Privacy Policy

This page explains how ProfitTracker collects, uses, discloses, and safeguards your information when you use our mobile app.

Last Updated: December 24, 2025

Introduction

ProfitTracker ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("the App"). Please read this policy carefully.

By using ProfitTracker, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the App.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account, we collect:

  • Email address: Used for account creation, authentication, and communication
  • Password: Encrypted and stored securely; we never store plain-text passwords
  • First name: Required during registration for account identification
  • Last name: Required during registration for account identification
  • Phone number: Optional during registration; can be updated in Settings

1.2 Business Data You Create

When you use the App, you create and store:

  • Sales transactions: Product names, sale prices, costs, fees, dates, categories, quantities, platforms, notes
  • Expense records: Expense names, amounts, dates, categories, descriptions, notes
  • Inventory items: Product names, purchase prices, quantities, cost basis, dates, categories, photos, notes
  • Business profiles: Business names, settings (for multi-business management)
  • Product images: Photos of items you sell or inventory items (optional, uploaded from your photo library or camera)
  • Receipt photos: Photos of expense receipts (optional, uploaded from your photo library or camera)
  • Settings preferences: Tax rates, state/province, currency, appearance preferences (dark/light mode), default business selection
  • Category preferences: Customized sales and expense category selections
  • Saved filters: Named filter presets with category selections, search terms, and date ranges for quick access
  • Premium subscription status: Whether you have an active subscription

1.3 Automatically Collected Information

When you use the App, we automatically collect:

  • Device information: Device model, operating system version, unique device identifiers
  • Usage data: Features accessed, time spent in the App, interaction patterns
  • Error logs: Crash reports and technical diagnostics to improve App performance
  • Analytics data: Aggregated and anonymized usage statistics
  • Cache data: Temporary local storage of sales/expenses/inventory data for offline functionality and performance (stored on your device only)

1.4 Information from Third-Party Services

We use third-party services that may collect information:

  • Supabase: Database and authentication provider (stores your account and business data)
  • RevenueCat: Subscription management service (processes subscription status)
  • Apple App Store / Google Play Store: Payment processing (we do not see your payment details)

1.5 Biometric Authentication Data (Optional)

If you enable Face ID, Touch ID, or Fingerprint authentication:

  • Biometric credentials: Your Face ID/Touch ID/Fingerprint data is NEVER collected, transmitted, or stored on our servers
  • Local device storage only: When you enable biometric login, only your user ID and email are stored securely on your device using Expo SecureStore (encrypted device-level storage)
  • Authentication process: The biometric authentication uses your device's native biometric system (iOS LocalAuthentication API or Android BiometricPrompt). Your actual biometric data never leaves your device
  • Your control: You can enable or disable biometric login at any time in Settings. Disabling it removes the stored credentials from your device
  • What we store: We only know whether you have biometric login enabled (a true/false preference), not your actual biometric data

1.6 Photo Library and Camera Access (Optional)

When you choose to attach images to transactions or inventory items:

  • Camera access: Only used when you tap "Take Photo" to capture product images, inventory images, or receipt photos
  • Photo library access: Only used when you tap "Choose Photo" to select existing images from your device
  • What we access: Only the specific photo(s) you select for upload
  • Permissions: You can grant or revoke camera/photo permissions in your device settings at any time
  • Storage: Selected photos are uploaded to secure Supabase storage buckets (see Section 4.1 for security details)

1.7 Future Integration Data

When third-party integrations become available (e.g., eBay, Shopify, Etsy, Amazon):

  • We will only access data you explicitly authorize
  • Imported data may include: orders, transactions, product information, fees
  • You can disconnect integrations at any time

2. How We Use Your Information

We use your information to:

2.1 Provide and Maintain the App

  • Create and manage your account
  • Store and sync your business data across devices
  • Process and calculate profit metrics
  • Track inventory items and quantities
  • Automatically create sales records when inventory items are marked as sold
  • Generate reports and analytics
  • Enable CSV/Excel data export (Excel export is a Premium feature)
  • Store product images, inventory images, and receipt photos securely in the cloud
  • Generate temporary signed URLs (valid for 7 days) to display your uploaded images within the App
  • Cache data locally on your device for offline access and faster performance

