Privacy Policy

ShahiDeal ("we," "our," or "us") built the Shahi Expense app (the "App") as a free, ad-supported application. This Privacy Policy explains how we collect, use, and protect your information when you use our App.

1 Information We Collect

a) Information You Provide

All financial data you enter into the App is stored locally on your device. This includes:

• Expense and income transactions (amount, category, date, payment mode, notes, receipt images)
• Invoice details (client names, amounts, line items, HSN codes, tax rates, due dates)
• Client/party information (names, phone numbers, email, GSTIN, PAN, addresses)
• Company/business details (name, logo, contact information, signature)
• Payment records, settlement history, and payment-invoice linkages
• Budget and category configurations
• Stock/inventory items, pricing, and stock ledger entries
• App preferences (theme, language, currency, invoice template settings)

b) Automatically Collected Information

• Device Information: Device type, model, operating system version, and app version for compatibility, crash reporting, and analytics purposes.
• Usage Analytics: Anonymous app usage data such as screen views, feature usage patterns, and session duration via Firebase Analytics. This data does not include your financial information.
• Crash Reports: If the App crashes, Firebase Crashlytics automatically collects crash logs including device state, stack traces, and app version to help us identify and fix bugs.
• Push Notification Token: Firebase Cloud Messaging (FCM) token for delivering push notifications. We do not link this token to your personal identity.
• App Configuration Data: We access Firebase Firestore to check the minimum required app version for your platform to ensure you are using a supported version.

2 Third-Party Services

The App uses the following third-party services that may collect information:

a) Google AdMob (Advertising)

We display advertisements through Google AdMob to support the free version of the App. The App uses the following ad formats: banner ads, interstitial ads, rewarded ads, rewarded interstitial ads, native ads, and app open ads. AdMob may collect:

• Device advertising identifier (GAID on Android, IDFA on iOS)
• IP address
• General location (country/region level)
• Device and app interaction data
• Demographic and interest data for personalized advertising

We use the Google User Messaging Platform (UMP) to collect consent for personalized advertising in compliance with GDPR, CCPA, and other applicable regulations. You can manage your ad consent preferences at any time from Settings > Privacy & Legal > Ad Consent Preferences.

For more information, see Google's Privacy Policy.

b) Firebase Analytics

We use Firebase Analytics to understand how users interact with the App. This service collects:

• Anonymous usage statistics (screens viewed, features used, session frequency)
• Device information (model, OS version, screen size)
• App version and installation source
• Approximate geographic location (country/region level from IP)

This data is aggregated and anonymized. It does not include any of your financial or business data.

c) Firebase Crashlytics

We use Firebase Crashlytics to automatically collect crash reports when the App encounters an error. Crash reports include:

• Stack traces and error details
• Device state at the time of the crash (memory usage, battery level, orientation)
• Device model, OS version, and app version
• A Crashlytics installation UUID (not linked to your personal identity)

Crash reports do not contain any of your personal or financial data.

d) Firebase Cloud Messaging & Firestore

• Firebase Cloud Messaging: Used for sending push notifications about app updates and announcements.
• Cloud Firestore: Used only to read app version configuration data. No user data is written to Firestore.

For more information, see Firebase Privacy Policy.

e) App Tracking Transparency (iOS)

On iOS 14 and above, we request your permission via Apple's App Tracking Transparency framework before accessing the device's advertising identifier (IDFA). You can change this permission at any time in your device's Settings.

f) Third-Party APIs

The App's Tools section may connect to the following free public APIs for utility features:

• Gold/Silver Prices: gold-api.com for live precious metal prices
• Currency Exchange Rates: frankfurter.dev for live exchange rates
• IFSC Lookup: ifsc.razorpay.com for bank branch details
• Pincode Lookup: api.postalpincode.in for postal information

These APIs receive only the specific query data (e.g., IFSC code, pincode) and your device's IP address. No personal or financial data is shared with these services.

g) Google Fonts

The App uses Google Fonts for text display. Fonts may be downloaded from Google's servers, which may log standard web request data (IP address, browser type).

3 Ad Consent and Personalization

• Before showing personalized ads, we request your consent through Google's User Messaging Platform (UMP) in compliance with GDPR and other privacy regulations.
• If you are in the EU/EEA, you will see a consent dialog on first launch where you can choose to allow or decline personalized advertising.
• If you decline personalized ads, you will still see ads, but they will not be personalized based on your interests.
• You can update your consent choice at any time from Settings > Privacy & Legal > Ad Consent Preferences.
• On iOS, the App Tracking Transparency prompt allows you to opt out of cross-app tracking for ad personalization.

4 How We Use Your Information

• To provide the App's core functionality: expense/income tracking, invoicing, payment management, stock management, budgeting, and financial reporting
• To generate PDF invoices and reports locally on your device
• To display advertisements via Google AdMob (personalized or non-personalized based on your consent)
• To send push notifications about app updates or important announcements
• To check whether your app version is still supported
• To monitor app stability and fix crashes via Crashlytics
• To understand usage patterns and improve the App via Analytics
• To provide utility tools (currency conversion, IFSC lookup, gold rates, pincode lookup)

5 Data Storage and Security

• All your financial and business data is stored locally in an SQLite database on your device.
• Data is not encrypted at rest by the App. We recommend using your device's built-in security features (screen lock, device encryption) to protect your data.
• Backup files exported from the App are in JSON format and are stored/shared at your discretion.
• PDF invoices and reports generated by the App are stored temporarily and shared as you choose.
• Analytics and crash data are stored on Google's Firebase servers in accordance with Google's data retention policies.

6 Data Sharing

We do not sell, trade, or share your personal or financial data with any third party. Data sharing occurs only in these cases:

• You explicitly share or export data (PDF invoices, backup files, CSV exports) using your device's sharing functionality.
• You share invoices via WhatsApp or other messaging apps.
• Google AdMob collects anonymized device data for advertising as described above.
• Firebase Analytics and Crashlytics collect anonymized usage and crash data as described above.
• Third-party API services receive query data (IFSC codes, pincodes) when you use the Tools features.

7 Permissions

The App may request the following device permissions:

• Camera: To capture photos of receipts or company logos.
• Photo Library / Storage: To select images for receipts, company logos, or invoice signatures.
• Internet: For displaying ads, push notifications, analytics, crash reporting, version checking, and utility API calls.
• Notifications: To receive push notifications about updates.
• App Tracking Transparency (iOS): To request permission for cross-app tracking for personalized ads.

8 Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

9 Data Retention and Deletion

• Your financial data is retained on your device as long as the App is installed.
• Uninstalling the App will permanently delete all locally stored data.
• You can export a backup before uninstalling if you wish to preserve your data.
• You can use the "Import Backup" feature to restore data on a new device.
• Analytics data is retained by Firebase according to Google's standard retention policies (typically 14 months for user-level data).
• Crash data is retained by Firebase Crashlytics for 90 days.

10 Your Rights

Since all financial data is stored locally on your device, you have full control over it. You can:

• View, edit, or delete any data within the App at any time.
• Export all your data via the backup or CSV export features.
• Delete all data by uninstalling the App.
• Manage your ad personalization consent from Settings.
• Opt out of analytics collection by contacting us.
• Control App Tracking Transparency settings in your iOS device settings.

If you are in the EU/EEA, you have additional rights under GDPR including the right to access, rectify, and erase your data, and the right to object to processing. Since your data is stored locally, these rights are exercised directly through the App.

11 Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy within the App or on our website. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

12 Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us: