Privacy Policy

1. Introduction and Scope

This Privacy Policy ("Policy") governs the collection, use, storage, sharing, and protection of personal data by GreenLeafTech ("we", "us", "our", "Developer") in connection with the SyncSpend mobile application ("App", "SyncSpend") available on the Google Play Store.

By downloading, installing, accessing, or using SyncSpend, you ("User", "you") acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree to this Policy, you must immediately discontinue use of the App and uninstall it from your device.

This Policy applies worldwide to all users of SyncSpend regardless of their country of residence or origin. Service availability and feature access may vary by region depending on local laws, payment infrastructure, and platform availability. Where local laws impose stricter requirements than this Policy, we endeavour to meet those stricter requirements to the extent applicable.

2. About GreenLeafTech and SyncSpend

GreenLeafTech is the developer and data controller responsible for SyncSpend. SyncSpend is a personal and group expense tracking application designed to help individuals and groups record, manage, and settle financial expenditures in a transparent, secure, and responsible manner.

Developer Name: GreenLeafTech

Contact Email: greenleaftech.co.in@gmail.com

Jurisdiction: India

GreenLeafTech is the sole owner of SyncSpend and all intellectual property, data architecture, design, and service logic associated with it. Nothing in this Policy transfers any ownership, right, or interest in the App to the User.

3. Information We Collect

We follow a data minimization principle. We collect only the data strictly necessary to deliver SyncSpend's services. The categories of data we collect are described below. These disclosures are also reflected in the Google Play Data Safety section on the SyncSpend Play Store listing. In the event of any inconsistency between this Policy and the Data Safety section, this Policy shall be the authoritative reference.

3.1 Personal Information

• Email address (required for account creation and authentication)
• Display name or chosen username (optional, provided by the user)
• Authentication tokens and session identifiers managed by third-party authentication providers

3.2 Expense and Usage Data

• Personal expense entries created by the user (stored solely on the user's device)
• Group expense entries including amounts, descriptions, dates, and associated member identifiers
• Group membership records, settlement logs, and transaction histories
• Subscription and entitlement status managed via RevenueCat and Google Play Billing

3.3 Automatically Collected Technical Data

• Device type and operating system version (for compatibility and crash diagnostics)
• App version and usage statistics (for performance improvement)
• Crash reports and error logs (for stability and quality assurance)
• Anonymous app user identifier assigned by RevenueCat for subscription management
• Purchase history data collected by RevenueCat for subscription validation and fraud prevention

3.4 Data We Do NOT Collect

We do not intentionally collect the following. However, certain third-party SDKs integrated into the App may incidentally collect minimal technical data as described in Section 11. Where this occurs, it is governed by those providers' own privacy policies:

• Your device's local contacts or address book
• Your precise or approximate geographic location
• Photographs, camera output, or media files
• SMS, call logs, or communications
• Payment card numbers, bank account details, or financial credentials
• Biometric data of any kind
• Advertising identifiers (we do not serve ads)

Member discovery within SyncSpend is performed exclusively by searching for other users who have already registered on the SyncSpend cloud service using their email address. The App does not access, scan, or upload the local contacts stored on your device at any time.

4. How Data is Stored - Personal vs. Group Expenses

SyncSpend operates on a clear separation between personal expense data and group expense data. Understanding this distinction is essential for understanding your data rights and responsibilities.

4.1 Personal Expense Data

Personal expense data refers to all expense entries created by a user for their own individual tracking purposes, outside of any group context.

• Personal expense data is stored exclusively on the user's local device.
• Personal expense data is never transmitted to or stored on SyncSpend cloud servers unless the user explicitly enables cloud sync features.
• Personal expense data remains entirely under the user's control at all times.
• If the user uninstalls the App from their device, all personal expense data stored locally is permanently and irrecoverably lost. GreenLeafTech has no ability to recover this data. Users are solely responsible for maintaining backups of their personal expense data.

4.2 Group Expense Data

Group expense data refers to all expense entries, settlement records, and transaction logs created within a group managed on the SyncSpend platform.

