Subledger — Privacy Policy

1. Who we are

Subledger is a mobile application published by Asetral ("we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and protect information in connection with the app, website-related flows (if any), and related services.

If you do not agree with this policy, do not use the app.

2. Summary

• The app is designed to help you track subscriptions, bills, related spending, and optional entries such as receipts, fees, and warranty items. It is a personal finance awareness tool, not a bank, broker, insurer, utility provider, accountant, tax adviser, or legal adviser.
• Data is user-entered. We do not automatically pull your bank or billing data, and we do not verify your entries with providers.
• You may optionally add image attachments (for example, photos or screenshots of receipts, invoices, warranty documents, or bills). Depending on your settings, attachments may stay local on your device or be uploaded to cloud storage for sync.
• Much of your data is stored on your device. If you create an account, we may process and store certain information with Google Firebase / Google Cloud to provide sign-in, optional cloud sync, and related features.
• We use advertising (Google AdMob) on supported mobile platforms, analytics, and crash reporting (e.g. Firebase) as described below.
• We use on-device (local) notifications for reminders you configure; we do not need a server to deliver those local alerts.
• Where laws apply (e.g. GDPR, UK GDPR, CCPA/CPRA), you may have additional rights.

3. Local data on your device

The app stores information you enter (for example: subscription names, bill details, amounts, dates, categories, notes, references, and similar records) in local storage on your device.

If you add photo attachments, image files may also be stored locally on your device and linked to records in app data.

This data remains on the device unless you enable optional cloud features or use OS features (e.g. share, export) to send it elsewhere.

If you remove the app, clear app data, revoke app file access, or remove underlying files, local information (including local image attachments) may be deleted or become unavailable. Keep independent backups if you need recovery.

4. Optional account, authentication, and cloud sync

If you choose to create an account or sign in, we may use Firebase Authentication (or similar services) to process:

• email address, display name, and authentication identifiers;
• password or federated sign-in (for example, Google Sign-In) subject to the provider you choose;

If you enable or use cloud sync, your records (including subscriptions, bills, receipts, fees, goals, and related metadata) may be stored in Firebase services (for example, Firestore in Google Cloud) associated with your user ID, to allow multi-device use and synchronization logic.

If you enable cloud photo storage mode, attachments may be uploaded to cloud object storage (for example, Firebase Storage) and linked to your synced records.

We do not use the app to connect to your bank or card accounts; we do not access bank credentials or provider passwords.

You are responsible for the accuracy, legality, and appropriateness of the information and files you add.

5. Google Sign-In and OAuth

If you use "Sign in with Google" (or similar), Google processes information under Google’s own policies. We receive authentication tokens/identifiers as needed to maintain your session in line with the implementation of Firebase Authentication.

6. Analytics and product improvement

We use analytics to understand how the app is used and to improve stability and features. Depending on your platform, this may include:

• Google Analytics (including GA4) / Firebase Analytics for app and web where enabled;
• event data such as screen names and in-app events as configured in the app;
• technical data such as device or app version where collected by the analytics SDK.

IP addresses, device identifiers, and similar data may be processed by Google or other providers as part of their normal analytics operations, subject to their terms and your device settings (where applicable).

7. Advertising (Google AdMob and related technologies)

On mobile platforms that support it, the app may display advertisements provided by Google and partners through the Google Mobile Ads SDK (AdMob) or equivalent.

Ad serving may use:

• advertising and device identifiers in line with the mobile operating system’s limit ad tracking, personalized ads, and privacy settings;
• the Google account or advertising profile where applicable to personalized ads (subject to Google’s terms and your choices);
• contextual or non-personalized delivery where required or selected.

For the European Economic Area, UK, Switzerland, and where required elsewhere, a consent or messaging framework (for example, Google’s User Messaging Platform) may be presented before or around personalized advertising, as required by law and your build configuration. You can adjust ad personalization where your device or Google provides controls.

The app is not directed at children, and you should not enable personalized advertising for audiences that cannot lawfully receive it; see the Children’s privacy section below.

8. Crash and error reporting (Firebase Crashlytics)

To diagnose crashes and stability issues, the app may use Firebase Crashlytics (or similar). This can include crash stack traces, device models, app versions, and related diagnostic data, processed by Google. Crash reports are used to keep the app reliable, not to sell your contact list or subscription names as a product.

9. App distribution services (Expo / EAS)

Subledger may use third-party app distribution services (including Expo Application Services and related providers) to deliver app updates. These services process technical distribution data to make releases available. This does not change how your subscription and billing records are handled in the app.

