Privacy policy

How we handle your data, in plain English. Yes, you read that right — we explain things the way we'd tell you in person.

Effective April 29, 2026

Short version

The important stuff in 30 seconds

If you don't want to read the whole thing (we don't blame you), here's what matters:

Your data is yours. You can view, export, and delete it whenever you want.
We don't sell your information to anyone. Not advertisers, not data brokers, not your neighbor.
We don't use external AI to analyze your finances. Everything is calculated inside the app.
End-to-end encryption in transit and stored on Google's secure servers.
We don't access your bank accounts. You enter transactions yourself; we never touch your bank.
We don't follow you around with personalized ads based on your financial info.

GDPR European Union CCPA / CPRA California LFPDPPP Mexico LGPD Brazil COPPA minors

1 Who we are

We're the team behind Fociter, a mobile app for habits, personal finance, and tandas. For legal purposes we're the data controller of your personal information — translation: we're responsible if anything happens to your data.

If you have questions or want to exercise any of your rights, write to privacy@fociter.com. For urgent security matters, use security@fociter.com.

2 What information we collect

We only store what we need for the app to work. No fishing for data we won't use.

What you give us directly

For your account: you sign in to Fociter with Google. Google shares your name, email, and profile picture with us. We don't handle passwords — Google does.
Your finances: the transactions, accounts, goals, and categories you enter in the app. Never full card numbers or CVV codes.
Your habits: names, descriptions, reminders, and entries for each habit.
Your groups: who you share expenses or tandas with, and the activity inside each group.

What gets generated as you use the app

Your streaks, XP, levels, and achievements — these come from your activity.
Automatic analytics the app calculates from your own data (habit-money correlations, forecasts, etc.). These analytics live inside the app.

Basic technical info

Your device: model, operating system, app version.
Error logs: if the app crashes, we receive technical details to fix it. No transaction content.
Anonymous usage metrics: which screens get used most, which features get stuck. Never tied to you personally.

We don't access your bank accounts. Fociter doesn't connect with any bank. You enter your activity manually (or via files you give us). We will never have your banking credentials.

3 What we use your information for

Only for these things — nothing else:

To make the app work: show your habits, calculate balances, run tanda payments, sync across devices.
To give you useful analytics: calculate your savings, predict when you'll hit a goal, find recurring subscriptions. All from your own data, with nothing sent to external AI.
To protect you: detect suspicious access, prevent fraud between group members, block bots.
To improve the app: understand what works and what doesn't. Only with anonymous metrics that can't be tied back to you.
To respond when you contact us: obviously.
To comply with the law: if a competent authority requires it via valid legal process.

What we DON'T do with your information: sell it, rent it, trade it, hand it to advertisers, send it to a generative AI, or use it to profile ads outside the app.

4 Why we're legally allowed to process it

Under GDPR, LFPDPPP, LGPD, and similar laws, we have to state what legal grounds we rely on to process your data. Here they are:

Performance of contract — to provide the service you signed up for (the app). If you subscribe to Plus, also to process payments via Google Play.
Your consent — for optional things like push notifications or personalized ads (on the Free plan, opt-in via the app).
Legitimate interest — for app security (anti-bot, anti-fraud) and to understand anonymous usage to improve the experience. Always balanced against your rights.
Legal obligation — when required by a law or authority.

You can withdraw consent at any time from Settings — it doesn't affect processing that already happened.

5 Who we share it with

We have a few service providers so the app can function. Each has access only to what they need, and all are under data processing agreements.

Google Firebase (Google LLC) — authentication, database, and hosting. Our main infrastructure. Firebase policy
RevenueCat — subscription management (paid users only). RevenueCat policy
Google AdMob — Free plan only. If you use Plus, no ads. AdMob may use the device advertising ID. You can disable it in your OS settings. Google policy

Always-current full list available on request to privacy@fociter.com.

If the law requires it

If a competent authority requests data via valid legal process, we may have to provide it. When legally possible, we will notify you. We publish an annual transparency report with aggregated numbers.

6 How we protect your information

We use defense in depth so no single failure exposes your data:

Encryption in transit — all communication between the app and our servers travels over HTTPS/TLS.
Encryption at rest — Firebase automatically encrypts what we store.
Strict access rules — every document is only visible to its owner. We validate this on every operation.
App Check — only the real app can make changes. Bots and modified clients are rejected.
Rate limiting — we cap operations per minute per account to prevent abuse.
Suspicious activity monitoring — we detect unusual patterns and, if something happens, we can pause the account to protect you.
Anti-disposable email validation — we block temporary domains to prevent fake accounts.

