targaetSign in

Legal

Privacy Policy

Effective: 2026-05-09Last updated: 2026-06-03

This Privacy Policy describes how Targaet (“we,” “our,” or “the app”) collects, uses, and protects information when you use our mobile application. If you have questions about this policy, contact us at privacy@targaet.app.

Who we are

Targaet is a shared personal-finance app for households and small tenants. Members of an account record income and expenses together; the app shows each household its balance, recent transactions, monthly budget, and spending trends.

The app is operated by the Targaet team (the “operator”). We are the data controller for the information described in this policy.

Information we collect

We collect only what’s needed to run the app. We do not sell your data, share it for advertising, or use it for analytics profiling.

1. Account information

When you sign up — either directly in the app or after being invited to a household by an existing member — we collect:

  • Email address. Used as your sign-in identifier and for password-reset emails.
  • Password. Stored only as a hashed value by our authentication provider (Supabase). We never see or store your plaintext password.
  • Display name, initials, and a colour preference you choose for yourself in your profile.

2. Financial information you record

Everything you enter into the app stays scoped to the household (“account”) you belong to. Other Targaet users — including users in other households — cannot see it. This includes:

  • Transactions: amount, category, description, date, optional note, optional location label, and which member recorded it.
  • Tentative items: upcoming expenses you mark as likely / maybe / unlikely.
  • Monthly budget categories and the planned amount for each.
  • The running balance of each household account, maintained by our database.

You can edit, delete, or split any transaction you can see. Deletes are permanent.

3. Device-side data we do not transmit

  • Biometric data.If you enable Face ID, Touch ID, or fingerprint unlock, the biometric template stays on your device’s secure enclave. The app only receives a yes/no result from the operating system. We never see, transmit, or store the biometric itself.
  • Saved sign-in token. If you enable biometric sign-in, a refresh-token reference is kept in the device keychain (iOS Keychain / Android Keystore via expo-secure-store). It never leaves the device.

4. Location (Smart Prompts — optional, off by default)

Targaet includes an optional feature called Smart Prompts, which is turned off by default. You enable it in Settings → Smart prompts, where the app first explains the feature and then asks your permission to use location — including in the background.

When you enable it, the app:

  • Stores the coordinates of places you choose to save (for example, your grocery store) in your household account, so members of your household share the same set of saved places.
  • Uses your device location in the background — even when the app is closed or not in use — to detect when you leave a saved place, and then sends you a local notification asking whether you spent anything.

Your location is used only to match against the places you saved, in order to fire that reminder. We do not build a location history, track your movements continuously, or sell or share your location with third parties. You can turn Smart Prompts off, or revoke location permission in your device settings, at any time — the feature simply stops.

5. Receipt photos (optional)

If you attach a photo to a transaction, the app uses your camera or photo library (with your permission) to capture the image and uploads it to our secure storage so members of your household can see it on that transaction. Receipt photos are scoped to your household by the same access controls as the rest of your data. We do not scan, analyse, or use receipt images for any purpose other than showing them back to you.

6. Push notification token

If you allow notifications, the app registers a push token for your device and stores it with your account so we can notify you — for example when a household member records a transaction, or for a Smart Prompts reminder. The token is used only to deliver these messages to your device; it is not used for advertising or tracking.

7. Diagnostics and crash reports

To find and fix problems, the app uses Sentry to report crashes and errors. These reports may include device and operating-system information, the app version, and a technical stack trace of what failed. We use this only to keep the app stable — never for advertising, analytics profiling, or tracking you across other apps.

8. Information we do not collect

  • Contacts.
  • Microphone or audio recordings.
  • Advertising identifiers, and we do not track you across other apps or websites.
  • Cookies or web tracking pixels.
  • We do not sell your data, share it for advertising, or use it to train machine-learning models.

How we use your information

We use the information you give us only to:

  1. Authenticate you and let you sign in.
  2. Show your household its transactions, budget, and balance.
  3. Keep multi-member households in sync via secure realtime updates so a transaction one member records appears on the other member’s screen.
  4. Email you a password-reset link if you request one.
  5. If you enable Smart Prompts, detect when you leave a saved place and remind you to record what you spent (see section 4 above).
  6. Display any receipt photos you attach to a transaction.
  7. Send the push notifications you’ve opted into.
  8. Diagnose crashes and fix bugs.

We do not use your information for marketing, advertising, behavioural profiling, or training machine-learning models.

Service providers

We use a small number of third-party service providers, each only for the purpose described:

  • Supabase(an open-source backend platform run by Supabase Inc.) hosts our database, authentication, file storage (including receipt photos), and realtime synchronization. Your account information, the data you record, saved-place coordinates, and receipt photos are stored on Supabase infrastructure, which uses industry-standard encryption in transit (TLS) and at rest. Supabase’s privacy practices: supabase.com/privacy.
  • Expo(push notification delivery, operated by 650 Industries, Inc.) routes the notifications you’ve opted into. Your device push token is processed by Expo’s push service to deliver messages to your device. Expo’s privacy practices: expo.dev/privacy.
  • Sentry(crash and error diagnostics, operated by Functional Software, Inc.) receives the crash reports described in section 7 so we can fix bugs. Sentry’s privacy practices: sentry.io/privacy.

We do not use any other third-party processors, and none of these providers are permitted to use your data for their own advertising or profiling.

Storage, security, and retention

  • In transit: All connections between the app and our backend use TLS 1.2 or higher.
  • At rest: Authentication credentials are hashed by Supabase Auth. Database rows are stored in encrypted volumes.
  • Access control: Row-Level Security policies on every table ensure a member of one household can never read or modify rows belonging to another.
  • Retention: We keep your data for as long as your account is active. When you delete your account (see below), we permanently delete your profile, your authentication record, and any data you authored. If you were the only member of a household, that household and its data are deleted with you.

Your rights

You always have the right to:

  1. Access your data.Email us and we’ll send you a machine-readable export within 30 days.
  2. Correct your data.Edit any transaction or profile field directly in the app, or email us if you can’t reach a record.
  3. Leave a household. Settings → Account → Leave account removes you immediately. Transactions you previously recorded stay with the household for the remaining members.
  4. Delete your account. Settings → Sign out, then email us to request account deletion. We will delete your authentication record, profile, memberships, and any household where you were the only remaining member, within 30 days.
  5. Withdraw consent. Stop using the app and request deletion at any time.

If you live in a jurisdiction with additional rights (GDPR in the EU/UK, CCPA in California, PIPEDA in Canada, etc.), you may also have rights to restrict processing, port your data, or lodge a complaint with your local data-protection authority. We honour these requests at the email address below.

Children’s privacy

Targaet is intended for adults managing household finances. We do not knowingly collect information from anyone under 13 (or under the digital age of consent in your jurisdiction). If you believe a child has given us information, contact us and we will delete it.

International transfers

Our backend is hosted by Supabase in the region we have configured for this project. If you use the app from outside that region, your data is transferred there over TLS. By using the app you consent to this transfer.

Changes to this policy

We may update this policy when the app changes — for example, when we add a new third-party service or a new feature that handles a new type of data. Material changes will be posted in the app at least 7 days before they take effect, and the Last updated date above will reflect the revision. Continued use of the app after the effective date constitutes acceptance of the revised policy.

Contact

Questions, data-rights requests, and concerns: privacy@targaet.app

For general support: support@targaet.app