Privacy Policy

Effective date: 2026-02-13 Last updated: 2026-03-16

Wally, officially known as Watch My Wallet ("App") is operated by Aleksandrs Vozņarskis (support@watch-my-wallet.com), the data controller under GDPR. Latvia, EU.

1. What Data We Collect

You provide directly

  • Google account email and user ID (sign-in)
  • Profile names you create
  • Financial records: transactions, categories, wallets, balances (fiat and cryptocurrency)
  • App settings: language, theme, default currency

Generated automatically

  • Anonymous device identifier: a random string used for sync only; not linked to your identity
  • Sync metadata: timestamps, version counters
  • Anonymised usage analytics: screen views, feature interactions, and bucketed financial amount ranges (see Section 5)
  • Crash and performance data: stack traces and diagnostic information when errors occur (see Section 5)

We do not collect payment card numbers, banking credentials, location data, biometric data, cryptocurrency wallet addresses, or blockchain data. The App tracks only user-entered amounts and currency codes.

2. Legal Basis for Processing (GDPR)

  • Core app functionality → performance of contract
  • Firebase Authentication → performance of contract
  • Google Drive sync (optional) → your consent
  • Subscriptions → performance of contract
  • Firebase Analytics → legitimate interest (Art. 6(1)(f) GDPR)
  • Firebase Crashlytics → legitimate interest (Art. 6(1)(f) GDPR)

3. How We Use Your Data

To provide and operate the App; authenticate your account; sync data via Google Drive (if enabled); process subscriptions; monitor app stability and fix bugs; understand how features are used to improve the App; respond to support requests; and comply with legal obligations.

4. Google Drive Backup

If you enable sync, the App uses Google Sign-In and the drive.appdata scope — access limited exclusively to the App's private folder in your Google Drive. No other Drive files are accessed.

Backup data is encrypted on-device before upload using AES-GCM with a key derived via PBKDF2 (200,000 iterations). The encryption key is automatically derived from your Google account — you do not need to remember a separate passphrase. Backups can only be decrypted by the same Google account that created them.

5. Firebase Services

Firebase Authentication

Stores your email, Google user ID, and auth tokens to manage sign-in across devices.

Firebase Analytics

Both the Android and iOS versions of the App use Firebase Analytics to collect anonymised usage events, including:

  • Screen navigation (screen names, record types)
  • Onboarding flow events (completion, currency selection, sync preferences)
  • Transaction and transfer events (type, anonymised amount ranges, category)
  • Wallet lifecycle events (creation, editing, deletion)
  • Settings changes (currency, theme, language)
  • Account events (sign-in, sign-out, deletion, profile creation)
  • History interactions (search usage, sorting, date ranges)
Privacy protections applied: Exact financial amounts are never sent — only bucketed ranges (e.g., 0–10, 10–50, 50–100). Custom category names are never transmitted; they are replaced with the literal string "custom" before sending. Wallet names and profile names are never sent.

Firebase assigns an anonymous app-instance identifier (a pseudonymous identifier under GDPR) to each device.

The App does not currently provide an in-app opt-out for analytics. You may limit collection via your device settings (e.g., disabling "Usage & diagnostics" on Android, or limiting ad tracking on iOS).

Firebase Crashlytics

Both platforms use Firebase Crashlytics to collect crash reports, non-fatal error logs, and performance diagnostics. This data is not linked to your personal identity and is used solely for app stability monitoring and bug fixing.

Firebase is operated by Google LLC (USA). Data is subject to Google's Privacy Policy and Data Processing Terms.

6. Currency Exchange Rates

The App fetches exchange rates from two open-source services, called in parallel:

  • Currency API (cdn.jsdelivr.net/npm/@fawazahmed0/currency-api with fallback to currency-api.pages.dev) — provides rates for 149+ fiat and cryptocurrency pairs
  • Frankfurter API (api.frankfurter.app) — provides fiat currency rates sourced from the European Central Bank

Frankfurter rates take priority for fiat currencies where both sources overlap. These requests contain no personal or financial data — only the base currency code (EUR). Rates are cached locally for up to 12 hours.

We have no control over these third-party services' data practices, availability, or accuracy. Exchange rates (including cryptocurrency rates) are provided for informational purposes only and do not constitute financial advice.

