Product scope. These legal documents apply only to the Subledger mobile application. They are not the general terms or privacy policy for the asetral.com website as a whole or for other products, unless we say otherwise on those pages.
Subledger — Privacy Policy
Last updated: 1 May 2026
Operator: Asetral, an online software studio operating this app remotely (the “Operator”, “we”, “us”, or “our”).
Contact email: contact@asetral.com
This page mirrors the in-app Privacy Policy and Terms of Use. Asetral is responsible for Subledger.
1. Who we are
Subledger is a mobile application published by Asetral, an online software studio operating this app remotely (the “Operator”, “we”, “us”, or “our”). This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with the app, any related website flows, and related services.
Primary contact: contact@asetral.com.
If you do not agree with this policy, do not use the app.
2. Categories of personal information we process
Depending on how you use the app, we or our service providers may process the following categories of information:
- Identifiers and account data: for example email address, display name, authentication tokens, and identifiers associated with sign-in (including Google Sign-In when you choose it).
- User content: information and files you enter or attach, including subscription, bill, expense, receipt, warranty-style, and similar records; amounts, dates, categories, notes; and optional images (e.g. receipts or documents).
- Device, technical, and usage data: such as device type, operating system, app version, language, broad technical logs, in-app events and screens as collected by analytics tooling, and diagnostics (e.g. crash data).
- Internet or network activity: information generated through use of the services, including interactions with ads and analytics endpoints, and IP address or similar network data as processed by infrastructure providers.
- Advertising-related data: advertising or device identifiers where mobile advertising is delivered, subject to platform settings and consent frameworks where required.
- Inferences: we may derive generalized product or stability insights from aggregated or de-identified data; we do not use the app to profile you for credit, insurance, or employment decisions.
You choose what to enter; we do not automatically import your bank statements or provider account balances.
3. Summary
- The app helps you track subscriptions, bills, related spending, and optional entries such as receipts, fees, and warranty items. It is a personal finance awareness tool, not a bank, broker, insurer, utility provider, accountant, tax adviser, or legal adviser.
- Much of your information is stored locally on your device. If you create an account or use cloud sync, we process information through Google Firebase / Google Cloud as described in this policy.
- We display advertising (Google AdMob) on supported mobile platforms, use analytics, and use crash reporting (Firebase) as described below.
- We use on-device (local) notifications for reminders you configure.
- Laws in your jurisdiction (including the EEA/UK, Türkiye, and U.S. state laws) may give you additional privacy rights; we describe many of them below.
4. Local data on your device
The app stores information you enter (for example: subscription names, bill details, amounts, dates, categories, notes, references, and similar records) in local storage on your device.
If you add photo attachments, image files may also be stored locally on your device and linked to records in app data.
This information remains on the device unless you enable optional cloud features or use OS features (e.g. share, export) to send it elsewhere.
If you remove the app, clear app data, revoke app file access, or remove underlying files, local information (including local image attachments) may be deleted or become unavailable. Maintain independent backups if you need recovery.
5. Accounts, authentication, and cloud sync
If you choose to create an account or sign in, we may use Firebase Authentication (or comparable services) to process:
- email address, display name, and authentication identifiers;
- credential material for email/password sign-in or federated sign-in (for example, Google Sign-In), subject to the provider you choose.
If you enable or use cloud sync, your records (including subscriptions, bills, receipts, fees, goals, and related metadata) may be stored in Firebase services (for example, Firestore in Google Cloud) associated with your account identifier, for multi-device use and synchronization.
If you enable cloud storage for attachments, images may be uploaded to object storage (for example, Firebase Storage) and linked to your synced records.
We do not use the app to connect to your bank or card institutions; we do not receive or store provider login credentials for those institutions.
You are responsible for the accuracy, lawfulness, and appropriateness of the information and files you add.
6. Google Sign-In
If you use Sign in with Google, Google LLC and its affiliates process personal information under Google’s privacy policy and terms. We receive authentication identifiers and tokens as necessary to operate your session using Firebase Authentication.
7. Analytics and product improvement
We use analytics to understand how the app is used and to improve stability and features. Depending on your platform, processing may include:
- Google Analytics (including GA4) / Firebase Analytics for app and web where enabled;
- event parameters such as screen names and configured in-app events;
- technical data such as app version where collected by the SDK.
IP addresses, device identifiers, and similar data may be processed by Google or other providers as permitted by their terms and configurable through device or account settings where available.
8. Advertising (Google AdMob and partners)
On mobile platforms where supported, advertisements may be shown through Google’s Mobile Ads SDK (AdMob) and partner networks permitted by Google.
Advertising may rely on identifiers and coarse technical data consistent with OS “limit ad tracking,” personalized/non-personalized ad choices, and account settings.
For the EEA, UK, Switzerland, and other regions where legally required, a consent framework (such as Google’s User Messaging Platform) may be shown for personalized advertising.
The app is not directed at children; personalized advertising must not be used for audiences that cannot lawfully receive such ads.
