Last updated: May 24, 2026 · Effective: May 24, 2026
expense (developed by Oneable Co., Ltd.) is designed to help you record income/expenses, split bills with friends/family, and manage trip projects. We take the privacy of your financial data seriously.
1. Information We Collect
1.1 Account information
Email, display name, profile photo (optional)
Password (stored only as a one-way hash — we cannot read your actual password)
Sign-in provider user identifier (if you use Sign in with Apple or Google)
Money accounts (cash, bank, credit card) and balances
Project / Trip / participating people
Receipt images (if uploaded — used for OCR extraction and stored on our servers)
PromptPay ID (if entered to generate settle-up QR)
1.3 Device and diagnostic data
Push notification token, OS type, device name, app version
Crash log + stack trace + device state at crash (via Firebase Crashlytics) — no financial data is included
We do NOT collect IP addresses, location, or contacts
1.4 Permissions the app requests
Camera: to scan receipts via the document scanner (VisionKit on iOS / ML Kit on Android) — images stay on the device until you choose to upload
Photos: to pick a receipt image from your gallery
Notifications: to deliver budget alerts, settle reminders, and charge notifications
Face ID / Touch ID: to unlock the app (biometric data never leaves the device)
2. How We Use Your Data
To provide recording / searching / summarising of your income & expenses
Receipt OCR — images are sent to an AI service partner for text extraction, under contractual terms that prohibit using your data to train models
To calculate debts / settle-up amounts between you and the contacts you add
To send push notifications about budgets, recurring rules, settlements
Aggregate analytics to improve the service
3. Storage & Security
Primary data is stored on our servers in Singapore (DigitalOcean datacenter)
All communication is encrypted with HTTPS / TLS 1.2+
Passwords are stored as one-way hashes (bcrypt) — they cannot be reversed back to the original
In-app supports Face ID / Touch ID / PIN screen lock
Cross-border transfers: Some data (receipt OCR images, crash logs, push tokens) is processed in the US under contractual safeguards (EU SCC / EU-US Data Privacy Framework)
4. Third-Party Sharing (Sub-processors)
We do NOT sell your data. We share only with service providers necessary to deliver the Service:
OpenAI, L.L.C. (USA) — uploaded receipt images sent to GPT-4o Vision for text extraction · Enterprise API with contractual no-training clause
Google LLC — Firebase (USA): Cloud Messaging (push delivery), Crashlytics (crash logs + device info), Authentication (if you use Google Sign-In)
Apple Inc. — Sign in with Apple — receives a user identifier for login only
Apple App Store / Google Play — to process Pro/Team payments (we never see your card number)
exchangerate-api.com — currency rates (no personal data sent)
DigitalOcean, LLC (Singapore) — server infrastructure
This sub-processor list is updated when services change. Request our Data Processing Agreement (DPA) at the email below.
5. Your Rights
Access: View all your data anytime through the app
Delete account: Settings → Edit Profile → Delete Account — all data permanently removed within 30 days
Export: Contact support to request data export in CSV/JSON
6. Children's Data
This app is not designed for users under 13. We do not knowingly collect data from children. If we discover such an account, we will delete it immediately.
7. Policy Changes
We may update this policy from time to time. We will notify you via email or in-app notification for significant changes.