Privacy Policy - HomePot

Privacy at a Glance

Data encrypted in transit and at rest
Secure storage on Supabase (AWS)
Your data is only shared with your group
No tracking, advertising, or third-party analytics
You can delete your account and data at any time
We comply with GDPR, CCPA, LGPD, and international laws

Data Controller

The data controller for your personal data is:

HomePot App
Email: homepotapp@gmail.com

You can contact us at any time to exercise your rights or resolve any privacy-related inquiries.

Introduction

This Privacy Policy describes how HomePot ("the App", "we", "our") collects, uses, and protects your information when you use our mobile application.

We are committed to protecting your privacy. This policy is designed to comply with:

General Data Protection Regulation (GDPR) — European Union
California Consumer Privacy Act (CCPA) — California, USA
General Data Protection Law (LGPD) — Brazil
Other applicable privacy laws worldwide

By using HomePot, you agree to the practices described in this policy.

Information We Collect

To provide you with the service, we collect the following information:

Email address: for authentication and essential communication
Name: to identify you within your groups
Expense data: amounts, descriptions, categories, and dates you record
Group data: group name, invite code, members, and roles
Recurring expenses: periodic expense settings
Monthly closings: settlement history between members
Profile photo (optional): image you choose from your gallery
Group image (optional): image that admins assign to the group
Receipt photos (optional): images of receipts for expense tracking

Profile, group, and receipt photos are stored in Supabase Storage. They are accessible by members of your groups. You can delete them at any time from Settings.

All this information is voluntarily provided by you when using the App.

Data We Do NOT Collect

We do NOT collect:

Location or geolocation data
Contacts or calendar
Advertising identifiers
Usage data with third-party analytics
Real financial information (bank accounts, cards)
Social media information
Device identifiers for tracking

Note: the App accesses your photo gallery only when you choose to upload a profile, group, or receipt image. We do not access your camera or scan your gallery without your action. Images are processed locally (compression and cropping) before being uploaded.

How We Store Your Data

Your data is securely stored on Supabase, a database platform that uses Amazon Web Services (AWS) infrastructure.

Data is encrypted in transit (TLS/SSL) and at rest
Authentication uses secure JWT tokens
Passwords are stored with bcrypt hashing, never in plain text
Sessions are securely managed with expo-secure-store on your device
Row-level security (RLS) policies are applied so you can only access data from your groups
Images are stored with access policies that restrict reading to group members and modification only to the owner

How We Share Your Data

Your data is only shared with members of the groups you belong to. Specifically:

Your name and email are visible to your group members
Your profile photo (if set) is visible to your group members
Expenses you record are visible to all group members
Monthly closings and balances are visible to group members

We do NOT sell, rent, or share your data with third parties for advertising, marketing, or other commercial purposes.

Data Retention and Deletion

Your data is retained as long as you have an active account on HomePot.

To delete your data:

You can delete your account from Settings > "Delete my account"
You can delete your profile photo from Settings (tap your avatar)
You can leave an individual group from group Settings
You can delete an entire group if you are the owner

When you delete your account, your profile, profile photo, memberships, and groups where you are the only member are immediately deleted. Profile and group images are removed from storage. Accounts inactive for more than 2 years may be automatically deleted, with prior email notice at least 30 days in advance.

You can also request deletion by contacting us at homepotapp@gmail.com.

Third-Party Services

HomePot uses the following third-party services:

Supabase: authentication, database, file and image storage (AWS infrastructure)
Expo: application development framework
Apple App Store / Google Play Store: distribution and payment processing
RevenueCat: in-app subscription management

Subscription payments are processed entirely by Apple or Google. We do not receive or store credit card data or financial payment information.

These services have their own privacy policies. We do not use analytics, advertising, social media, or tracking services of any kind.

Children's Privacy

HomePot is not intended for children under 16 years of age. We do not knowingly collect information from children under this age.

If you are a parent or guardian and believe your child has provided us with personal information, contact us and we will delete that data immediately.

Your Rights Under the GDPR (EU Users)

If you reside in the European Union, you have the following rights:

Right of access: request a copy of your personal data
Right of rectification: correct inaccurate data
Right of erasure: request the deletion of your data
Right to data portability: receive your data in a structured format
Right to object: object to the processing of your data
Right to restriction: restrict the processing of your data

To exercise these rights, contact us through the information provided below.

Your Rights Under the CCPA (California Users)

If you reside in California, you have the right to:

Know what personal data we collect
Request the deletion of your personal data
Not be discriminated against for exercising your privacy rights

We do NOT sell personal information. HomePot does not participate in the sale of consumer data as defined by the CCPA.

International Users

HomePot is available worldwide. Your data is stored on servers located in the European Union or the United States (depending on Supabase infrastructure).

If you access from outside these regions, your information may be transferred to these servers. By using the App, you consent to this transfer, which is carried out with appropriate safeguards under applicable laws.

Security

We take the security of your data very seriously:

Data encryption in transit and at rest
Secure authentication with JWT tokens
Row-level security (RLS) policies in the database
Passwords stored with bcrypt hashing
Sessions securely managed on your device

Although we implement robust security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee the absolute security of your data.

Legal Basis for Processing (GDPR)

The processing of your data is based on:

Contract performance: we need your data to provide you with the service
Consent: by creating your account, you consent to the processing of your data
Legitimate interest: maintaining the security and operation of the App

You can withdraw your consent at any time by deleting your account.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date at the top of this policy.

For significant changes, we will provide a notice within the App. Your continued use of HomePot after any changes constitutes your acceptance of the updated policy.

Contact

If you have questions, concerns, or requests about this Privacy Policy, contact us:

Email: homepotapp@gmail.com
Through the contact information available in the app store (App Store / Google Play)

For GDPR-related inquiries from EU residents, you also have the right to file a complaint with your local data protection authority.

Summary

HomePot collects only the data necessary to function: your email, name, the expenses you record, and optionally, profile and group photos. Your data is securely stored, shared only with members of your group, and never sold to third parties. You have full control over your data and can delete it at any time.