9. Crash and error reporting (Firebase Crashlytics)
The app may use Firebase Crashlytics to collect crash logs, diagnostic signals, device model and OS information, app version identifiers, and related technical data transmitted to Google’s infrastructure subject to Google’s terms. Processing is limited to diagnosing reliability and security incidents.
10. Distribution and engineering infrastructure
Subledger is compiled and delivered using Expo Application Services, continuous integration tooling, and hosted provider networks. Provider systems may process technical metadata, compilation logs, and configuration needed to assemble and ship application binaries. End-user ledger data in the production app is not used for unrelated marketing.
11. Notifications
The app schedules on-device notifications for reminders and summaries you configure, using information stored locally or synced to your account. If a future version adds remote push delivery, we will describe that processing in an updated Privacy Policy.
You control notifications through your device settings. Delivery may vary with battery optimization settings (Android), notification categories, or mute/silent modes (iOS).
12. Exports, sharing, and attachments
If the app supports export features (such as CSV or structured files), exported content leaves your device only when you choose the destination via the operating system.
Exports may embed references or links to attachments. You control downstream sharing and must ensure lawful handling of sensitive information.
Do not attach third-party personal data unless you have a lawful basis.
13. Sale / sharing disclosures (advertising identifiers)
We do not rent or sell identifiable lists of your subscription titles or notes as a commodity. Nonetheless, identifiers used by advertising SDKs may be treated as “sales,” “sharing,” or “targeted advertising” under certain U.S. state laws.
You may exercise available opt-outs through device privacy controls (e.g. App Tracking Transparency), Google’s advertising settings where applicable, and any consent dialogs presented in jurisdictions that require them.
14. Legal bases (EEA, UK, Switzerland)
Where the GDPR, UK GDPR, or Swiss Federal Act on Data Protection applies, we rely on the following bases as appropriate: performance of a contract (delivering the service you request); legitimate interests (security, service improvement, fraud prevention) where not overridden by your rights; consent where required (for example certain advertising or analytics); and legal obligations.
15. Your rights (EEA, UK, and similar regions)
Subject to applicable law, you may request access, rectification, erasure, restriction, objection, or portability, and withdraw consent where processing is consent-based. You may also lodge a complaint with your local supervisory authority.
Submit requests using in-app account tools where available and by emailing contact@asetral.com from the address associated with your account. We may verify your identity before responding.
16. U.S. state privacy (including California)
Residents of certain U.S. states (including California under the CCPA/CPRA) may have rights to know categories and specific pieces of personal information we collect, to delete personal information subject to exceptions, to opt out of sale/sharing for cross-context behavioral advertising, and to non-discrimination for exercising rights.
During the preceding twelve months we may have collected the categories described in Section 2. We use service providers as described in this policy. We do not knowingly sell personal information of minors under 16 without affirmative authorization required by law.
Submit requests by emailing contact@asetral.com. We will verify and respond as required by applicable law.
17. Türkiye — KVKK
If you are located in the Republic of Türkiye or Turkish law applies, Asetral acts as data controller under Law No. 6698 on the Protection of Personal Data (KVKK). You may exercise your rights (including access, rectification, deletion, objection, and data portability where applicable) by contacting contact@asetral.com. You may lodge a complaint with the Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu). International transfers are described in Section 18.
18. International transfers
Our service providers (including Google and Expo) may process data in the United States, the European Union, and other countries. Where required, we rely on adequacy decisions, standard contractual clauses, and comparable safeguards for transfers from the EEA, UK, or Switzerland.
19. Retention
We retain information only as long as necessary for the purposes described, including providing the service, security, and legal compliance.
Local data remains on your device until you delete it or remove the app.
Cloud-stored data is retained until you delete it through in-app tools, delete your account, or we delete it under this policy or law. Residual copies may persist in encrypted backups for a limited period.
20. Security
We implement reasonable technical and organizational measures, including use of established cloud providers and secure transport where supported. No electronic system is completely secure; you use the service understanding residual risk, subject to rights you cannot waive under mandatory law.
21. Children’s privacy
The service is not directed at children under 13 (or the age of digital consent in your jurisdiction) for account registration or personalized advertising. If you believe we collected a child’s information in error, contact contact@asetral.com and we will take appropriate steps.
22. Third-party services
The app incorporates services operated by third parties (including Google, AdMob, and Expo). Their processing is governed by their respective terms and privacy notices. Third-party sites or services you access outside the app are not controlled by us.
Open-source components may be used under their licenses; those licenses do not grant you rights in our trademarks or brand beyond what the Terms of Use state.
23. Automated decision-making
We do not use personal information to make solely automated decisions that produce legal or similarly significant effects concerning you.
24. Changes to this policy
We may update this Privacy Policy to reflect product, legal, or regulatory changes. We will revise the publication date shown with the policy and, where required, provide additional notice (for example through the app or app store). Continued use after the effective date may constitute acceptance where permitted by law, without limiting mandatory consumer rights.
25. How to contact us
Privacy and data requests: contact@asetral.com
Include sufficient detail for us to verify your request and respond; avoid sending unnecessary highly sensitive documents.