Why it is requested |
|---|---|
| App Tracking Transparency (ATT) | Requested only if you tap Continue with Facebook. Denying ATT activates Facebook Limited Login — your data is not used for cross-app tracking. |
| Photo Library | Used by the file picker when you import a CSV or Excel file that was saved in your photo library or Files app. The app reads the selected file only and does not browse your photos. |
| Camera | Declared in the app's permission manifest for a planned receipt-capture feature. The camera is not currently accessed by any active screen. |
| Face ID / Biometrics | Used to unlock the app if you enable biometric lock in Settings. Biometric data never leaves the secure enclave on your device; we never receive it. |
| Documents Folder | Required by the file picker plugin to open files from the iOS Files app for import, and to place exported files via the share sheet. |
6. Data Retention & Deletion
Your data is retained in Firestore for as long as you use the app and have not deleted it.
To permanently delete all your data, go to Settings → Danger Zone → Delete all data inside the app. This removes all your transactions, accounts, budgets, liabilities, recurring templates, categories, and currency preferences from Firestore.
To also revoke the app's access to your Google account, visit myaccount.google.com/permissions and remove Expense Pro Manager.
If you need assistance with data deletion, contact us at support@techcybo.com.
7. Data Security
All data in transit is encrypted via HTTPS/TLS by Firebase. Data at rest in Firestore is encrypted by Google Cloud's default encryption.
Firestore security rules enforce that every read and write must be authenticated and must match the requesting user's own UID. No user can read another user's documents.
We do not store encryption keys; Google manages key material for Firestore at-rest encryption.
8. Children's Privacy
Expense Pro Manager is not directed at children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@techcybo.com and we will delete it.
9. Your Rights
Depending on your location, you may have the right to:
- → Access — request a copy of the data we hold about you.
- → Correction — update inaccurate data directly in the app.
- → Deletion — delete all your data via the app (Settings → Danger Zone) or by emailing us.
- → Portability — export your transactions as CSV or Excel via Settings → Export.
- → Objection / restriction — contact us at support@techcybo.com.
10. Changes to This Policy
If we make material changes to this policy, we will update the Last updated date at the top of this page. Continued use of the app after changes are posted constitutes acceptance of the updated policy. For significant changes, we will make reasonable efforts to notify users within the app.
11. Contact Us
Questions, data requests, or privacy concerns: