VulpesX Privacy Policy
Last updated:
This policy explains how VulpesX (“we,” “our,” or “us”) handles personal data for our mobile app (iOS/Android) and our simple marketing website. We designed VulpesX to be offline-first and privacy-respecting.
1) Who we are
VulpesX (“we”, “our”, “us”) provides a mobile expense-tracking app and a simple marketing website for product information and updates. The data controller is [Your Legal Entity Name], established in [Country/State]. You can contact us at support@vulpesx.app.
Payments for the app (including subscriptions or One-time PRO) are processed only by Apple App Store and Google Play Store after launch—no pre-sales or pre-orders through our website.
2) Scope
- VulpesX mobile app (on your device), and
- VulpesX marketing website (including the launch notification form).
We do not sell or share your data
We do not sell or “share” personal information (including for cross-context behavioral advertising).
3) Data we process
App (on-device)
- No account required. We do not run servers for the app and cannot access your on-device data.
- On-device OCR. Receipt scanning/recognition happens locally on your device.
- Use your device’s system lock (PIN, passcode, or biometrics) for additional protection.
- Local notifications. The app may show notifications generated on-device (no server push).
- Exports/backups. You can export to CSV/PDF or create local backups. We do not receive these unless you choose to send them to us.
- Device permissions. When you use camera or photo access for receipt OCR, images are processed locally on your device. We do not upload these images to our servers.
- Connectivity. The app functions offline. Internet access occurs only when you choose actions handled by other apps/services (e.g., opening the store for purchase/restore, viewing our website, or composing an email).
Website
- Launch notification form. We collect your email and optional name via Google Apps Script to Google Sheets to send a single launch email. A hidden “honeypot” field helps reduce spam; if it’s filled, we discard the submission.
- Local/session storage (no cookies for these). Minimal keys to improve your experience:
theme,locale,announceDismissed,introSeen. - Analytics (optional). If enabled, we use a privacy-friendly analytics service (e.g., Plausible) that provides aggregated metrics and typically does not use cookies. We do not set tracking cookies and do not respond to “Do Not Track” browser signals because we do not track you across sites.
- No ad trackers.
Hosting/CDN logs (minimal)
Our hosting or CDN provider may generate transient server logs (e.g., IP address, user agent, referrer, requested URL) for security, abuse prevention, and reliability. We do not combine these logs with other data to identify you; retention follows provider defaults and operational needs.
4) Why we use data & legal bases
- Provide the app/website (store your theme/locale on your device): legitimate interests / performance of contract.
- Launch notification email (if you submit the form): consent (you can withdraw anytime).
- Support communications (when you email us): legitimate interests (to respond) and legal obligations (record-keeping where applicable). The prefilled subject/body in the app is generated on your device and is editable before sending.
- Reliability & security (basic hosting/CDN logs, spam prevention): legitimate interests.
- Compliance (lawful requests, enforcing terms): legal obligations.
Note: Legal bases are provided to help users understand typical justifications; specific rights/bases may vary by jurisdiction.
5) Sharing & processors
We do not sell your personal information or share it with ad networks. We use limited service providers (“processors”) for the website and purchases:
| Processor | Purpose | Data | Notes |
|---|---|---|---|
| Google Apps Script / Sheets | Launch notification form handling | Email, optional name | Stored in our Google account; may involve international transfers. |
| Email provider | Sending launch email & support replies | Email address, message content | Retention per section 7. |
| Apple App Store / Google Play | Purchases, subscriptions, restore | Purchase status (via store); no card details to us | We do not receive your full payment details. |
| Plausible (if enabled) | Aggregated analytics | Aggregate counters; typically cookieless | No ad tracking; can be disabled. |
| Hosting/CDN | Serving the website; security | Transient logs (IP, UA, referrer, URL) | Short retention for security/abuse prevention. |
These providers process information under their own terms and privacy notices.
6) International transfers
If you submit the launch notification form or contact us, your information may be processed outside your country (for example, by Google or our email/analytics vendors). Where required, we rely on Standard Contractual Clauses (SCCs) or comparable safeguards offered by the provider. By submitting information, you acknowledge such transfers to the extent permitted by law.
7) Retention
- App data: only on your device until you delete it or uninstall the app. We cannot access or restore on-device data.
- Launch notification entries: kept until the launch email is sent or you ask us to delete (support@vulpesx.app). We purge the list within 30 days after the launch email is sent.
- Support emails: up to 24 months after last interaction, unless a longer period is required by law or to resolve an issue.
- Hosting/CDN logs: up to 90 days for security and abuse prevention.
8) Your choices & rights (generally)
Your rights depend on your location, but commonly include the ability to:
- Access, correct, or delete your information (e.g., ask us to remove your launch notification request).
- Withdraw consent: email us at support@vulpesx.app to stop emails or request deletion anytime.
- Object or limit certain processing and request portability where applicable.
- Lodge a complaint with your local data authority.
To exercise rights related to the website/launch notification list, email support@vulpesx.app. For app data, changes are made in the app on your device (we don’t have your app data).
To protect your data, we may request reasonable information to verify your identity before fulfilling a rights request. We aim to respond within 30–45 days, subject to applicable law. We may deny manifestly unfounded or excessive requests.
EEA/UK users
If you are in the EEA/UK, you may have rights to access, correct, delete, restrict or object to processing, and data portability under applicable law. You also have the right to lodge a complaint with your local supervisory authority. Our legal bases are described in section 4.
California residents
Under the CCPA/CPRA, you may request access, correction, or deletion of your personal information. We do not sell or “share” personal information (as defined by CPRA), and we do not use cross-context behavioral advertising. To exercise rights, email support@vulpesx.app. We will not discriminate against you for exercising your rights.
9) Security
- On-device first. App data stays on your device.
- Device security. Use your device’s system lock (PIN, passcode, or biometrics) for additional protection.
- Transport. Website submissions are sent over HTTPS where supported.
- Least data. We collect as little website data as possible and limit access to those who need it.
Security is a shared responsibility. Keep your OS updated and maintain your own backups. We cannot recover local data stored only on your device.
10) Children’s privacy
VulpesX is not directed to children under 13 (or under 16 where that age applies). If you believe a minor provided us information via the website, contact support@vulpesx.app. Upon verified notice, we will delete such information.
11) Pricing & purchases (clarity note)
Pricing currently includes a one-time PRO unlock and optional auto-renewing subscriptions. In the store, we plan to offer: One-time PRO for USD $79.99, a Monthly subscription for USD $3.99, and a Yearly subscription for USD $29.99. Final prices, local currency equivalents, and taxes are always shown by the Apple App Store or Google Play Store under their terms and privacy notices.
Pricing may include subscriptions and/or One-time PRO and may change over time. All purchases are processed by Apple App Store or Google Play Store under their terms and privacy notices.
One-time PRO scope. One-time purchases unlock PRO features for this app (same store listing/app ID). New apps, platforms, or major re-releases may be offered separately unless explicitly stated.
12) Changes to this policy
We will post updates here with a new “Last updated” date. For material changes, we may display an in-app or on-site notice where reasonable.
13) Contact us
Questions or requests: support@vulpesx.app
If you submitted your email for launch notification and want it removed before launch, contact us at the address above.
14) Not legal advice
This Privacy Policy is provided for general information only and is not legal advice. You should consult your own counsel about your specific situation.