Privacy Policy
Effective date: April 6, 2026
Poravno ("we", "us", or "our") provides a multi-currency group expense-sharing application. This Privacy Policy explains what information we collect, how we use it, and the choices you have.
1. Information We Collect
Account information
When you sign in with Google, we receive and store:
- Email address
- Display name
- Profile picture URL
We also store your preferred locale (derived from your device settings) and the date your account was created.
Financial data
To provide the expense-sharing service, we store:
- Expenses, incomes, settlements, and currency conversions you create or participate in
- Transaction amounts and currency codes
- Group memberships and balances
Attachments
You may optionally attach files (such as receipt photos) to expenses. We store the file, a thumbnail, and metadata (file name, size, and content type).
Receipt scanning
When you use the receipt scan feature, the image is sent to a third-party AI service for processing. The image is transmitted in memory and is not stored on our servers for scanning purposes. We log only the fact that a scan occurred (user ID and timestamp) for rate-limiting.
Device information
If you enable push notifications, we store a device token and platform identifier (Android, iOS, or web) to deliver notifications to your device.
2. How We Use Your Information
- Provide the service - calculate group balances, track expenses, and settle debts.
- Authentication - verify your identity via Google Sign-In and maintain your session.
- Notifications - send push notifications about group activity (new expenses, settlements, invitations).
- Receipt scanning - extract line items from receipt images to help you create expenses.
- Currency conversion - fetch current exchange rates to convert between currencies.
- Diagnostics and improvement - monitor application performance and diagnose errors.
3. Third-Party Services
We use the following third-party services to operate Poravno:
| Service | Purpose | Data shared |
|---|---|---|
| Google OAuth 2.0 | User authentication | Email, name, profile picture (received from Google) |
| Firebase Cloud Messaging | Push notifications | Device token, notification content |
| Microsoft Azure | Hosting, data storage, telemetry | All data necessary to operate the service |
| AI receipt scanning provider | Optical character recognition | Receipt images (processed in memory, not stored) |
| Exchange rate API | Currency conversion rates | No personal data - only currency codes |
Each third-party service is subject to its own privacy policy. We do not sell your personal information to any third party.
4. Analytics and Telemetry
We use Azure Application Insights to collect anonymized performance telemetry, including:
- Application errors and stack traces (no personal data)
- HTTP request paths, status codes, and response times (URL query parameters are stripped)
- Device platform and application version
We do not use third-party advertising or behavioral analytics services (such as Google Analytics, Facebook Pixel, or similar).
5. Data Storage and Security
Your data is stored in a PostgreSQL database and Azure Blob Storage, hosted in Microsoft Azure data centers. We use industry-standard security measures, including:
- Encrypted connections (HTTPS/TLS) for all data in transit
- Time-limited, signed URLs for attachment access
- Managed identity and key vault for secrets management
6. Data Retention
We retain your data for as long as your account is active. Diagnostic logs are retained for 30 days.
7. Account Deletion
You can delete your account at any time from the Delete Account page. When you delete your account:
Immediately removed
- Your personal information (email, name, profile picture, locale)
- Your Google sign-in link
- Your sessions and authentication tokens
- Your notifications
- Your group preferences
- Your pending invitations
Anonymized and retained
- Expense and settlement records you participated in are kept for the integrity of shared group balances, but your identity is replaced with "Deleted User" and your email is removed.
- Group memberships are retained with an anonymized identity so existing balances remain accurate for other group members.
There is no additional retention period - personal information is removed immediately upon deletion.
8. Children's Privacy
Poravno is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can promptly delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised effective date.
10. Contact Us
If you have questions about this Privacy Policy or your data, please contact us at: