Privacy Policy

Section 1 — Introduction

GigBooks (the "App") is committed to protecting your privacy. This Privacy Policy explains how information is handled when you use this freelance expense tracking app.

By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

The App is a standalone mobile application for personal use. All data is processed and stored locally on your device.

Section 2 — Information We Do Not Collect

The App is designed with privacy in mind. By default, we do not collect, transmit, or store:

• Your name, phone number, or home address
• Financial account information (bank account or credit card details)
• Tax identification numbers or government IDs
• Location data or GPS coordinates
• Device identifiers for tracking purposes
• Browsing history or behavioral data
• Contacts or photos (beyond receipt images stored locally)
• Biometric data

Optional account creation (for cross-platform transfer only): The App uses anonymous authentication by default — no account creation is required to use the App. If you choose to create an account in order to transfer your Pro subscription to a different operating system (e.g. Android to iPhone), you may voluntarily provide an email address. This data is processed by Firebase Authentication (Google LLC). See Section 5 for details.

Section 3 — Local Data Storage

The following data is stored locally on your device in a SQLite database and SharedPreferences:

• Project records (name, client, status, dates)
• Income records (date, amount, project, notes)
• Expense records (date, amount, category, project, notes)
• Receipt images (stored as files in app-specific directory)
• Expense categories (default and custom)
• App settings (currency, language, theme, backup preferences)

The following data is managed externally (not stored solely on your device):

• Authentication state — an anonymous or signed-in Firebase UID is managed by Firebase Authentication (Google LLC) and cached locally. This identifier contains no personal information unless you choose to sign in with an email address.
• Pro subscription status — subscription entitlements are verified and cached by RevenueCat, Inc. See Section 5 for details.

Your financial records are never transmitted outside your device unless you explicitly export them.

Section 4 — Cloud Backup

The App offers cloud backup features for Pro users:

• Android: Backups are stored in your personal Google Drive account (app-specific hidden folder). We do not have access to your Google Drive.
• iOS: Backups are stored in your personal iCloud account (app-specific container). We do not have access to your iCloud.
• All backup data is encrypted using AES-256 before upload
• Backup files contain your database and receipt images
• We cannot access, read, or decrypt your backup data

Free users can create local encrypted backups and export them manually.

Section 5 — Third-Party Services

The App integrates with the following third-party services, which may collect information independently:

A. App Stores (Apple App Store / Google Play Store)

• Download and installation data
• App version and update information
• Crash reports (if enabled in device settings)
• Payment processing for Pro subscriptions
• Subject to Apple's and Google's respective privacy policies

B. RevenueCat (Subscription Management)

The App uses RevenueCat, Inc. to manage and validate Pro subscriptions.

Information RevenueCat receives:

• An anonymous app user ID (your Firebase UID — contains no personal information by default)
• Purchase receipts from Apple App Store or Google Play for validation
• Subscription status (active/expired/refunded) and entitlement data
• Platform and app version information

Information RevenueCat does not receive:

• Credit card numbers, billing address, or payment credentials
• Your financial records, project data, or receipt images

RevenueCat's privacy policy: https://www.revenuecat.com/privacy

C. Firebase Authentication (Google LLC)

The App uses Firebase Authentication to provide anonymous authentication by default and optional account creation for Pro subscription transfer across platforms.

By default (anonymous mode):

• An anonymous user ID is created automatically — no personal information is associated with it
• This ID is used as the RevenueCat app user ID to link your subscription to your device

If you choose to create an account (for OS transfer only):

• Your email address and hashed password (if using email sign-in) are stored in Firebase Authentication
• Google account information (name, email) may be received if you sign in with Google
• Apple account information (email, if shared) may be received if you sign in with Apple

Firebase Authentication's privacy policy: https://firebase.google.com/support/privacy

D. Google Drive API (Android Cloud Backup)

• Used exclusively for storing and retrieving encrypted backup files
• The App accesses only its own app-specific hidden folder — it cannot read your other Google Drive files
• No user data beyond the encrypted backup file is sent to Google Drive

E. Device Operating System

• iOS and Android may collect diagnostic data
• Crash reports may be sent to Apple/Google depending on your device settings
• We do not control OS-level data collection

Section 6 — Data Sharing and Disclosure

We do not sell, rent, or trade your data to third parties.

We do not share data with third parties except:

• When required by law (court order, warrant, regulatory requirement)
• To protect our legal rights or prevent illegal activity
• With your explicit consent

Since we do not collect personal data on our servers, there is generally no data to share in most situations.

Section 7 — Analytics and Crash Reporting

The App does not include:

• Analytics SDKs (Google Analytics, Firebase Analytics, Crashlytics, etc.)
• User tracking or behavioral monitoring
• Advertising SDKs or ad networks
• Social media integrations

Note on Firebase: The App uses Firebase Authentication only — not Firebase Analytics, Firebase Crashlytics, or any other Firebase product. No usage data, session data, or crash reports are sent to Firebase.

However, if enabled in your device settings, the OS may automatically collect crash diagnostic information. To disable:

• iOS: Settings → Privacy & Security → Analytics & Improvements → Share iPhone Analytics (Off)
• Android: Settings → Google → Usage & Diagnostics (Off)

Section 8 — Children's Privacy

The App is not intended for users under 18. Financial record-keeping is an activity suitable for adults only. Users under 18 should not use the App.

Section 9 — Data Retention and Deletion

Your financial data remains stored locally on your device until you:

• Manually delete records within the App
• Uninstall the App
• Perform a factory reset on your device

Account data (if you created an account): Your Firebase Authentication account (email address and anonymous UID) can be deleted by contacting us at the address listed in Section 17. Upon request, we will delete your Firebase account and associated RevenueCat data.

Anonymous sessions (no account created) do not store any personal data on our servers.

Section 10 — Data Security

Security measures in place to protect local data:

• SQLite database stored in an app-specific directory (inaccessible to other apps)
• AES-256 encryption for backup files
• Secure storage for sensitive settings (flutter_secure_storage)
• No network transmission of financial data
• Receipt images stored in app-specific private directory

However, no system is completely secure. Risks such as device theft, malware, and OS vulnerabilities exist. You are responsible for maintaining the security of your device.

Section 11 — International Data Transfers

Your financial records are stored locally on your device and are not transferred internationally.

The following data may be transferred internationally by third-party services:

• Firebase Authentication (Google LLC): Authentication data (anonymous UID or email if provided) may be processed on servers in the United States or other countries where Google operates.
• RevenueCat, Inc.: Subscription status and purchase receipts may be processed on servers in the United States.

By using these features, you consent to the transfer of applicable data to these services as described in their respective privacy policies.

Section 12 — Your Rights and Choices

You have full control over your data:

• Access: All financial data is accessible within the App
• Edit: Any record can be edited or updated
• Delete: Individual records can be deleted from within the App
• Export: AES-256 encrypted backups can be created; CSV and PDF exports available for Pro users
• Account deletion: If you created an account, contact us to delete your Firebase account and associated data
• Opt-out of account creation: The App functions fully without creating an account

Since financial data is stored locally on your device, data subject access requests (GDPR, CCPA) do not apply to financial records — they are already under your control.

Section 13 — California Privacy Rights (CCPA)

Since GigBooks does not collect personal information on servers, does not sell personal information, and stores all data locally on your device, most CCPA provisions do not apply to our operations.

Section 14 — European Privacy Rights (GDPR)

Since we do not collect or store personal data on our servers, our GDPR obligations are minimal. All data is on your device under your control. For data related to App Store or Google Play, please contact Apple or Google directly.

Section 15 — Changes to This Policy

We may update this Privacy Policy. For material changes, we will notify you through an app update. Continued use after changes constitutes acceptance of the updated policy.

We will not reduce your privacy rights without your explicit consent.

Section 16 — Limitation of Liability

To the maximum extent permitted by applicable law, we are not liable for:

• Data loss or corruption
• Unauthorized access to your device
• Backup failures
• Third-party privacy practices (app stores, OS providers, Firebase, RevenueCat)

Section 17 — Contact

For privacy-related requests including account deletion, data access, or questions about this policy, please contact us through the contact page or the App Store listing.