• Group expense data is stored securely in cloud databases managed by our third-party infrastructure providers (Firebase or Supabase, depending on deployment configuration at the time of service).
• The cloud database serves as the authoritative source of truth for all group expense data and is used to synchronize data across devices of group members.
• Group expense data is accessible to the group owner and authorised group members as described in Section 6 of this Policy.
• Group expense data is subject to data retention limits based on the user's subscription tier as described in Section 8.

4.3 Cloud as Source of Truth

For group features, the SyncSpend cloud infrastructure is the definitive, authoritative record of all group transactions. In the event of a discrepancy between data on a user's device and data on the cloud, the cloud record shall prevail. Users must maintain an active subscription to retain access to group cloud data beyond the applicable free retention period.

5. How We Use Your Data

We use data collected through the App solely for the following purposes:

• To create and authenticate your account and verify your identity
• To deliver core App functionality including personal expense tracking and group expense management
• To enable group creation, member management, expense logging, and settlement features
• To process, validate, and manage your in-app subscription and entitlements via RevenueCat and Google Play Billing
• To enforce the one-time free trial policy by verifying whether a given email address has previously used the trial feature
• To synchronise group expense data across devices of authorised group members
• To detect, prevent, and investigate fraud, abuse, or violations of our Terms of Service
• To send service-related communications such as critical security notices or policy updates
• To analyse aggregated, anonymised usage statistics for performance improvement and quality assurance
• To comply with applicable legal obligations

We do not use your data for advertising, marketing to third parties, profiling for commercial purposes, or any purpose not stated in this Policy. SyncSpend is an expense tracking tool only. Nothing in the App or this Policy constitutes financial, accounting, legal, or investment advice. GreenLeafTech is not a financial institution, accounting firm, or legal services provider. Users are solely responsible for their financial decisions and record-keeping obligations.

6. Group Data Ownership, Member Rights, and Access Control

6.1 Nature of Group Expense Data

SyncSpend's group feature is designed as an expense logging tool for funds administered by the group owner. Expense entries logged within a group represent records of expenditures made from funds under the group owner's administration. Members who log entries within a group are recording how the group owner's administered funds were spent on behalf of the group.

Group expense entries may contain personal data contributed by members. Such data is processed jointly for the purpose of shared financial record-keeping. Users acknowledge that participation in a group involves shared data control between the group owner and members, within the boundaries described in this Section.

Accordingly, the group owner holds primary administrative rights over group expense records, and member rights within a group are limited as described in this Section.

6.2 Group Owner Rights

• The group owner has the exclusive right to create, manage, and permanently delete the group.
• The group owner can view all expense entries logged by all current and former members within their groups.
• The group owner can add or remove members from the group at any time.
• When a group owner permanently deletes a group, all associated group expense data, transaction logs, and member records are permanently and irrecoverably erased from both cloud servers and any locally cached copies on member devices. This action cannot be undone.

6.3 Member Rights and Limitations Within Groups

• Group members can log expense entries within the group and view group expense records as permitted by the group owner.
• A member may edit or delete their most recently logged expense entry within a group, provided no subsequent expense entry has been logged by any member after their entry. Once a subsequent entry exists, the earlier entry becomes immutable and cannot be edited or deleted by the member. This restriction exists to preserve the integrity of the sequential financial record.
• Members do not have the right to delete or modify other members' expense entries.

In-app notification of the entry immutability rule will be displayed to users within the group interface. Please read in-app guidance carefully before logging entries.

6.4 Data Upon Member Removal

When a member is removed from a group by the group owner:

• The removed member immediately loses the ability to view, access, edit, or add any data within that group.
• Expense entries previously logged by the removed member remain within the group record as part of the permanent financial log. This data is retained to preserve the integrity of the group's historical financial record, which the group owner is entitled to maintain.
• The display name associated with the removed member's entries is retained as it appeared at the time of logging. This is necessary to preserve record accuracy across historical transaction logs. Retroactive name changes across historical records are not technically supported in order to maintain data integrity.

This retention of historical entries by a removed member is justified under the legitimate interest of maintaining accurate financial records by the group owner, in accordance with GDPR Article 6(1)(f) and applicable data protection law.

6.5 GDPR Right to Erasure in Group Context

Where a removed member submits a valid Right to Erasure request under GDPR or applicable law, GreenLeafTech will assess such requests on a case-by-case basis. We reserve the right to decline erasure of group expense entries where erasure would materially impair the financial record-keeping rights of the group owner, consistent with the legitimate interest exception under applicable data protection legislation. Requests may be submitted to greenleaftech.co.in@gmail.com.

7. Legal Basis for Processing (GDPR)

Where the GDPR or equivalent legislation applies, we process personal data on the following legal bases:

• Contractual Necessity (Article 6(1)(b)): Processing necessary to deliver the services you have requested, including account creation, group management, cloud synchronisation, and subscription management.
• Legitimate Interests (Article 6(1)(f)): Processing for fraud prevention, trial abuse prevention, group financial record integrity, security monitoring, and the retention of email addresses for one year following account deletion to prevent reuse of the free trial.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws and regulations.
• Consent (Article 6(1)(a)): Where we rely on consent, such as for optional push notifications (when implemented), you may withdraw consent at any time without affecting the lawfulness of prior processing.

8. Data Retention and Deletion Policy

SyncSpend follows a data minimisation approach. We retain data only as long as necessary to deliver our services and fulfil legitimate business and legal purposes.

8.1 Personal Expense Data

• Stored exclusively on the user's device and fully under the user's control.
• Not transmitted to or retained by GreenLeafTech servers unless cloud features are explicitly enabled.
• Permanently deleted upon uninstallation of the App from the device. GreenLeafTech has no ability to recover this data.

8.2 Group Expense Data - Retention Tiers

• Editability: Regardless of subscription tier, only expense entries logged within the current calendar month are editable. All prior months’ entries are permanently locked and read-only to preserve the integrity of the financial record.
• Free tier users: Group expense data is retained in cloud storage and accessible as live readable data for up to 2 (two) years from the date of entry. After this period, data is permanently and automatically deleted. Free tier users do not receive archived data storage beyond the 2-year live retention window.
• Paid subscribers: Group expense data is retained for a total period of up to 5 (five) years from the date of entry, comprising 2 (two) years of live readable data and up to 3 (three) additional years of archived, read-only data. The total maximum retention period for paid subscribers is 5 (five) years.
• Upon expiry of the applicable retention period, group expense data is permanently and automatically deleted from cloud servers. Deleted data cannot be recovered under any circumstances. Users are responsible for exporting data before the retention period expires.

8.3 Account Deletion

Upon a user's request for account deletion:

• All personal profile data, personal expense data synced to cloud, and group-related data associated with the account are permanently deleted from cloud servers.
• The user's email address is retained for a period of 12 (twelve) months following account deletion. This retention is necessary for the sole purpose of identifying whether the email address was previously associated with a free trial, thereby preventing fraudulent reuse of the trial feature. This is a legitimate business interest under applicable data protection law. Users may object to this processing under applicable law by contacting us at greenleaftech.co.in@gmail.com. Such objections will be assessed against our legitimate interest in preventing trial abuse, and we will respond within 30 days.
• After the 12-month retention period, the email address is permanently and irrecoverably deleted.
• Expense entries previously logged by the deleted account within active groups are governed by Section 6.4 of this Policy.

8.4 Group Deletion by Owner

When a group owner permanently deletes a group:

• All group expense data, transaction logs, member records, and associated metadata are permanently and irrecoverably erased from cloud servers.
• Any locally cached group data on member devices is also cleared upon next synchronisation.
• This action is final and irreversible. The group owner is solely responsible for exporting or recording any data they wish to retain before deleting the group.

8.5 No Automatic Backup

SyncSpend does not currently provide automatic data backup for personal expense data. User-initiated data export is available as described in Section 10. Users are solely responsible for maintaining their own records until such time as an automated backup feature is made available, which will be disclosed via an updated Policy.

9. Subscriptions, In-App Purchases, and Billing

9.1 Free and Paid Features

SyncSpend operates on a freemium model:

• Personal expense tracking features are available free of charge. Certain advanced personal features may require a paid subscription, as indicated within the App at the relevant time.
• Group expense features are exclusively available to paid subscribers. These features are not accessible to free-tier users beyond the applicable free trial period.