2.2 Improve the App

  • Analyze usage patterns to enhance features
  • Diagnose and fix technical issues
  • Develop new features based on user needs
  • Perform testing and quality assurance

2.3 Manage Subscriptions

  • Process premium subscription purchases
  • Verify subscription status
  • Send subscription renewal reminders
  • Manage subscription changes and cancellations

2.4 Communicate with You

  • Send important updates about the App
  • Respond to your support requests
  • Notify you of policy changes
  • Send promotional communications (with your consent)
  • Comply with legal obligations
  • Enforce our Terms and Conditions
  • Protect against fraud and abuse
  • Resolve disputes

3. How We Share Your Information

We DO NOT sell, rent, or trade your personal information. We only share your information in the following limited circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who help us operate the App:

  • Supabase (Database, Auth & File Storage): Stores your account credentials, business data, inventory data, and uploaded images
    – Location: United States
    – Purpose: Data storage, user authentication, and secure file storage
    – Privacy Policy: https://supabase.com/privacy
    – Security: All data encrypted in transit (SSL/TLS) and at rest. Row Level Security (RLS) policies ensure you can only access your own data
    – File Storage: Product images, inventory images, and receipt photos are stored in private storage buckets. Access is controlled via temporary signed URLs (7-day expiry) that only you can generate
  • RevenueCat (Subscriptions): Manages premium subscription status
    – Purpose: Subscription verification and management
    – Privacy Policy: https://www.revenuecat.com/privacy
    – What they receive: Your user ID and subscription status (not your transaction data)
  • Apple App Store / Google Play Store: Processes payments
    – Purpose: Payment processing (we do not receive your payment information)
    – They handle billing, subscription management, and payment details

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

We may disclose information if required by law:

  • To comply with legal processes (subpoenas, court orders)
  • To enforce our Terms and Conditions
  • To protect our rights, property, or safety
  • To protect users or the public from harm

3.3 Business Transfers

If ProfitTracker is involved in a merger, acquisition, or sale of assets:

  • Your information may be transferred to the new owner
  • You will be notified via email and in-app notification
  • You will have the option to delete your account before the transfer

We may share information for other purposes with your explicit consent.

4. Data Storage and Security

4.1 Where We Store Your Data

  • Cloud storage: All account data, transactions, inventory items, and uploaded images are stored on secure Supabase cloud servers located in the United States
  • Device storage: Some data is cached locally on your device using AsyncStorage for offline access and performance (this never leaves your device)
  • Biometric credentials: If you enable biometric login, your user ID and email are stored encrypted on your device using Expo SecureStore (not on our servers)
  • File storage: Product images, inventory images, and receipt photos are uploaded to Supabase Storage in private buckets:
    • product-images: Stores photos of items you sell
    • inventory-images: Stores photos of inventory items you track
    • receipts: Stores photos of expense receipts
    • Access is controlled via signed URLs that expire after 7 days (automatically refreshed when you view transactions)
  • Backups: Data is replicated for backup and disaster recovery purposes
  • No international transfers: All data remains within the United States

4.2 How We Protect Your Data

We implement industry-standard security measures:

  • Encryption in transit: All data transmitted between your device and our servers uses SSL/TLS encryption
  • Encryption at rest: Database data is encrypted when stored on Supabase servers
  • Password security: Passwords are hashed using bcrypt with industry-standard salt rounds (we never store plain-text passwords)
  • Row Level Security (RLS): Database policies ensure users can only access their own data
  • Signed URLs: Uploaded images are accessed via temporary signed URLs (7-day expiry) that only authenticated users can generate
  • Private storage buckets: All uploaded images are stored in private buckets with strict access controls
  • Biometric security: If enabled, biometric credentials are encrypted using your device's secure enclave (iOS Keychain/Android Keystore)
  • Access controls: Strict access limitations to your data
  • Regular security audits: Ongoing monitoring for vulnerabilities
  • Secure authentication: Token-based authentication with automatic expiration

4.3 Data Retention

  • Active accounts: Data is retained as long as your account is active
  • Deleted accounts: When you delete your account, all data is permanently deleted within 30 days, including:
    • Account credentials and profile information (email, password, first name, last name, phone number)
    • All sales and expense transactions
    • All inventory items
    • Business profiles
    • Uploaded product images, inventory images, and receipt photos from storage buckets
    • Biometric credentials stored on your device (if enabled)
    • Cached data on your device
  • Backups: Backup copies are purged within 90 days of account deletion
  • Subscription records: Retained for 7 years for tax and legal compliance (does not include your transaction data, only subscription status)

4.4 Your Responsibility

  • Keep your password secure and confidential
  • Do not share your account credentials
  • Log out from shared devices
  • Report security concerns immediately

5. Your Privacy Rights

5.1 Access Your Data

You can access all your data within the App at any time by:

  • Viewing your sales, expenses, and inventory in the App
  • Viewing your uploaded product images, inventory images, and receipt photos
  • Exporting your data via CSV in the Settings (free tier)
  • Exporting your data via Excel/XLSX in the Settings (Premium feature with advanced formatting and charts)

5.2 Correct Your Data

You can edit or update your information:

  • Edit transactions and inventory items directly in the App
  • Update your first name, last name, and phone number in Settings > Edit Profile
  • Update your email and currency preferences in Settings
  • Contact support for account-level changes that cannot be made in-app

5.3 Delete Your Data

You can delete your data:

  • Delete individual transactions or inventory items within the App
  • Delete uploaded product images, inventory images, or receipt photos from individual records
  • Delete your entire account in Settings > Danger Zone > Delete Account
  • Account deletion is permanent and irreversible
  • All your data will be permanently deleted within 30 days, including:
    • All sales and expense transactions
    • All inventory items
    • Business profiles
    • Uploaded product images, inventory images, and receipt photos
    • Account credentials and profile information (email, password, first name, last name, phone number)
    • Biometric credentials stored on your device (if enabled)
  • Important: This action uses a secure Supabase Edge Function that ensures complete data deletion with cascading deletes across all related tables and storage buckets

5.4 Export Your Data (Data Portability)

You can export your data:

  • CSV Export (Free & Premium): Use the CSV export feature in Settings > Data Export. Exports include all sales and expenses in a standard format
  • Excel Export (Premium Only): Use the Excel export feature in Settings > Data Export. Includes advanced formatting, charts, and monthly summaries
  • You can transfer this data to other applications (e.g., QuickBooks, Excel, Google Sheets)
  • Export options include date range filtering (This Month, Last Month, Last 3 Months, Last 6 Months, This Year, Last Year, All Time, Custom Date Range)
  • Exports can include: All Data, Sales Only, or Expenses Only

5.5 Opt-Out of Communications

You can control communications:

  • Unsubscribe from promotional emails via the unsubscribe link
  • You will still receive important account and service updates

5.6 Regional Privacy Rights

California Residents (CCPA)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of data sales (we don't sell data)
  • Right to non-discrimination for exercising privacy rights

European Residents (GDPR)

  • Right to access personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

Other Regions
We respect privacy rights under all applicable laws. Contact us to exercise your rights.

6. Children's Privacy

ProfitTracker is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

7. International Data Transfers

If you are accessing the App from outside the United States:

  • Your data will be transferred to and stored in the United States
  • By using the App, you consent to this transfer
  • We ensure appropriate safeguards are in place

The App may contain links to third-party websites or services (e.g., when integrations are enabled). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

9. Cookies and Tracking Technologies

The App uses minimal tracking:

  • Authentication tokens: To keep you logged in securely (stored on your device)
  • Local storage (AsyncStorage): To cache sales/expenses/inventory data for offline functionality and performance (stored on your device only, never transmitted)
  • Biometric credentials (SecureStore): To store user ID and email for biometric login (encrypted on your device, never transmitted to servers)
  • Analytics: We may use anonymized analytics to improve the App (no personally identifiable information)

We do NOT use:

  • Advertising cookies
  • Cross-site tracking
  • Third-party advertising networks
  • Tracking across other websites or apps

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be indicated by:

  • An updated "Last Updated" date at the top
  • In-app notification for material changes
  • Email notification for significant changes

Your continued use of the App after changes constitutes acceptance. We encourage you to review this policy periodically.

