Privacy Policy
Last updated: 2026-06-07
ZeniCash is a personal finance, cashflow and invoice-tracking application used by individuals, freelancers and small businesses, published by Manor Systems, Unipessoal Lda (NIPC 519 377 753), Rua da Figueira 126, 4820-645 São Clemente, Fafe, Portugal ("we", "us"). This policy describes what data we process, why, where it is stored, and the rights you have over it.
1. Summary
- The app is designed to work offline — your data lives on your device by default.
- Cloud Sync, sign-in, invoice tracking, and exports are opt-in.
- Receipt OCR runs on your device; receipt photos never leave it.
- We do not use analytics, crash reporting, or advertising SDKs.
- We do not sell or rent your data.
- We do not profile, score or take automated decisions about you.
2. What we collect, and when
2.1 Always — none
A user who installs the app and never signs in produces no data on our servers. The app's local SQLite database is protected by the operating system's per-app isolation and by your device PIN / biometric / app lock.
2.2 When you sign in (optional)
Sign-in is required only if you choose to enable Cloud Sync. We authenticate you through Google Sign-In or Apple Sign-In, and Firebase Authentication returns:
- Your display name (as provided by Google/Apple)
- Your email address
- A user identifier (the Firebase UID — a pseudo-random string)
These are used to partition your data in Cloud Firestore under
users/{uid}/… so that your devices recognise each
other on sync.
2.3 When you enable Cloud Sync (optional)
The financial records you create — accounts, transactions, budgets, categories, invoices, advances, recurring transactions and similar — are copied to your private Firestore namespace, encrypted in transit (TLS) and at rest (Firebase). Only your authenticated session can read or write to your namespace; we do not access it.
2.4 When you subscribe to Premium (optional)
In-app subscriptions are processed by Google Play Billing (Android) or App Store In-App Purchase (iOS). The store handles your payment details; we receive only your subscription state (active / cancelled / expired) so the app can unlock Premium features. We never see card numbers.
2.5 Exchange rates
To convert balances across currencies the app calls public, free-of-charge exchange-rate APIs, in this order:
- exchangerate-api.com via its open-access endpoint open.er-api.com (primary).
- The fawazahmed0/exchange-api CC0 dataset, served from cdn.jsdelivr.net and currency-api.pages.dev as backups.
These requests carry only a base-currency code (e.g. EUR) — no
identifier, no account or transaction data. Results are cached locally
for 6 hours so subsequent conversions need no network call.
2.6 Receipt OCR — on device only
When you photograph a receipt, the app uses Google ML Kit's on-device text recognition to extract amounts and dates. The image is processed locally; nothing is uploaded to us or to Google for OCR purposes. The extracted text is then stored on the device (and synced via Cloud Firestore if Sync is enabled, exactly like any other transaction note you typed yourself).
2.7 Bank statement imports
You can import a CSV, XLSX or OFX bank statement to populate transactions. The file is parsed locally and discarded; only the transactions you confirm end up in the app (and in Cloud Firestore if Sync is enabled).
3. What we do NOT collect
- No analytics or product-usage telemetry
- No crash reports (no Crashlytics SDK)
- No advertising or attribution identifiers
- No location data
- No device contacts (the app stores customer/supplier records you type, not your phonebook)
- No microphone, no calendar, no biometric data on our side (the OS handles app-lock biometrics locally)
- No profiling, scoring, or behavioural targeting
4. Lawful basis for processing (GDPR / LGPD)
Under Article 6 of the GDPR — and the analogous provisions of the Brazilian LGPD — our lawful bases are:
- Performance of a contract (Art. 6(1)(b)) — for account creation, sign-in, Cloud Sync, subscription management and the in-app features you choose to use.
- Legitimate interests (Art. 6(1)(f)) — for keeping the infrastructure secure, preventing abuse and fraud, and dealing with support requests you send us. The legitimate-interest assessment is available on request.
- Legal obligation (Art. 6(1)(c)) — for retaining minimal billing records as required by Portuguese tax law (invoice retention obligation for up to 10 years).
- Consent (Art. 6(1)(a)) — for any future opt-in feature (e.g. an email newsletter). We do not currently run any such feature.
5. No profiling, no automated decision-making
We do not apply any automated decision-making or profiling within the meaning of GDPR Article 22 to your data. We do not credit-score, risk-rate, target, segment or otherwise analyse your financial data to make decisions that produce legal or similarly significant effects for you. The app's local features (budget alerts, cashflow projections, account-limit notifications) are deterministic calculations performed on data you yourself entered; they are not profiling.
