Privacy Policy — Money Manager Pro
Effective date: 19 May 2026 Last updated: 19 May 2026
Money Manager Pro (“the app”, “we”, “us”) is an expense-tracking app operated by Shashi Kant Pandidhat (“the developer”). This policy explains what data the app collects, why, where it is stored, the legal bases for processing, and the choices and rights you have. By creating an account or using the app you confirm that you have read and understood this policy.
1. Who this applies to
The app has two usage modes:
- Without an account (local-only). Your financial data stays on your device. We do not receive it.
- With an account (signed in). Your data is additionally stored in the cloud so it can be backed up and synced across your devices.
Most of this policy concerns signed-in use. If you never create an account, the only sections that apply are Local storage and Permissions the app requests.
2. What we collect
We collect only what the app needs to function. We do not collect your location, contacts, photos, browsing activity, microphone, camera, or biometrics. The app contains no behavioural-analytics, attribution, or advertising SDKs, and we do not collect or use the Android Advertising ID (AAID) or any equivalent advertising identifier. We do not engage in cross-app or cross-site behavioural tracking.
Account information (only if you sign up)
- Email address and password — handled by Google Firebase Authentication.
- Display name, and an optional phone number, if you choose to provide them.
Financial records you enter
- Transactions, accounts, categories, loans, investments, goals, recurring rules, and budgets. This is the data you create by using the app.
Backups
- Point-in-time snapshots of your financial records, if you use the backup feature.
Device information
- A Firebase Installation ID — a random identifier used to manage your signed-in devices (for example, to enforce the multi-device limit). It is not an advertising identifier and is not used to track you across other apps or services.
Subscription status
- Whether your account is on the free or paid plan.
Crash diagnostics
- If the app crashes, Firebase Crashlytics (operated by Google) records a diagnostic report so we can identify and fix the bug. This includes a crash stack trace, the device model, the operating-system version, the app version, the crash timestamp, and a randomly generated installation identifier. It does not include your email, name, financial records, or any other content you have entered. We use this data solely to improve the app’s stability.
3. How we use your data, and the legal bases we rely on
We use your data only to operate the app for you. The legal bases under the EU General Data Protection Regulation (GDPR) and equivalent provisions (such as India’s Digital Personal Data Protection Act 2023, the “DPDP Act”) are:
- Performance of a contract (GDPR Art. 6(1)(b)): to provide the app’s core functions — authenticating you, storing and syncing your data, running backups, and processing subscription billing.
- Consent (GDPR Art. 6(1)(a); equivalent under the DPDP Act): for optional fields you choose to provide (such as your display name and phone number) and for notifications. You can withdraw consent at any time by editing or removing those fields in the app, or by revoking the notification permission in your device settings. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
- Legitimate interests (GDPR Art. 6(1)(f)): to keep the app and your account secure (for example, to enforce the device limit and detect abuse).
- Legal obligation (GDPR Art. 6(1)(c)): where we must retain or disclose data to comply with applicable law.
We do not sell your data, use it for advertising or behavioural profiling, or use it for any purpose beyond operating the app for you.
4. Where your data is stored and who processes it
Local storage. All your financial data is stored on your device. If you are not signed in, it never leaves your device.
Cloud storage (signed-in users). When you are signed in, your data is stored using Google Firebase services — Firebase Authentication, Cloud Firestore, and Firebase Installations — operated by Google LLC on Google Cloud infrastructure. Google acts as our data processor. See Google’s privacy practices at https://firebase.google.com/support/privacy.
Access to your cloud data is restricted by server-side security rules so that each account can read and write only its own records.
Payments. Paid subscriptions are processed by Google Play Billing. The app never sees or stores your card or payment details — Google handles the transaction. See https://policies.google.com/privacy.
5. Data sharing
We do not sell or rent your personal data. We share data only with the service providers required to run the app:
- Google (Firebase / Google Cloud) — authentication, cloud database, app-instance identification, and crash diagnostics (Firebase Crashlytics).
- Google Play — subscription billing.
