Refunto – Smart Refund Deadline Tracker

Privacy Policy

Last Updated: January 29, 2026. This Privacy Policy describes how Refunto collects, uses, stores, and protects your personal information when you use our mobile application.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use Refunto, you provide:

  • Account Information: Email address, name, user ID (generated by Supabase Auth)
  • Authentication Data: Login credentials (email/password) or third-party OAuth tokens (Apple Sign-In, Google Sign-In)
  • Refund Data: Store names, product names, amounts, purchase dates, refund deadlines, notes, tracking numbers - ALL user-entered
  • Receipt Photos (Premium): Images uploaded from your camera or photo library
  • User Preferences: Currency, language, timezone, date format, notification settings

1.2 Information Collected Automatically

  • Device Information: Expo push notification token (for sending reminders), device platform (iOS/Android)
  • Subscription Data: RevenueCat user ID, subscription status (free/premium), plan type, transaction IDs (managed by Apple/Google)
  • Usage Analytics: App opens, feature usage (aggregated and anonymized - no personal tracking)
  • Error Logs: Crash reports and technical diagnostics (for bug fixes)

1.3 Information We Do NOT Collect

  • We do NOT track your browsing activity outside the App
  • We do NOT collect location data (GPS, IP addresses for tracking)
  • We do NOT use advertising identifiers or cookies for ads
  • We do NOT scan or process receipt photos with OCR/text recognition
  • We do NOT sell your data to third parties

2. How We Use Your Information

We use your information solely for App functionality:

Core App Functions

  • Store and retrieve your refund data
  • Send push notifications before deadlines expire
  • Display stats (total saved, monthly trends, streak counter)
  • Store receipt photos securely (Premium feature)
  • Sync data across your devices

Account Management

  • Authenticate and verify your identity
  • Manage your subscription (via RevenueCat)
  • Provide customer support
  • Send important service updates (policy changes, security alerts)

App Improvement

  • Fix bugs and technical issues
  • Analyze usage patterns (anonymized) to improve features
  • Prevent fraud and abuse
info

We NEVER:

  • Sell your data to third parties
  • Use your data for targeted advertising
  • Share data with marketers or data brokers
  • Track you across other apps or websites

3. How We Store and Protect Your Information

Data Storage

Your data is stored securely using:

  • Supabase (PostgreSQL Database): Industry-standard cloud database with encryption at rest and in transit
  • Supabase Storage: Secure cloud storage for receipt photos (encrypted)
  • Expo Secure Store: Device-level encrypted storage for session tokens

Security Measures

  • Row Level Security (RLS): Your data is isolated - only you can access your refunds, photos, and preferences
  • Encryption: All data transmitted over HTTPS/TLS. Data at rest is encrypted.
  • Authentication: Secure login via Apple/Google OAuth or email/password with hashed credentials
  • Access Controls: Limited employee access, all access logged and monitored

Data Retention

  • We retain your data as long as your account is active
  • When you delete your account, all data is permanently deleted within 30 days
  • Some anonymized analytics may be retained for business purposes

4. Third-Party Services and Data Sharing

We integrate with the following third-party services:

Supabase (Database and Authentication)

  • Purpose: Store user data, authenticate accounts
  • Data Shared: Email, name, user ID, refund data, receipt photos
  • Privacy Policy: supabase.com/privacy

RevenueCat (Subscription Management)

  • Purpose: Manage Premium subscriptions, track billing
  • Data Shared: User ID, subscription status, transaction IDs
  • Privacy Policy: revenuecat.com/privacy

Expo / Firebase Cloud Messaging (Push Notifications)

  • Purpose: Send push notifications to your device
  • Data Shared: Expo push token, notification content (deadline reminders)
  • Privacy Policies: expo.dev/privacy, Firebase Privacy

Apple / Google (Authentication and App Distribution)

  • Purpose: Apple Sign-In, Google Sign-In, app downloads, subscription billing
  • Data Shared: OAuth tokens, subscription transactions (managed by Apple/Google)
  • Privacy Policies: Apple Privacy, Google Privacy
gavel

Legal Disclosure

We may disclose your information if required by law, court order, or government regulation, or to protect our rights and safety.

5. Your Privacy Rights (GDPR/CCPA Compliance)

You have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you.

How to Request: Email privacy@refunto.com with subject "Data Access Request"

Right to Export (Data Portability)

You can export your data in a machine-readable format (JSON).

How to Request: Email privacy@refunto.com with subject "Data Export Request"

Right to Delete (Right to Be Forgotten)

You can permanently delete your account and all associated data.

How to Delete:

  • In-App: Profile → Security Settings → Delete Account
  • Email: privacy@refunto.com with subject "Delete My Account"

All data (refunds, photos, preferences) will be permanently deleted within 30 days.

Right to Correct

You can update inaccurate information directly in the App (edit refunds, change email, etc.).

Right to Restrict Processing

You can request we stop processing your data (while retaining it). Contact privacy@refunto.com.

Right to Object

You can object to certain data processing. Since we don't use data for marketing, this rarely applies.

Right to Withdraw Consent

You can withdraw consent for data processing by deleting your account.

schedule

Response Time

We will respond to all data requests within 30 days as required by GDPR/CCPA.

6. Children's Privacy (COPPA Compliance)

Refunto is NOT intended for children under 13 years old. We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected data from a child under 13, contact us immediately at privacy@refunto.com and we will delete it.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Categories of Personal Information Collected

  • Identifiers: Email, name, user ID
  • Commercial Information: Subscription status, transaction IDs
  • Internet/Electronic Activity: App usage, error logs
  • User-Generated Content: Refund data, receipt photos

Business Purpose for Collection

We collect this data solely to provide the refund tracking service. We do NOT sell your personal information.

Your CCPA Rights

  • Right to Know: Request disclosure of data collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out of Sale: Not applicable (we don't sell data)
  • Right to Non-Discrimination: We won't discriminate against you for exercising CCPA rights

To exercise CCPA rights, email privacy@refunto.com with your request.

8. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

  • Contract Performance: Processing data to provide the App service
  • Consent: You consent to data collection when creating an account
  • Legitimate Interest: Improving the App, preventing fraud

Your GDPR Rights

See Section 5 above for full details. Key rights include access, deletion, portability, and objection.

International Data Transfers

Your data may be transferred to and stored on servers outside the EEA. We ensure appropriate safeguards through Standard Contractual Clauses with Supabase and other providers.

Data Protection Officer

For GDPR inquiries, contact our Data Protection Officer at privacy@refunto.com.

9. Cookies and Tracking Technologies

The Refunto mobile app does NOT use cookies or web tracking.

We use:

  • Session tokens (stored securely in Expo Secure Store) for authentication
  • Local device storage for offline app functionality

This website may use minimal cookies for functionality (WordPress default). No advertising or tracking cookies are used.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via:

  • In-app notification
  • Email to your registered address
  • Updated "Last Updated" date at the top of this page

Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

11. Contact Information

For privacy questions, data requests, or concerns, contact us:

We will respond to all inquiries within 30 days.

Privacy Summary

What We Collect:

Email, name, refund data you enter, receipt photos (optional), device tokens for notifications

How We Use It:

To provide the app service, send deadline reminders, sync your data

Who We Share With:

Supabase (storage), RevenueCat (subscriptions), Expo/Firebase (notifications), Apple/Google (auth)

What We DON'T Do:

Sell your data, use it for ads, track you outside the app, share with marketers

Your Rights:

Access, export, delete your data anytime. Email privacy@refunto.com