Privacy Policy
Effective date: July 6, 2026
Sumova (“the app”) is a local-first personal expense tracker for iOS and Android. This policy explains what data the app handles, where it stays, and the one case in which the app itself can send anything off your device.
Your financial data never leaves your device. Sumova has no user accounts, no ads, no analytics, and no tracking. The only data the app itself ever sends is an anonymized crash report — and you can turn that off at any time. Backups and support emails leave your device only when you choose to send them.
1. Data stored on your device
All of your data is stored locally, in a database on your device:
- accounts (names, icons, balances),
- transactions (type, amount, date, category, optional notes),
- categories,
- debts (person name, amount, optional notes, due dates) and their repayments,
- app settings (currency, language, theme, week start, crash-reporting preference).
None of this is ever transmitted to us or to anyone else. We have no servers, no user accounts, and no way to access your data. Deleting the app deletes all of it.
2. App lock (PIN and biometrics)
If you enable the app lock:
- your PIN is stored only as a salted cryptographic hash in your device’s secure storage (iOS Keychain / Android Keystore) — the PIN itself is never stored and never leaves the device;
- Face ID / Touch ID / fingerprint authentication is performed entirely by the operating system — the app never sees or stores your biometric data.
Neither the PIN hash nor any lock data is included in backup files.
3. Crash reporting (optional, the only data that can leave your device)
To fix bugs, the app can send an automatic crash report when it encounters an error. This uses Sentry, a crash-reporting service operated by Functional Software, Inc. (sentry.io/privacy), acting as our data processor.
What a crash report contains:
- the technical error and stack trace (where in the app’s code the crash happened),
- app version, operating system name and version,
- device model and hardware diagnostics (e.g. memory, battery level, orientation),
- device locale and timezone.
What a crash report can never contain:
- your financial data — no amounts, transactions, accounts, categories, debts, or notes,
- your PIN, biometric data, or backup contents,
- your name, email, or any account identifier (the app has none),
- your device’s personal name (e.g. “John’s iPhone”) — we strip it before sending,
- your IP address — the app never attaches it, and before crash reporting goes live we configure our Sentry project to discard the connection IP at ingestion,
- screenshots, screen recordings, or any trail of what you tapped or viewed.
Your control: crash reporting is enabled by default and can be turned off at any time with the Crash reporting toggle in Settings. When it is off, nothing is sent — including crashes that happen while the app is starting up.
Legal basis and retention: we process crash diagnostics on the basis of our legitimate interest in keeping the app stable (GDPR Art. 6(1)(f)). Because we rely on legitimate interest, you have the right to object to this processing at any time (GDPR Art. 21) — the Crash reporting toggle in Settings is how you exercise it. Crash reports are automatically deleted by Sentry after at most 90 days. Sentry may process data on servers in the United States; these transfers are safeguarded by standard contractual clauses, and Sentry additionally self-certifies under the EU–US Data Privacy Framework. You can obtain a copy of these safeguards from Sentry's Data Processing Addendum at sentry.io/legal/dpa.
4. Backups (export and restore)
You can export your data as a JSON file from Settings → Backup & restore. This is entirely user-initiated:
- the file is created on your device and handed to the system share menu — you choose where it goes (your cloud drive, email, another device, …);
- we never receive, see, or store your backup;
- the file is not encrypted — it contains your financial data in readable form, so store it somewhere you trust.
Restoring a backup is likewise entirely local.
5. Contact
The “Contact us” screen opens your own email app addressed to support@sumova.app. Anything you send is transmitted by your email provider, like any normal email, and is used only to answer you. We do not add you to any mailing list.
6. What Sumova does NOT do
- No user accounts or registration.
- No advertising and no ad SDKs.
- No analytics, profiling, or behavioral tracking.
- No selling or sharing of data with third parties (Sentry acts only as our processor for crash diagnostics, described above).
- The app makes no network connections of its own other than optional crash reports (backups and emails are sent by apps you choose — see sections 4 and 5).
7. Deleting your data
- In the app: Settings → “Erase all data” permanently deletes everything stored by the app on your device.
- Uninstalling the app removes your on-device database. On iOS, a small piece of app-lock data (the salted PIN hash) may remain in the system Keychain until the app is installed again — it contains no financial data, cannot be reversed to your PIN, and the app clears it automatically on the next install's first launch. To erase everything immediately, use “Erase all data” before uninstalling.
- Crash reports: already-submitted reports contain no data that identifies you; they expire automatically within 90 days. You may still request earlier deletion via the contact address above.
8. Your rights
If you are in the EU/EEA or a jurisdiction with similar laws, you have the rights of access, rectification, erasure, restriction, portability, and objection regarding personal data we process. In practice this concerns only crash diagnostics, which are not linked to your identity. Contact us at the address in section 5. You also have the right to lodge a complaint with your local data-protection authority — in Lithuania, the State Data Protection Inspectorate (vdai.lrv.lt). We do not sell or share personal information, and we are not a “business” under the California Consumer Privacy Act.
Because all app data lives on your device, exporting it (portability) and deleting it are directly in your hands — see sections 4 and 7.
9. Children
Sumova is not directed at children under 13 (or the equivalent minimum age in your jurisdiction) and collects no personal data from anyone.
10. Changes to this policy
If we change this policy — for example, when the app gains new features — we will update this document and its effective date, and we will note material changes in the app’s release notes. Changes take effect when posted and never apply retroactively to data already processed.