48h only: 30 days Premium free instead of 14
00:00:00
Claim promo in Telegram

Privacy Policy

Effective Date: December 7, 2025

1. Introduction

Welcome to Alveon Financial Tracker ("Alveon", "we", "our", or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial tracking application.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your email address, name, and authentication credentials
  • Financial Data: Transaction records, income information, expense categories, financial goals, and budget settings
  • Profile Information: User preferences, currency settings, timezone, and language preferences

2.2 Information from Third-Party Services

  • Telegram: User ID, username, first name, profile photo (when using Telegram authentication)
  • Google OAuth: Email address, name, profile picture (when using Google Sign-In)
  • Apple FinanceKit: Transaction history, account balances, and account information from Apple Card, Apple Cash, and Apple Savings (when you grant access through iOS Settings)
  • Plaid: Bank account information, transaction history, and account balances (when connecting external bank accounts)

2.3 Automatically Collected Information

  • Usage Data: Information about how you interact with our app, features used, and session duration
  • Device Information: Device type, operating system, browser type, and IP address
  • Cookies: We use essential cookies for authentication and session management

3. How We Use Your Information

We use your information to:

  • Provide and maintain our financial tracking services
  • Authenticate users and manage account security
  • Process and store your financial transactions
  • Send notifications about budget limits, goals, and scheduled reminders
  • Synchronize data across your devices
  • Improve our services and develop new features
  • Provide customer support and respond to inquiries
  • Analyze usage patterns to enhance user experience
  • Comply with legal obligations and prevent fraud

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is securely stored in PostgreSQL databases hosted on Render.com servers. All data transmission is encrypted using industry-standard HTTPS/TLS protocols.

4.2 Security Measures

  • Passwords are encrypted using bcrypt hashing
  • JWT tokens are used for secure authentication
  • Database access is restricted and monitored
  • Regular security audits and updates
  • Tokens are invalidated on password change

4.3 Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. You can request deletion of your account and data at any time.

5. Data Sharing and Disclosure

5.1 We Do NOT Share Your Data

We do not sell, trade, or rent your personal information to third parties.

5.2 Limited Disclosure

We may disclose your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information
  • Service Providers: Third-party services that help us operate (e.g., hosting providers, payment processors) under strict confidentiality agreements
  • Legal Requirements: When required by law, court order, or government regulations
  • Business Transfers: In case of merger, acquisition, or sale of assets (users will be notified)
  • Protection: To protect our rights, safety, and property, or those of our users

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and all associated data
  • Export: Download your financial data in Excel format
  • Portability: Transfer your data to another service
  • Opt-out: Disable notifications and marketing communications

6.2 Account Deletion

To delete your account, go to Settings → Delete Account. This action is permanent and will remove all your data from our servers.

7. Google User Data - Detailed Disclosure

This section provides comprehensive information about how Alveon accesses, uses, stores, and shares Google user data in compliance with Google API Services User Data Policy and Google APIs Terms of Service.

7.1 What Google Data We Access

When you sign in with Google OAuth, we request access to the following OAuth 2.0 scopes:

  • openid - Required to verify your identity and authenticate your Google account
  • https://www.googleapis.com/auth/userinfo.email - To access your Google account email address
  • https://www.googleapis.com/auth/userinfo.profile - To access your Google account name and profile picture

Specific Data Elements Collected:

  • Email Address: Your Google account email address (e.g., user@gmail.com)
  • Name: Your Google account display name (first name and last name if available)
  • Profile Picture URL: URL to your Google account profile picture
  • Google User ID (sub claim): Unique identifier assigned by Google to your account

We do NOT access: Your Google Drive files, Gmail messages, Google Calendar events, Google Contacts, or any other Google services beyond basic profile information required for authentication.

7.2 How We Use Google User Data

We use the Google user data exclusively for the following specific purposes:

7.2.1 Authentication and Account Management

  • Email Address:
    • Used as your primary account identifier in the Alveon application
    • Required for account creation and login authentication
    • Used to send important account notifications (password resets, security alerts, subscription updates)
    • Used to prevent duplicate account creation
  • Google User ID (sub):
    • Used as a unique identifier to link your Google account to your Alveon account
    • Stored in our database to enable Google OAuth login
    • Used to verify your identity on subsequent logins

7.2.2 User Experience and Personalization

  • Name:
    • Displayed in your user profile within the Alveon application
    • Used to personalize your experience (e.g., "Welcome, [Name]")
    • Shown in transaction records and financial reports
  • Profile Picture:
    • Displayed as your avatar in the application interface
    • Used for visual identification in your account profile
    • Stored as a URL reference (not the image file itself)

7.2.3 What We Do NOT Use Google Data For

We explicitly do NOT use your Google user data for:

  • Advertising or marketing purposes
  • Creating user profiles for third-party services
  • Training machine learning models
  • Any purpose other than providing the Alveon financial tracking service

7.3 How We Store Google User Data

7.3.1 Storage Location

  • Primary Database: Google user data is stored in our PostgreSQL database hosted on Render.com cloud infrastructure
  • Geographic Location: Data is stored on servers located in the United States (Render.com data centers)
  • Database Tables: Google user data is stored in the `users` table with the following fields:
    • `email` - Your Google email address
    • `name` - Your Google display name
    • `profile_picture_url` - URL to your Google profile picture
    • `google_user_id` - Your Google User ID (sub claim)
    • `oauth_provider` - Set to "google" to identify the authentication method