11. California "Do Not Track" Disclosure

We do not track users across third-party websites and therefore do not respond to Do Not Track (DNT) signals.

12. Data Breach Notification

In the unlikely event of a data breach:

  • We will notify affected users within 72 hours of discovery
  • Notifications will be sent via email and in-app alert
  • We will provide details about the breach and steps to protect yourself
  • We will work with authorities as required by law

By using ProfitTracker, you consent to:

  • The collection, use, and storage of your information as described
  • The transfer of your data to the United States
  • The use of service providers as outlined in this policy

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

We will respond to all requests within 30 days.

15. Transparency Commitment

We believe in complete transparency regarding your data:

What we collect:
– Account data: Email, password (encrypted), first name, last name, phone number (optional)
– Transaction data: Sales and expenses you create
– Inventory data: Items you add to track stock, quantities, purchase prices, and sold status
– Files: Product images, inventory images, and receipt photos you choose to upload
– Device-only: Biometric credentials (if enabled), cached data for offline access
– Usage: App interaction patterns (anonymized)

Why we collect it:
– To provide the App's functionality (tracking profits, managing inventory, generating reports)
– To improve your experience (offline access, faster performance)
– To secure your account (authentication, biometric login)

Who has access:
– You: Full access to all your data
– Supabase: Infrastructure provider (database, auth, file storage) - subject to strict security policies
– RevenueCat: Subscription status only (not your transaction data)
– Apple/Google: Payment processing only (we don't see your payment details)

How long we keep it:
– Active accounts: Indefinitely, until you delete
– Deleted accounts: 30 days for complete removal from all systems
– Backups: 90 days after account deletion
– Subscription records: 7 years (legal compliance, no transaction data)

What we DON'T do:

  • ❌ We don't sell your data
  • ❌ We don't share data with advertisers
  • ❌ We don't use your data for purposes other than providing the App
  • ❌ We don't track you across other websites
  • ❌ We don't read your data unless required for support or legal reasons
  • ❌ We don't collect biometric data (stored on your device only)
  • ❌ We don't access your entire photo library (only photos you select)

Your control:
– View all your data in the App (sales, expenses, inventory)
– Export data anytime (CSV for free, Excel for Premium)
– Edit or delete individual transactions and inventory items
– Delete uploaded images from transactions and inventory
– Disable biometric login anytime
– Delete your entire account permanently
– Revoke camera/photo permissions in device settings

File Storage Details:
– Product images, inventory images, and receipts stored in private Supabase storage buckets
– Accessed via temporary signed URLs (7-day expiry, auto-refreshed)
– Row Level Security ensures only you can access your files
– Deleted automatically when you delete transactions, inventory items, or your account

Inventory Feature Details:
– Track items you purchase before selling them
– Store purchase price, quantity, date, category, and photos
– Mark items as sold with partial quantity support (e.g., sell 5 of 10 items)
– When marked as sold, a sale is automatically created in your sales records
– Free users limited to 15 inventory items; Premium users have unlimited
– All inventory data is subject to the same security and privacy protections as other data

Biometric Authentication Details:
– Your Face ID/Touch ID/Fingerprint data NEVER leaves your device
– We only store your user ID and email (encrypted) on your device
– Uses your device's native biometric system (iOS LocalAuthentication API, Android BiometricPrompt)
– We only know if you have biometric enabled (true/false), not your actual biometric data

Data Security:
– SSL/TLS encryption for all network traffic
– Row Level Security policies on database
– Encrypted password storage (bcrypt hashing)
– Private storage buckets with signed URL access
– Biometric credentials use device secure enclave (iOS Keychain, Android Keystore)

Thank you for trusting ProfitTracker with your business data. We take this responsibility seriously and are committed to protecting your privacy.

Last Updated: December 24, 2025

Have questions? Email profittrackerbusiness@gmail.com.