7. Subscriptions and Billing

On Android, payments are handled by Google Play; on iOS, by the Apple App Store. We receive only subscription status and a transaction identifier — never payment card details. Subscription status may be stored via Firebase services to verify entitlement across devices.

Payment processing is subject to Google's Privacy Policy (Android) and Apple's Privacy Policy (iOS).

8. Data Sharing

We do not sell your personally identifiable financial data.

We share data with service providers (Google LLC, Apple Inc.) only as necessary to operate the App, under data processing agreements.

We may share or license Aggregated Data — aggregated, de-identified information that cannot identify any individual — with third parties, including for commercial purposes. Aggregated Data is not personal data under GDPR.

We may disclose data if required by law, court order, or to protect our rights or user safety. In a merger or acquisition, data may be transferred with prior notice.

9. Device Identifier

The App generates a persistent anonymous device ID stored locally. It is used only for sync operations, is not shared with advertisers, and is reset when you clear App data or reinstall.

10. Apple Platform Disclosures

App Tracking Transparency

The App does not track users across other companies' apps or websites. No Identifier for Advertisers (IDFA) is collected. No tracking domains are configured. The App does not request App Tracking Transparency permission because no cross-app tracking occurs.

Background App Refresh

The iOS version uses Background App Refresh to sync financial data with Google Drive when you have sync enabled. No data is sent to third parties during background refresh — only encrypted backup operations with your Google Drive.

Privacy Nutrition Labels

In accordance with Apple's App Store requirements, the following data is declared:

Data Type Linked to Identity Used for Tracking Purpose
Email AddressYesNoApp Functionality
NameYesNoApp Functionality
User IDYesNoApp Functionality
Crash DataNoNoApp Functionality
Performance DataNoNoApp Functionality

Third-Party SDK Data Collection

The App integrates Google Sign-In SDK, which may independently collect additional data types as declared in its own privacy manifest, including device identifiers and coarse location. This collection is governed by Google's Privacy Policy and is not controlled by us. The App itself does not request or use location or phone number data.

11. Data Retention

  • Local financial data: until you delete it or uninstall
  • Google Drive backup: until you delete your account or revoke Google access
  • Firebase Auth records: until account deletion
  • Firebase Analytics data: 14 months (Google default retention)
  • Firebase Crashlytics data: 90 days (Google default retention)

Upon account deletion we remove your personal data within 30 days, subject to legal obligations.

12. Your Rights (GDPR)

If you are in the EEA or UK, you may:

  • access, correct, or delete your data
  • restrict or object to processing
  • receive your data in portable format
  • withdraw consent at any time
  • lodge a complaint with your data protection authority (Latvia: dvi.gov.lv)

To exercise rights: support@watch-my-wallet.com — we respond within 30 days.

13. How to Delete Your Data

  • Delete your account: Settings → Accounts → Account actions → Delete account (removes cloud backup, Firebase account, and all local data)
  • Stop sync: Settings → Accounts → Sign out
  • Revoke Google access: myaccount.google.com/permissions
  • Local data: clear App data in system settings or uninstall

14. California Residents (CCPA)

You may request information about data collected, request deletion, and opt out of any sale of personal data. Aggregated, de-identified data that cannot be linked to you is not considered a "sale" under CCPA. To exercise CCPA rights: support@watch-my-wallet.com.

15. International Transfers

Your data may be processed in the United States (Google/Firebase infrastructure) and other jurisdictions where Apple operates. EEA data transfers rely on Standard Contractual Clauses as implemented by Google and Apple.

16. Security

All data in transit is protected via HTTPS/TLS. Google Drive backups are encrypted on-device using AES-GCM before upload. Auth tokens are stored in encrypted device storage (Keychain on iOS, EncryptedSharedPreferences on Android). No method of storage or transmission is 100% secure.

17. Children

The App is not directed to children under 16. We do not knowingly collect data from children. Contact us if you believe a child has provided data.

18. Changes to This Policy

We will update the "Last updated" date above for any changes. Material changes will be notified within the App or by email. Continued use after changes constitutes acceptance.

19. Contact

support@watch-my-wallet.com