7.3.2 Security Measures

  • Encryption in Transit: All data transmission between your device and our servers uses HTTPS/TLS 1.2 or higher encryption
  • Encryption at Rest: Database connections use SSL/TLS encryption, and sensitive data is stored with industry-standard encryption
  • Access Tokens: OAuth 2.0 access tokens and refresh tokens are securely stored in encrypted format and used only for authentication purposes
  • Token Expiration: Access tokens expire after a limited time period, and refresh tokens are used to obtain new access tokens when needed
  • Database Security: Database access is restricted to authorized application servers only, with IP whitelisting and authentication required
  • Password Security: If you set a password for your account, it is hashed using bcrypt with salt before storage

7.3.3 Data Retention

  • Active Accounts: Google user data is retained as long as your Alveon account is active
  • Account Deletion: When you delete your Alveon account, all Google user data associated with your account is permanently deleted from our database within 30 days
  • Inactive Accounts: If your account remains inactive for more than 2 years, we may delete your account and associated data after sending notification emails
  • Backup Retention: Database backups containing your Google user data are retained for up to 30 days for disaster recovery purposes, after which they are permanently deleted

7.3.4 Data Processing

  • Processing Location: Google user data is processed on Render.com servers in the United States
  • Third-Party Processors: We use Render.com as our cloud hosting provider. Render.com processes data on our behalf under strict data processing agreements
  • No Data Mining: We do not perform data mining, analytics, or profiling on your Google user data

7.4 How We Share Google User Data

We do NOT share your Google user data with any third parties.

Your Google user data is used exclusively within the Alveon application and is not:

  • Sold to advertisers or data brokers
  • Shared with marketing companies
  • Used for purposes other than providing our financial tracking service
  • Transferred to other applications or services

7.5 Revoking Google Access

You can revoke Alveon's access to your Google data at any time by:

  • Visiting your Google Account Permissions page
  • Deleting your Alveon account from Settings → Delete Account
  • Unlinking your Google account from Settings → Connected Accounts

7.6 Other Third-Party Services

Telegram Authentication

When you sign in with Telegram, we receive your Telegram User ID, username, first name, and profile photo. This data is used solely for authentication and personalization.

Telegram Privacy Policy

AI Services (OpenAI)

Our AI chat feature uses OpenAI API to provide financial insights. Conversations are processed to answer your questions but are not used to train AI models. We do not share your financial transaction data with OpenAI.

OpenAI Privacy Policy

Google Privacy Policy

For more information about how Google handles your data, please review:Google Privacy Policy

8. Apple FinanceKit Data

Alveon uses Apple FinanceKit to access your Apple Wallet financial data with your explicit permission. This section explains how we handle data from Apple Card, Apple Cash, and Apple Savings.

8.1 What Apple Financial Data We Access

When you grant access through iOS Settings, we may access:

  • Transaction History: Date, amount, merchant name, and category of transactions
  • Account Information: Account type (Apple Card, Apple Cash, Apple Savings), current balance, and available credit
  • Account Identifiers: Unique identifiers to distinguish between accounts

We do NOT access:

  • Your Apple ID credentials or password
  • Card numbers, CVV, or expiration dates
  • Data from other Apple services (Photos, iCloud, etc.)

8.2 How We Use Apple Financial Data

  • Expense Tracking: Display your Apple Card transactions alongside other financial data
  • Budgeting: Include Apple Wallet spending in your budget calculations
  • Financial Insights: Provide analytics and spending patterns across all accounts
  • Categorization: Automatically categorize transactions for easier tracking

8.3 How We Store Apple Financial Data

  • Secure Storage: Apple financial data is stored in our encrypted PostgreSQL database
  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest
  • Access Control: Only authorized application servers can access the data
  • No Raw Credentials: We never store Apple authentication credentials

8.4 Data Sharing

We do NOT share your Apple financial data with any third parties.

Your Apple Wallet data is used exclusively within Alveon for personal finance tracking.

8.5 Revoking Access

You can revoke Alveon's access to your Apple Wallet data at any time:

  • Go to iOS Settings → Alveon → Wallet
  • Disable access to the accounts you want to disconnect
  • Delete your Alveon account to remove all synced data

When you revoke access, we stop receiving new data immediately. Previously synced data remains in your account until you delete it or your account.

8.6 Data Retention

  • Active Accounts: Apple financial data is retained as long as your account is active
  • Account Deletion: All Apple financial data is permanently deleted when you delete your Alveon account
  • Access Revocation: If you revoke access, existing data remains but no new data is collected

9. Children's Privacy

Alveon is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred and stored on servers located outside your country. By using Alveon, you consent to the transfer of your information to countries that may have different data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice in the app or sending an email. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

13. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to object to processing
  • Right to restrict processing
  • Right to lodge a complaint with a supervisory authority
  • Right to withdraw consent at any time

Our legal basis for processing your data is your consent and the necessity to perform our contract with you (providing financial tracking services).

14. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access your personal information
  • Right to equal service and price

Note: We do not sell your personal information.