Privacy Policy

Last updated: February 26, 2026

A Pachas is an app for managing shared expenses among friends, roommates, couples, and travel groups. This policy describes what data we collect, how we use it, and how we protect it.

1. Data Controller

Marcos Del Ser (independent developer)
Contact: j.marcos.delser@gmail.com

2. Data We Collect

• Account data: email address, display name, and optionally phone number, provided when you register.
• App usage data: groups, expenses, settlements, and balances you create within the app.
• Receipt images and group icons: if you use the OCR scanning feature, receipt photos are processed on your device (or via cloud services, depending on the selected OCR engine) and optionally stored in the cloud linked to the expense. Group icon images are also stored in the cloud.
• Purchase data: if you purchase the option to remove ads, the purchase date is recorded to manage your subscription. Payment data is handled entirely by Google Play and is not stored by the app.
• Diagnostic data: crash reports and basic usage analytics to improve app stability and experience.

3. Device Permissions

• Camera (android.permission.CAMERA): the app requests camera access to let you photograph receipts and purchase tickets, which are then processed via OCR to automatically extract expense data. This permission is optional: you can deny access and continue using the app by entering expenses manually.
• Internet: required to sync your data across devices via Firebase.
• Contacts (android.permission.READ_CONTACTS): optionally used to make it easier to invite members to groups. You can deny this permission without affecting app functionality.
• Notifications (android.permission.POST_NOTIFICATIONS): used to send you notifications about new expenses, settlements, and activity in your groups via Firebase Cloud Messaging (FCM). FCM may process device identifiers and notification tokens.

4. How We Use Your Data

• Authentication: Firebase Authentication manages sign-in and account security.
• Data storage: Cloud Firestore stores group, expense, and settlement data to sync across devices.
• File storage: Firebase Storage stores receipt images and group icon images you upload.
• Push notifications: Firebase Cloud Messaging (FCM) sends notifications about relevant activity in your groups (new expenses, settlements, etc.). FCM may process device identifiers and notification tokens.
• Crash reporting: Firebase Crashlytics collects app crash data (no personally identifiable information is included).
• Analytics: Firebase Analytics collects anonymous usage data (events such as group creation, expenses, etc.) to understand how the app is used and improve it.
• OCR: the app offers multiple text recognition engines. ML Kit Text Recognition processes images directly on your device without sending them to external servers. If you select the Gemini AI engine, receipt images are sent to Google's servers (Gemini API) for processing, subject to Gemini's Terms of Use.
• Advertising: Google AdMob displays ads within the app. AdMob may collect device and usage data to serve personalized ads, subject to Google's Privacy Policy. You can remove ads via an in-app purchase.
• In-app purchases: Google Play Billing handles purchases (such as ad removal). Only the purchase date is stored in your profile; payment data is managed by Google Play.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for commercial purposes. Your data is only accessible by:

• Members of the groups you belong to (group expenses, balances, and settlements).
• Google Firebase services, as infrastructure provider (subject to the Firebase Privacy Policy).
• Google AdMob, for in-app advertising management (subject to Google's Privacy Policy).
• Google Gemini API, if you select the Gemini OCR engine to process receipt images (subject to Gemini's Terms of Use).

6. Security

Your data is protected by:

• Encrypted communications via HTTPS/TLS.
• Firestore security rules that restrict data access based on your identity and group membership.
• Secure authentication through Firebase Authentication.

7. Data Retention

Your data is retained as long as your account remains active. You can delete your account directly from the app settings, which will permanently delete your Firebase Authentication account and all your profile data. You can also contact us at j.marcos.delser@gmail.com to request complete deletion of your account and associated data, and we will process the deletion within 30 days.

8. Your Rights

You have the right to:

• Access your personal data.
• Rectify incorrect data.
• Request deletion of your account and data.
• Request data portability (export your data in a standard format).

To exercise any of these rights, you can delete your account directly from the app settings, or contact us at j.marcos.delser@gmail.com.

9. Children

A Pachas is not intended for children under 16. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this privacy policy from time to time. We will post any changes on this page and update the "Last updated" date.

11. Contact

If you have questions about this privacy policy, contact us at:
j.marcos.delser@gmail.com