The specific features included in each tier and their pricing are determined by GreenLeafTech at its sole discretion and are subject to change at any time. Current pricing and feature details are displayed within the App and on the Google Play Store listing.

9.2 Free Trial

• A free trial period of 30 (thirty) days is available for group features.
• Each user is entitled to one free trial per account. The free trial is tied to the user's registered email address.
• GreenLeafTech retains the user's email address for up to 12 months following account deletion solely to enforce the one-trial-per-user policy and prevent fraudulent reuse of the trial feature.
• Once the trial period expires, continued access to group features requires an active paid subscription.
• Subscription charges begin automatically at the end of the free trial period unless cancelled at least 24 hours before the trial expires.

9.3 Billing and Payment Processing

• All in-app purchases and subscription payments are processed exclusively through Google Play Billing.
• Subscription management, receipt validation, entitlement tracking, and purchase history processing are handled by RevenueCat, Inc., a third-party subscription management service. RevenueCat acts as a data processor on behalf of GreenLeafTech in this context.
• GreenLeafTech does not collect, store, or have access to your payment card details, bank account information, or any financial credentials. All payment data is managed by Google Play Billing in accordance with their terms and privacy policy.
• RevenueCat collects your purchase history and an anonymous app user identifier for the purposes of subscription validation, fraud prevention, and analytics. This data collection is mandatory when using RevenueCat and cannot be disabled. Please refer to RevenueCat's Privacy Policy at https://www.revenuecat.com/privacy for further details.

9.4 Auto-Renewal and Cancellation

• Subscriptions are automatically renewed at the end of each billing period unless cancelled.
• To cancel a subscription or disable auto-renewal, you must do so via Google Play at least 24 hours before the end of the current billing period.
• Cancellation takes effect at the end of the current billing period. Access to paid features continues until the end of the paid period.
• GreenLeafTech is not responsible for any charges resulting from failure to cancel a subscription in a timely manner through Google Play.

9.5 Refunds

All refund requests are subject to Google Play's refund policy exclusively. GreenLeafTech does not process refunds directly. To request a refund, please follow the refund procedure outlined by Google Play. GreenLeafTech makes no representation as to whether a refund will be granted, as this is at Google Play's sole discretion.

10. Data Export

• SyncSpend provides a user-initiated data export feature allowing users to export their personal expense data. This feature is available free of charge for personal data.
• Export of group expense data is available to paid subscribers and is included as part of the subscription.
• Data export must be initiated manually by the user within the App. There is no automatic or scheduled export currently available.
• Users are strongly advised to export their data before deleting their account, uninstalling the App, or deleting any group, as data cannot be recovered after these actions.
• Exported data will be provided in a standard machine-readable format such as CSV or JSON, subject to the capabilities of the App at the time of export. The format, scope, and availability of the export feature may be updated over time and will be reflected in the App interface.

11. Third-Party Services

We engage the following third-party service providers to operate core features of SyncSpend. We do not sell, rent, trade, or otherwise transfer your personal data to third parties for marketing or commercial purposes. GreenLeafTech does not sell personal information as defined under the CCPA/CPRA and does not share personal information for cross-context behavioural advertising.

11.1 Google Firebase

Firebase (Google LLC) is used for authentication services, cloud database storage, and crash reporting. Firebase processes data in accordance with Google's Privacy Policy (https://policies.google.com/privacy).

11.2 Supabase

Supabase may be used for authentication and cloud database services as an alternative or complement to Firebase. Supabase processes data in accordance with its Privacy Policy (https://supabase.com/privacy).

11.3 RevenueCat

RevenueCat, Inc. is used for in-app subscription management, purchase history validation, and entitlement tracking. RevenueCat acts as a data processor and collects purchase history and an anonymous app user identifier. RevenueCat does not collect personally identifiable information beyond what is described. RevenueCat's Privacy Policy is available at https://www.revenuecat.com/privacy.

As required by Google Play's Data Safety policy, users should be aware that RevenueCat transmits purchase history data to its servers (api.revenuecat.com) for the purposes of subscription validation and app functionality. This is declared in our Google Play Data Safety form.

