Important: This Privacy Policy explains how GoodShare collects, uses, and protects your personal data.
1. Data Controller
GoodShare
Website: goodshare.app
Email: support [at] goodshare.app
2. Data We Collect
2.1 Account Data
Email address - for account creation and authentication
User ID - unique identifier from Firebase
Login timestamps - for security purposes
2.2 Financial Data
Budget books - names and settings
Transactions - income and expense entries
Categories - custom and default categories
Standing orders - recurring payments
Receipt images - photos you attach to transactions
2.3 AI Receipt Scanner (Optional)
When you use the AI Scanner feature:
Receipt images - temporarily sent to Google Gemini AI for text extraction
Extracted data - amount, date, merchant, category
Not stored - images are processed in real-time and not permanently stored by Google
Your Control: The AI Scanner requires your explicit consent before each scan. You can always add transactions manually or attach receipts without AI processing.
2.4 Analytics & Crash Reports
Firebase Crashlytics - crash logs to fix bugs and improve stability
No Advertising ID - we explicitly disabled advertising tracking
2.5 Shared Budget Books
When you share a budget book, all members can see all transactions
Members can invite or remove other users
When you leave a book, your contributions remain visible to others
3. How We Use Your Data
Provide app functionality
Sync data across devices
Enable shared budgets with other users
AI Receipt Scanning (with your consent) - extract transaction data from receipt images
Improve the app and fix bugs
4. Legal Basis (GDPR)
Your consent (Art. 6(1)(a) GDPR)
Contract performance (Art. 6(1)(b) GDPR)
Legitimate interests (Art. 6(1)(f) GDPR)
For users in Brazil: data processing is also subject to the Brazilian General Data Protection Law (LGPD, Law No. 13.709/2018). Our legal bases under Art. 7 LGPD are analogous to GDPR Art. 6 (consent, contract performance, legitimate interest). Brazilian users may exercise all rights under Art. 18 LGPD (confirmation of processing, access, correction, anonymization, portability, deletion, information on sharing, and revocation of consent) by contacting support@goodshare.app. Our Data Controller named in Section 1 also acts as controlador under LGPD.
For users in Japan: data processing complies with the Act on the Protection of Personal Information (APPI, Act No. 57 of 2003, as amended). Users in Japan may exercise their rights under APPI — including disclosure, correction, suspension of use, and deletion of personal information — by contacting support@goodshare.app. We handle personal information only for the purposes stated in Section 3 and do not transfer personal data to third parties except as described in Section 5.
For users in South Korea: data processing complies with the Personal Information Protection Act (PIPA, Act No. 10465). Korean users may exercise their rights under PIPA — including access, correction, deletion, and withdrawal of consent — by contacting support@goodshare.app. We process personal information based on consent (Art. 15 PIPA) and contract performance, and retain data only for the periods stated in Section 7.
5. Data Storage & Third-Party Services
5.1 Firebase (Google LLC)
We use Google Firebase for secure data storage:
Firebase Authentication - user login
Cloud Firestore - structured data storage
Realtime Database - real-time synchronization
Firebase Storage - receipt image storage
Data is primarily stored in EU region servers.
5.2 Google Gemini AI (Receipt Scanner)
When you use the AI Scanner:
Service - Google Gemini 2.0 Flash API
Data sent - Receipt images (only when you tap "Scan & Fill")