10. Notifications

The app can schedule on-device (local) notifications for reminders and digests you enable (for example, relating to renewals, cancel-by dates, and summaries). These notifications are created on your device from data you have stored, unless a future version introduces remote "push" notifications, which we would describe in an updated policy if introduced.

You can allow or block notifications in your operating system settings. iOS: sounds may not play in silent mode depending on your settings; Android: notification channels and battery optimizations may affect delivery on some devices.

11. Exports, sharing, and attachment handling

If the app offers export to JSON, CSV, or similar, the export leaves the app only when you choose a destination (e.g. another app, email, or cloud) through your device’s share flow. We do not receive a copy of that file unless you send it to us or enable a service that ingests it.

Exports may include references to attachments (for example local URIs or cloud URLs/paths). You are responsible for where you share exports and whether recipients should see referenced content.

You should not upload sensitive third-party data to attachments unless you have a lawful basis to do so.

12. No sale of your subscription list (consumer privacy)

We do not "sell" your list of named subscriptions in the ordinary sense of selling a marketing list. However, digital advertising, analytics, and some SDKs can involve use of identifiers for targeted advertising, which can be considered a "sale" or "sharing" for cross-context behavioral advertising in some U.S. state laws. You may use platform controls (e.g. limit ad tracking, opt out of sale where offered) in addition to in-app and partner controls.

13. Legal bases (EEA, UK, Switzerland)

Where the GDPR, UK GDPR, or Swiss law applies, we process personal data on the following bases, as applicable: performance of a contract (providing the service you request); legitimate interests (e.g. security, analytics in a fair and transparent way, product improvement) where not overridden by your rights; consent where we rely on it (e.g. certain non-essential cookies, marketing, or analytics where required); and compliance with legal obligations.

14. Your rights (EEA, UK, and similar jurisdictions)

Subject to local law, you may have the right to: request access, rectification, or erasure; restrict or object to certain processing; data portability; withdraw consent where we rely on it; and lodge a complaint with a supervisory authority. To exercise these rights, use in-app account tools (e.g. delete account where offered) and contact us via the support channel listed on the store or as we later publish. We may need to verify your request.

15. U.S. state privacy (including California CCPA/CPRA)

California and other U.S. state residents may have specific rights, including: to know the categories and specific pieces of personal information collected; to delete personal information we hold, subject to exceptions; to opt out of "sale" or "sharing" for cross-context behavioral advertising where applicable; and to non-discrimination for exercising rights. We describe data practices in this policy. To submit a request, use the same contact or consumer-rights channel published on the store listing or a dedicated privacy form if we add one. We will verify and respond in line with law.

16. International transfers

If you are outside the country where we or our service providers (e.g. Google in the United States) are located, your information may be transferred across borders. Google and other providers use standard contractual clauses, adequacy decisions, and similar safeguards where required.

17. Retention

We retain data only as long as needed for the purposes in this policy, including providing the app, security, and legal compliance.

Local data and local attachments remain on your device until you remove them, remove the app, clear app storage, or otherwise delete underlying files.

Cloud-synced data and cloud attachments are retained until deleted by you through available account/app controls, by account deletion flow, or by us under applicable retention/legal obligations. Some residual data may remain in encrypted backups for a limited period or be retained if required to resolve disputes or comply with law.

Aggregated and de-identified information may be kept longer.

18. Security

We use reasonable technical and organizational measures, including industry-standard services (e.g. Firebase) and device-level protections. No method of transmission or storage is 100% secure; you use the app at your own risk to that extent, subject to any rights you cannot waive by law.

19. Children’s privacy

The app is not intended for children under 13 (or the digital-consent age in your jurisdiction) for accounts or for personalized advertising. If you are a parent or guardian and believe we have collected a child’s personal information in error, contact us to delete it. Do not use personalized ads for child-directed audiences in violation of law.

20. Third-party services and links

The app may use or link to third parties (e.g. Google, AdMob, Expo). Their practices are governed by their own policies. We are not responsible for third-party services you choose to use outside the app.

Open-source libraries may be used under their respective licenses, without transferring ownership of the app to you beyond the rights in our Terms of Use.

21. Changes to this policy

We may update this policy from time to time. The "Last updated" line at the top of the in-app text will be revised, and, where we are required to do so, we will provide additional notice. Continued use after changes may constitute acceptance, subject to your legal rights and any required consents for material changes in your region.

22. How to contact us

Primary contact email: contact@asetral.com

Please use this support/privacy contact, or any official website contact channel we publish. If you make a data-rights request, include enough information for us to verify you without asking for more sensitive data than necessary.