11.4 Google Play Billing

Google Play Billing (Google LLC) is used for processing in-app purchases and subscriptions. Google processes payment data in accordance with Google's Terms of Service and Privacy Policy.

11.5 No Third-Party Advertising

SyncSpend currently does not contain advertisements. GreenLeafTech does not currently work with advertising networks, data brokers, or third-party marketers. No user data is shared with any third party for advertising or marketing purposes. If this changes in the future, this Policy will be updated and users will be notified prior to any such change taking effect.

12. Cookies and Similar Technologies

SyncSpend is a mobile application and does not use browser cookies. However, third-party service providers (including Firebase and RevenueCat) may employ similar device-based tracking technologies such as anonymous identifiers, session tokens, or analytics SDKs for purposes of performance monitoring, crash analysis, and subscription management. These technologies are governed by the respective privacy policies of those providers as referenced in Section 11.

13. Data Security

GreenLeafTech implements industry-standard technical and organisational security measures to protect your personal data, including:

• SSL/TLS encryption for all data transmitted between the App and cloud servers
• AES-256 encryption for data at rest where supported by our infrastructure providers
• Role-based access controls limiting data access to authorised personnel and services
• Secure authentication handled exclusively by trusted third-party providers

Notwithstanding these measures, no electronic storage or data transmission method is completely secure. GreenLeafTech cannot guarantee absolute security of your data. In the event of a data breach that is likely to result in a high risk to user rights and freedoms, we will notify affected users and relevant supervisory authorities as required by applicable law.

GreenLeafTech may maintain logs of system activity, including authentication events, subscription transactions, and crash reports, for the purposes of security monitoring, fraud prevention, and dispute resolution. These logs are retained only as long as necessary for their stated purpose and are not used for any other purpose. GreenLeafTech follows a policy of non-disclosure of its internal technical architecture, infrastructure, or security implementation details to protect the integrity of its security posture and the interests of its users.

14. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

14.1 GDPR Rights (European Union / EEA)

• Right of Access: To request a copy of the personal data we hold about you.
• Right to Rectification: To request correction of inaccurate or incomplete data.
• Right to Erasure: To request deletion of your personal data, subject to the limitations described in Sections 6 and 8 of this Policy.
• Right to Restriction: To request restriction of processing in certain circumstances.
• Right to Data Portability: To receive your data in a structured, machine-readable format where technically feasible.
• Right to Object: To object to processing based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, to withdraw it at any time.

14.2 CCPA/CPRA Rights (California, USA)

• Right to Know: The categories and specific pieces of personal data collected about you.
• Right to Delete: To request deletion of personal data, subject to applicable exceptions.
• Right to Correct: To request correction of inaccurate personal data.
• Right to Opt-Out of Sale or Sharing: GreenLeafTech does not sell or share personal data.
• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

14.3 DPDP Act Rights (India)

• Right to information about personal data being processed.
• Right to correction and erasure of personal data.
• Right to grievance redressal.
• Right to nominate another person to exercise rights on your behalf in the event of your death or incapacity.

14.4 Exercising Your Rights

To exercise any of the above rights, including account deletion, please contact us at greenleaftech.co.in@gmail.com or use the in-app account settings where available. We will respond within the timeframe required by applicable law (generally 30 days). We may need to verify your identity before processing your request. Where we are unable to fulfil a request, we will provide a reasoned explanation.

15. Location Data

SyncSpend does not request, access, collect, or process your device's location data (precise or approximate) at any point during normal operation of the App. No location permissions are requested by SyncSpend.

Third-party service providers, including Google Play Billing and RevenueCat, may derive approximate location information from network-level data (such as IP addresses) for the purposes of fraud prevention and compliance with regional regulations. Such processing is governed by those providers' own privacy policies.

16. Device Contacts

SyncSpend does not request, access, read, or upload the contact list stored on your device. The App does not request contacts-related permissions.

Member discovery and group invitations within SyncSpend are conducted exclusively by searching for other users who have already registered a SyncSpend account using their email address on the SyncSpend cloud service. The App does not use, reference, or interact with your device's local contacts at any time.