If we detect a security breach, we'll notify you without delay (and the authorities within 72 hours, as GDPR requires), explaining what happened, what data may be affected, and what we're doing about it.

7 Your rights

Your information is yours. Here's what you can do with it at any time:

See all your information (Access) All your data is visible in the app. If you want a formal copy, request it via email and we'll send a readable file (CSV/JSON).

Correct what's wrong (Rectification) Edit your profile, transactions, habits, and goals directly in the app. Or write to us if you need help.

Delete everything (Erasure) Red button in Settings → Reset Data section. Deletes account and data in seconds. Step-by-step in the Data deletion guide.

Object or restrict processing You can ask us to stop using your data for certain purposes (e.g., improvement metrics). We'll explain the consequences before applying it.

Take it with you (Portability) We give you your data as CSV/JSON so you can take it to another app. Free of charge.

No automated profiling We don't make automated decisions with legal effects on you. If anything like that is ever introduced, we'll let you know first and you can request human review.

Lodge a complaint with authorities In Mexico: INAI (inai.org.mx). In the EU: your national authority. In California: Attorney General. We hope it doesn't come to that, but it's your right.

How to exercise any right: write to privacy@fociter.com with your request and account email. We'll verify your identity and respond within at most 20 business days (or 30 calendar days under GDPR), at no charge. If we need more time, we'll explain why.

8 How long we keep your information

While your account is active: we keep your data so the app works.
If you delete your account: we wipe everything within 30 days, except for what we're required by law to keep (payment records, anonymized audit logs, etc.).
Account inactive for a long time: after 3 years without opening the app, we email you; if you don't respond within 30 days, we archive the account (encrypted, non-editable) and delete it after 5 years.
Anonymous metrics: being anonymous (can't be tied to you), we may keep them longer for statistical analysis.

9 International transfers

Our main servers are in the United States (Google Cloud, us-central1 region). If you live outside the US, your data may be transferred there for processing.

For those transfers we use the Standard Contractual Clauses approved by the European Commission, which is the valid mechanism under GDPR for transfers to countries without an adequacy decision. For users in Mexico, transfers are made under articles 36 and 37 of LFPDPPP. For Brazil, under articles 33 to 36 of LGPD.

10 Minors

Fociter isn't aimed at anyone under 13 years old (or the applicable minimum age in your country, which in some jurisdictions is 14 or 16). We don't intentionally collect information from minors below that age.

If you discover your underage child is using Fociter without your permission, write to privacy@fociter.com and we'll delete the account right away.

11 Cookies and trackers

On this website (fociter.com) we use a minimum of cookies — only what's strictly necessary for the site to work (language preference, session). We don't use third-party tracking cookies, no Facebook Pixel, no custom Google Analytics.

In the mobile app we don't use cookies, but we do use some native identifiers:

Firebase Installations ID — to sync across your devices.
Push notification token — to send reminders and tanda alerts.
Advertising ID (Free plan only) — so AdMob can show ads. You can disable it in your OS settings.

12 Changes to this policy

We may update this policy when needed (legal changes, new features, improvements). When there are important changes:

We update the "Effective" date at the top.
We notify you by email or via an in-app banner before it takes effect.
We give you at least 30 days to review and, if you disagree, export your data and delete your account.

If changes are minor (typos, clarifying language), we just update the date without a mass notification.

13 How to contact us

For any privacy matter, email is fastest. We aim to respond within 48 business hours.

Privacy privacy@fociter.com

Security security@fociter.com

General support support@fociter.com

Response time 48 business hours · 20 business days for formal rights requests

14 Regional notices

For residents of Mexico (LFPDPPP)

Under the Federal Law on Protection of Personal Data Held by Private Parties, this document also serves as our integral privacy notice. You have ARCO rights (Access, Rectification, Cancellation, Opposition) described in section 7. You can file complaints with the INAI: home.inai.org.mx.

For residents of the European Union (GDPR)

You have the rights described in section 7, under the General Data Protection Regulation. You can file complaints with your national data protection authority (list at edpb.europa.eu). Transfers to the US are made under Standard Contractual Clauses.

For California residents (CCPA / CPRA)

You have the right to know, delete, correct, and limit the use of your sensitive personal information. You have the right not to be discriminated against for exercising these rights. We do not sell or share your personal information in the CCPA/CPRA sense. We don't have a "Do Not Sell or Share My Personal Information" button because it doesn't apply to our model. To exercise rights: privacy@fociter.com.

For Brazil residents (LGPD)

You have the rights of article 18 of the General Data Protection Law, equivalent to those described in section 7. You can file complaints with the Autoridade Nacional de Proteção de Dados (ANPD): gov.br/anpd.

Back to home Delete my data