We may disclose data if required by law, or to protect the rights, safety, or property of our users or us.
6. Data retention
We retain your data only as long as necessary for the purposes above:
- Account data (email, profile fields) — retained while your account is active. After you delete your account, we permanently erase it within 30 days, except where retention is required by law (e.g. tax/billing records held by Google Play).
- Financial records — retained on your device until you delete them or uninstall the app, and in the cloud until you delete them or delete your account.
- Backups — pruned automatically per plan: the free plan retains the most recent snapshot; the paid plan retains up to seven. Snapshots older than 30 days are deleted automatically.
- Authentication and security logs — retained by Firebase Authentication for a limited period for fraud-prevention and account-security purposes.
7. Your rights
Subject to applicable law (including the GDPR, the UK GDPR, India’s DPDP Act, and other equivalent regimes), you have the following rights with respect to your personal data. You can exercise most of them directly in the app, or by contacting us.
- Right of access — view your data within the app at any time.
- Right to rectification — edit or correct any field within the app.
- Right to erasure (“right to be forgotten”) — delete your data and account from within the app, or by writing to us (see Section 8).
- Right to restriction of processing — sign out to stop cloud processing while keeping your local data.
- Right to object — object to processing based on legitimate interests by contacting us.
- Right to data portability — use the backup feature to obtain a copy of your records.
- Right to withdraw consent — at any time, as described in Section 3.
- Right to lodge a complaint with a supervisory authority — for example, your local Data Protection Authority in the EU/UK, or the Data Protection Board of India under the DPDP Act.
- Right to nominate (DPDP Act) — Indian residents may nominate another individual to exercise their rights in case of death or incapacity, by contacting us.
We respond to verifiable rights requests within 30 days.
8. Account and data deletion
You can delete your account and all associated data at any time from within the app: open the Profile tab and use the account-deletion option.
If you no longer have the app installed and still want your account and data deleted, send an email to shashi.k@abitindia.com with the subject “Delete my account”, from the email address you used to sign up. We will verify the request and complete the deletion within 30 days, and confirm by reply. Backups and other cloud copies are removed as part of this process, subject to the legal-retention exceptions noted in Section 6.
9. Permissions the app requests
- Notifications — used only to show you local reminders (such as upcoming EMI or bill due dates) on your device. No data is sent anywhere to do this. You can revoke the permission at any time in your device settings.
- Network access — used only for cloud sync, backup, and subscription billing when you are signed in.
10. Security
We protect your data with industry-standard measures: encrypted connections to our cloud services (HTTPS/TLS), authentication on every request, and server-side security rules that isolate each account’s data. No system is perfectly secure, but we take reasonable steps to safeguard your information and will notify you of any breach that affects your data, in line with applicable law.
11. Children
The app is intended for use by individuals aged 18 and over. This threshold aligns with India’s DPDP Act 2023, which defines a “child” as anyone under 18 and requires verifiable parental consent for processing children’s data. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it promptly.
12. California residents
If you are a California resident, the California Consumer Privacy Act (“CCPA”) gives you specific rights. We do not sell or share your personal information for cross-context behavioural advertising and we do not knowingly process data of consumers under 16 without consent. You have the right to know what personal information we hold about you, the right to delete it, the right to correct it, and the right not to be discriminated against for exercising these rights. To exercise them, contact us at the email address in Section 15.
13. International data transfers
Your data may be processed by Google on servers located outside your country of residence. Where required, such transfers rely on appropriate safeguards provided by Google as our processor — including the European Commission’s Standard Contractual Clauses, where applicable.
14. Changes to this policy
We may update this policy as the app evolves. Material changes will be reflected by an updated “Last updated” date at the top of this page and, where appropriate, surfaced in the app. Your continued use of the app after an update constitutes acceptance of the revised policy.
15. Contact
Questions, requests, or complaints about this policy or your data:
Email: shashi.k@abitindia.com
The developer is the Data Fiduciary under the DPDP Act and Data Controller under the GDPR for the processing described above.
This policy is governed by the laws of India.