Privacy Policy
Row-level security means only you can access your financial data.
We do not sell, share, or monetise your personal information.
Download a transaction spreadsheet or full ZIP backup from Settings.
Request account deletion in-app; data removed within 30 days.
1. Who We Are
Drachma is a personal finance application developed and operated under the Drachma name (getdrachma.app). The app is available on Android and iOS where distributed through app stores or testing programmes.
For any privacy-related questions, contact us at: support@getdrachma.app
2. What Data We Collect
We collect only the data you explicitly provide to operate the app. No passive tracking, no advertising SDKs, and no behavioural analytics.
Account data
- Email address (required for sign-in)
- Authentication tokens (managed by Supabase Auth)
- If you use Google Sign-In or Apple Sign-In: your name and email as provided by those services
Financial data (entered by you)
- Transaction records: amounts, dates, categories, notes, payment status
- Account balances and account names
- Budget targets and planned income figures
- Recurring payment schedules
- Receivables (money owed to you) and refund records
- Custom categories and their display settings
- Attached files you choose to add to transactions, such as receipt photos, bills, PDFs, screenshots, and proof-of-purchase documents
- Imported transactions created from CSV files you choose to process in the app; the source CSV file is not stored unless you attach it separately
App settings
- Currency preference, theme (light/dark), language preference
- Fiscal year and budgeting period configuration
- Privacy mode, newsletter preference, transaction filter preferences, and summary view preferences
Support and feedback data
- Feedback or support messages you submit in the app
- Optional reply email, feedback type, app version, platform, and operating system version
Crash and error data
- In production builds, unhandled errors and crash reports are sent to Sentry (see section 5)
- Crash reports do not include financial transaction data
3. How We Use Your Data
Your data is used solely to provide the app's functionality:
- Authenticating your identity and maintaining your session
- Storing and displaying your financial records across devices
- Calculating budgets, summaries, and wealth reconciliation
- Applying recurring payment schedules
- Processing CSV imports that you select
- Uploading, viewing, sharing, saving, and deleting attachments you choose to add
- Generating transaction spreadsheet exports and full ZIP backups on request
- Sending onboarding or newsletter emails if you opt in
- Handling support and feedback messages you submit
- Diagnosing and fixing crashes via Sentry error reports
We do not use your data for advertising, profiling, or any purpose beyond operating the app as described.
4. How Your Data Is Stored
Financial records and settings are stored on Supabase (PostgreSQL), a managed cloud database platform. Attachments are stored in private Supabase Storage paths tied to your user account. The following security measures are in place:
- Row-Level Security (RLS) is enforced on every database table. Database queries are scoped to your user ID — no query can return another user's data, even if the app client were compromised.
- Encrypted in transit: all communication between the app and Supabase uses HTTPS/TLS.
- Encrypted at rest: Supabase encrypts data at rest on the underlying infrastructure.
- On-device protection: the app supports biometric lock (Face ID, fingerprint, or PIN fallback) to prevent unauthorised access on your device. A Privacy Mode option hides all monetary values from the screen.
5. Third-Party Services
Drachma integrates with the following third-party services. We share only the minimum data each service requires to function.
Database, authentication, and file storage. Your financial data and account credentials are stored on Supabase infrastructure. Supabase is SOC 2 Type II certified.
supabase.com/privacy →Email delivery for onboarding and newsletter emails. If you opt in, your email address is sent to Resend to deliver the sequence and manage unsubscribe links.
resend.com/legal/privacy-policy →Crash and error reporting. Triggered only in production builds when the app encounters an unhandled exception. Reports include stack traces, device OS version, and app version — no financial data is included.
sentry.io/privacy →Optional. If you choose to sign in with Google, your Google account email and name are passed to Supabase Auth to create or match your account. We do not receive any other Google account data.
policies.google.com/privacy →Optional. If you choose to sign in with Apple, your Apple-provided email (or relay address) is passed to Supabase Auth. Apple's private email relay means your real address may never be shared with us.
apple.com/legal/privacy →Issue tracking for in-app feedback. If you submit feedback, your message and optional reply email may be sent to GitHub Issues in the project repository so we can track and resolve it.
github.com privacy statement →6. Data Retention
Your data is retained for as long as your account is active. When you request account deletion (available under Settings → Delete Account), your account is placed in a 30-day grace period during which you can cancel the request.
After 30 days, all data associated with your account — including transactions, budgets, accounts, categories, settings, attachments, and support tickets — is permanently deleted from our systems. This deletion is irreversible.
Attachments may also be subject to file count, file size, and retention limits shown inside the app.
Anonymised crash reports held by Sentry may be retained for up to 90 days in accordance with Sentry's standard data retention policy.
7. Your Rights
You have the following rights over your data:
- Access: all your data is visible directly within the app across the Month, Summary, Budgets, and Wealth tabs.
- Export: go to Settings → Export transactions spreadsheet to download a CSV-style spreadsheet of your transactions at any time.
- Full backup: go to Settings → Download full backup to create a ZIP file containing your app data and attachment files.
- Correction: you can edit any transaction, category, account, or setting directly in the app.
- Deletion: go to Settings → Delete Account to initiate permanent account and data deletion (30-day grace period applies).
- Portability: the spreadsheet export and ZIP backup provide your data in machine-readable, portable formats.
To exercise any right that is not available in-app, or if you have a concern about your data, contact us at support@getdrachma.app. We will respond within 30 days.
8. Data Sharing & Selling
We may disclose data only if required by law (e.g. a valid court order) or to protect the safety of users. In such cases we would notify you to the extent permitted by law.
9. Children's Privacy
Drachma is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@getdrachma.app and we will promptly delete it.
10. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you via the app or by email.
Continued use of Drachma after a policy update constitutes acceptance of the revised policy.
Questions about your privacy?
We take data privacy seriously. Reach out and we'll respond within 30 days.
support@getdrachma.app