Legal

Privacy Policy

Effective date: July 6, 2026

Sumova (“the app”) is a local-first personal expense tracker for iOS and Android. This policy explains what data the app handles, where it stays, and the one case in which the app itself can send anything off your device.

The short version

Your financial data never leaves your device. Sumova has no user accounts, no ads, no analytics, and no tracking. The only data the app itself ever sends is an anonymized crash report — and you can turn that off at any time. Backups and support emails leave your device only when you choose to send them.

1. Data stored on your device

All of your data is stored locally, in a database on your device:

None of this is ever transmitted to us or to anyone else. We have no servers, no user accounts, and no way to access your data. Deleting the app deletes all of it.

2. App lock (PIN and biometrics)

If you enable the app lock:

Neither the PIN hash nor any lock data is included in backup files.

3. Crash reporting (optional, the only data that can leave your device)

To fix bugs, the app can send an automatic crash report when it encounters an error. This uses Sentry, a crash-reporting service operated by Functional Software, Inc. (sentry.io/privacy), acting as our data processor.

What a crash report contains:

What a crash report can never contain:

Your control: crash reporting is enabled by default and can be turned off at any time with the Crash reporting toggle in Settings. When it is off, nothing is sent — including crashes that happen while the app is starting up.

Legal basis and retention: we process crash diagnostics on the basis of our legitimate interest in keeping the app stable (GDPR Art. 6(1)(f)). Because we rely on legitimate interest, you have the right to object to this processing at any time (GDPR Art. 21) — the Crash reporting toggle in Settings is how you exercise it. Crash reports are automatically deleted by Sentry after at most 90 days. Sentry may process data on servers in the United States; these transfers are safeguarded by standard contractual clauses, and Sentry additionally self-certifies under the EU–US Data Privacy Framework. You can obtain a copy of these safeguards from Sentry's Data Processing Addendum at sentry.io/legal/dpa.

4. Backups (export and restore)

You can export your data as a JSON file from Settings → Backup & restore. This is entirely user-initiated:

Restoring a backup is likewise entirely local.

5. Contact

The “Contact us” screen opens your own email app addressed to support@sumova.app. Anything you send is transmitted by your email provider, like any normal email, and is used only to answer you. We do not add you to any mailing list.

6. What Sumova does NOT do

7. Deleting your data

8. Your rights

If you are in the EU/EEA or a jurisdiction with similar laws, you have the rights of access, rectification, erasure, restriction, portability, and objection regarding personal data we process. In practice this concerns only crash diagnostics, which are not linked to your identity. Contact us at the address in section 5. You also have the right to lodge a complaint with your local data-protection authority — in Lithuania, the State Data Protection Inspectorate (vdai.lrv.lt). We do not sell or share personal information, and we are not a “business” under the California Consumer Privacy Act.

Because all app data lives on your device, exporting it (portability) and deleting it are directly in your hands — see sections 4 and 7.

9. Children

Sumova is not directed at children under 13 (or the equivalent minimum age in your jurisdiction) and collects no personal data from anyone.

10. Changes to this policy

If we change this policy — for example, when the app gains new features — we will update this document and its effective date, and we will note material changes in the app’s release notes. Changes take effect when posted and never apply retroactively to data already processed.