Privacy Policy
Effective date: June 10, 2026
This Privacy Policy describes what personal data we process in connection with your use of Porteby, a personal finance management application available on iOS and Android (bundle identifier: com.porteby.app) and, in the future, also as a web version (PWA) at porteby.com. This document meets the requirements of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
1. Data Controller
The controller of your personal data is Marek Zelek, a natural person based in Poland.
- Contact e-mail: contact@porteby.com
- Website: https://porteby.com
The controller has not appointed a data protection officer. For all matters concerning your data, you can contact us directly at the e-mail address above.
2. What Data We Collect and Why
We collect only the data necessary for the app to function. You enter all data yourself or it is generated through your use of the app. The only exception is your purchase or subscription status, which, once payments are introduced, we will receive from Apple or Google.
| Data category | Purpose of processing | Legal basis |
|---|---|---|
| Account data: e-mail address, password (stored exclusively as a cryptographic hash, never as plain text), optional display name | Creating and managing your account, signing in, synchronizing data across devices, sending transactional e-mails (e.g. registration confirmation, password reset) | Art. 6(1)(b) GDPR (performance of a contract, i.e. providing the service) |
| Content you enter: wallets, transactions (amounts, currencies, dates, notes, categories), budgets, snapshots of wallet value history, settings (base currency, language, theme, default wallets) | Providing the core function of the app: keeping records of your personal finances, calculations, statistics, synchronization | Art. 6(1)(b) GDPR |
| Purchase or subscription status (once payments are introduced): information about subscription activity provided by the Apple App Store or Google Play | Providing access to paid features, managing subscriptions and billing | Art. 6(1)(b) GDPR, and, with respect to tax and accounting obligations, also Art. 6(1)(c) GDPR |
Providing account data is voluntary but necessary to use the app: without an e-mail address and password we cannot create an account or provide the service. You enter financial content at your own discretion.
We do not make any automated decisions about you and we do not apply profiling within the meaning of Article 22 GDPR.
3. Where Data Is Stored and Who Processes It
Your data is stored in a PostgreSQL database operated through the Supabase service, on Amazon Web Services servers in the eu-west-1 region (Ireland), that is, within the European Union and the European Economic Area (EEA). The database uses a Row Level Security mechanism, which ensures that each user has access only to their own data.
Data recipients:
- Supabase Inc.: a data processor that, on our behalf, provides the database, the authentication system (Supabase Auth), and the sending of transactional e-mails. Processing takes place under a data processing agreement.
- Apple Inc. and Google LLC (once payments are introduced): operators of the App Store and Google Play, who independently, as separate controllers, handle payments and billing data (details in section 7).
The app presents exchange rates based on data that our server retrieves from the open.er-api.com service once per hour. No personal data of users is sent to this service: the server retrieves only public exchange rate tables.
We do not transfer data outside the EEA and we do not use subprocessors that store data outside the EEA.
4. How Long We Keep Your Data
We keep your data until your account is deleted. Account deletion, available directly in the app (Settings, Account section, account deletion option), permanently and irreversibly erases all your data: your account, wallets, transactions, budgets, history, and settings. If legal provisions (e.g. tax or accounting law) require certain billing data to be retained, we will keep it only to the extent and for the period required by those provisions.
5. Offline Mode and Data on Your Device
To allow the app to work without an internet connection, a copy of your data is stored locally on your device as a cache. Once the connection is restored, the data is synchronized with the server. The local copy is protected by your device's security measures, such as screen lock and system encryption, if they are enabled. You remove the local copy by uninstalling the app.
6. Biometrics (Face ID, Touch ID, Fingerprint)
If you enable the biometric lock, verification is performed exclusively by your device's operating system (iOS or Android). The app receives only the verification result, as a yes or no. We do not collect, store, or have access to any biometric data: it never leaves your device.
7. Payments (Apple App Store and Google Play)
Planned subscriptions will be billed entirely through the Apple App Store (iOS) or Google Play (Android). This means that:
- you provide payment data (card number, account details) exclusively to Apple or Google, under the terms described in their privacy policies,
- the controller does not receive your payment card data or any other billing data,
- we receive only information about your purchase or subscription status, which is necessary to give you access to paid features.
Privacy policies of the payment operators: Apple, Google.
8. What We Do NOT Do
Porteby is designed with privacy in mind. In particular:
- we do not display ads and we do not work with advertising networks,
- we do not use analytics tools or tracking (no Google Analytics, Firebase Analytics, tracking pixels, etc.),
- we do not profile users,
- we do not sell or share data for marketing purposes,
- we do not collect location data and we do not request access to your contacts,
- we do not offer social media login, so no data is sent to social media operators.
9. Your Rights Under the GDPR
In connection with the processing of your data, you have the following rights:
- Right of access (Art. 15 GDPR): you can obtain information about what data we process, as well as a copy of it. You can also see all of your data at any time directly in the app.
- Right to rectification (Art. 16 GDPR): you can correct your data yourself in the app or ask us to correct it.
- Right to erasure (Art. 17 GDPR): you can delete your account along with all your data yourself in the app (Settings, Account section, account deletion option). Deletion is permanent and irreversible. You can also request data deletion by writing to contact@porteby.com.
- Right to data portability (Art. 20 GDPR): the app provides data export to a CSV file, a commonly used, machine-readable format.
- Right to restriction of processing (Art. 18 GDPR).
- Right to object (Art. 21 GDPR) to processing based on legitimate interest. We do not currently base any processing on this ground, but this right is available to you should that change.
- Right to lodge a complaint with a supervisory authority: if you believe we process your data unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office (PUODO), Poland (https://uodo.gov.pl), or your local EU supervisory authority.
Since we do not process data on the basis of consent, the right to withdraw consent does not apply. Should we introduce consent-based processing in the future, you will be able to withdraw your consent at any time, without affecting the lawfulness of prior processing.
We respond to requests concerning your rights without undue delay, and no later than within one month of receiving the request.
10. Children
The app is not directed at children under 16 years of age and we do not knowingly collect data from such persons. If we learn that an account has been created by a person under this age, we will delete it along with all associated data. Parents and guardians: if you suspect that your child is using the app, please write to us at contact@porteby.com.
11. Changes to This Policy
We may update this policy, for example in connection with new app features or changes in the law. We will inform you of significant changes in advance, in the app or by e-mail, and the updated version will always be available at https://porteby.com together with a new effective date. Continued use of the app after the changes take effect constitutes acknowledgment of them.
12. Contact
For matters concerning privacy and personal data protection, contact us:
- E-mail: contact@porteby.com
- Website: https://porteby.com
Controller: Marek Zelek, Poland.