6. Where your data lives
- On your device: in the app's SQLite database, isolated by the operating system.
- Firebase Authentication & Cloud Firestore (if Cloud Sync is on): operated by Google Ireland Ltd, primarily in EU regions, with disaster-recovery infrastructure in other Google regions. Google acts as our processor under a Data Processing Addendum, and international transfers (where they occur for backup purposes) rely on Standard Contractual Clauses (SCCs).
7. Subprocessors
We rely on the following processors and sub-processors. We have a Data Processing Addendum or equivalent contractual protection in place with each.
- Google Ireland Ltd — Firebase Authentication (sign-in), Cloud Firestore (Cloud Sync storage), Google Play Billing (subscription payments on Android), and ML Kit Text Recognition (on-device only — no receipt content is sent to Google).
- Apple Distribution International Ltd — Sign in with Apple (sign-in on iOS) and App Store Billing (subscription payments on iOS).
- jsDelivr (Prospect One sp. z o.o.) — global CDN that serves the CC0 exchange-rate JSON file from the fawazahmed0/exchange-api project.
- Cloudflare, Inc. — serves the Cloudflare-Pages fallback copy of the same CC0 exchange-rate dataset.
- Hostinger International Ltd — hosts the zenicash.com website and the support@ / privacy@ mailboxes.
Calls to the exchange-rate providers (open.er-api.com, jsDelivr, Cloudflare) carry only a 3-letter base-currency code — no user identifier and no financial data.
We notify users when we materially change this list, before the new sub-processor begins processing data.
8. How long we keep it
- Local data: until you delete it in the app, uninstall, or use Settings > Advanced > Reset data.
- Cloud-synced data: until you delete it, wipe your cloud copy in Settings > Cloud Sync > Clear cloud data, or delete your account.
- After account deletion: data is removed immediately from live Firestore; encrypted Firebase backups age out within 30 days.
- Billing records: minimal subscription state (active / cancelled / expired and store-receipt id) is retained for up to 10 years per Portuguese tax-law obligation.
- Support correspondence: emails to support@ and privacy@ are retained for up to 3 years for traceability, then deleted.
9. Sharing
We do not sell, rent, or share your personal or financial data with third parties for advertising. We use the processors listed in Section 7 to provide the infrastructure described above. We may disclose data where we are legally compelled to do so (e.g. a binding court order) and will, where lawful, notify you of such a request.
10. Security and breach notification
Connections to Firebase and the exchange-rate APIs use TLS. Cloud Firestore encrypts data at rest. On the device, the SQLite database is protected by the operating system's per-app storage isolation, and you can additionally enable an in-app PIN / biometric lock in Settings > Security. The PIN itself is hashed (salted SHA-256) before being stored.
If we become aware of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority (in Portugal, the CNPD) within 72 hours of becoming aware, as required by GDPR Article 33. If the breach is likely to result in a high risk to affected users, we will also notify them without undue delay (Article 34).
11. Your rights
If you reside in the EU/EEA (GDPR) or the UK, you have the right to access, rectify, port, restrict or object to processing of your data, and to lodge a complaint with a supervisory authority. In Portugal the authority is the CNPD. If you reside in Brazil (LGPD), you have analogous rights under that framework.
You can exercise most of these directly inside the app:
- Access / portability: Settings > Export (CSV / XLSX / PDF) — Premium feature.
- Erasure of cloud data: Settings > Cloud Sync > Clear cloud data.
- Erasure of the account itself: Settings > Cloud Sync > Delete account, or follow the public deletion request page.
- Local wipe: Settings > Advanced > Reset data.
For any request we cannot fulfil in-app, email privacy@zenicash.com. We respond within 30 days.
12. Children
ZeniCash is a tool for adults and professional users. We do not direct the product at users under 16, and we do not knowingly collect data from them. If you believe a minor has signed in, email privacy@zenicash.com and we will erase the account.
13. Changes
We may update this policy when the app changes. Material changes will be surfaced in-app and on this page at least 30 days before they take effect. The "Last updated" date above always reflects the current version; older versions can be requested by email.
14. Contact
Controller: Manor Systems, Unipessoal Lda — NIPC 519 377 753.
Privacy and data-protection requests:
privacy@zenicash.com.
General support: support@zenicash.com.