17. Push Notifications

SyncSpend may implement push notifications in a future version of the App. If and when this feature is introduced, users will be asked for explicit permission before any push notifications are sent. This Policy will be updated to reflect the implementation of push notifications prior to their activation. Users will be able to manage or withdraw notification permissions through their device settings at any time.

18. Children's Privacy

SyncSpend is not intended for use by children. The minimum age requirements are as follows:

• India: Users must be at least 18 years of age, in compliance with India's Digital Personal Data Protection Act 2023 (DPDP Act). Users between 13 and 17 years of age in India may use the App only with verifiable parental or guardian consent.
• All Other Jurisdictions: Users must be at least 13 years of age, in compliance with the United States Children's Online Privacy Protection Act (COPPA) and applicable regional laws.

GreenLeafTech does not knowingly collect personal data from children below the applicable minimum age. If we become aware that a user is below the applicable minimum age and has not provided verifiable parental consent, we will promptly delete their account and associated data. If you believe a child has registered without appropriate consent, please contact us at greenleaftech.co.in@gmail.com.

19. International Data Transfers

GreenLeafTech is incorporated in India. Data processed through our third-party service providers (including Firebase, Supabase, and RevenueCat) may be transferred to and stored in servers located in the United States or other countries outside your jurisdiction.

Such transfers are made subject to appropriate safeguards including Standard Contractual Clauses (SCCs) as required by the GDPR, and equivalent mechanisms required by applicable law. By using SyncSpend and consenting to this Policy, you acknowledge and consent to such transfers in accordance with applicable data protection law.

Our third-party providers maintain certifications and compliance programmes appropriate to their roles as data processors. Please refer to the respective privacy policies of those providers for details of their international transfer mechanisms.

20. Limitation of Liability and Disclaimers

To the fullest extent permitted by applicable law:

• GreenLeafTech shall not be liable for any loss of data arising from the user's failure to export or back up their data prior to uninstalling the App, deleting their account, or deleting a group.
• GreenLeafTech shall not be liable for any data loss arising from device failure, accidental deletion, or any cause beyond GreenLeafTech's reasonable control.
• GreenLeafTech makes no warranty that the App will be available without interruption, or that data stored on third-party cloud infrastructure will be free from loss or corruption.
• GreenLeafTech shall not be liable beyond the extent required by applicable law for the acts or omissions of third-party service providers, including but not limited to Firebase, Supabase, RevenueCat, and Google Play Billing.
• GreenLeafTech shall not be responsible for any unauthorised access to user data resulting from user negligence, including failure to secure account credentials or device access.

Nothing in this section excludes liability that cannot be excluded under mandatory applicable law, including liability for fraud, wilful misconduct, or death or personal injury caused by negligence.

21. Changes to This Privacy Policy

GreenLeafTech reserves the right to modify this Privacy Policy at any time at its sole discretion. Changes will be effective upon posting of the updated Policy, which will be made available within the App and/or on the associated policy URL provided in the Google Play Store listing.

We will notify users of material changes through in-app notice or other reasonable means prior to the change becoming effective. The date of the most recent update is displayed at the top of this document.

Your continued use of SyncSpend following the posting of a revised Policy constitutes your acceptance of the revised terms. If you do not agree to the revised Policy, you must stop using the App and request account deletion.

22. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of India, without regard to its conflict of law provisions. Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts located in India.

This Policy is written in the English language. In the event of any conflict between an English version and a translated version of this Policy, the English version shall prevail.

23. Contact Information

If you have any questions, concerns, complaints, or requests in relation to this Privacy Policy or our data practices, please contact us:

Developer: GreenLeafTech

Email: greenleaftech.co.in@gmail.com

Grievance Officer (India DPDP Act): Vinesh Kumar, GreenLeafTech — greenleaftech.co.in@gmail.com. We aim to respond to all privacy-related enquiries within 30 days. For data deletion or rights exercise requests, please include your registered email address and a description of your request.

SyncSpend - Track personal and group expenses transparently, securely, and responsibly.

Copyright 2026 GreenLeafTech. All rights reserved.