Privacy Policy

1. Information We Collect

We collect the following categories of information:

A. Account and Identity Information

• Email address
• Username
• Password (when you sign up using email/password)
• Google account authentication token and basic profile info (such as name/email) when you use Google Sign-In

B. Financial and App Content You Provide

• Transactions (amount, date/time, description, category, pocket/account reference, optional currency details)
• Investments (ticker symbol, quantity, average buy price)
• Pockets/accounts (name, description, icon, balances as calculated by our systems)
• Goals and goal entries (goal name, target/current amounts, entry amounts, descriptions)
• Recurring subscriptions you track (service name, amount, billing schedule, category, linked pocket)
• Preferences (such as selected base currency)

C. Subscription/Plan Information

• Plan status (for example: free, trial, premium)
• Trial/expiry metadata

D. Technical and Usage Information

When you use the Services, our servers and infrastructure may process technical data such as:

• IP address
• Device/app metadata needed to deliver and secure the Services
• Request/response metadata and error logs

We do not use this app to collect precise location, contacts, photos, microphone/audio, camera, or health data.

2. Information Stored on Your Device

Arbor stores limited data locally on your device, including:

• Authentication token
• Refresh token
• Certain app UI state/preferences (for example, temporary dismissal state for trial banner UI)

This data is used to keep you signed in and maintain app behavior/preferences.

3. How We Use Information

We use collected information to:

• Create and manage your account
• Authenticate users (including Google Sign-In)
• Provide budgeting, portfolio, subscription tracking, goals, and analytics features
• Maintain security, prevent abuse, and troubleshoot issues
• Operate, improve, and support the Services
• Comply with legal obligations

4. Legal Bases (Where Applicable)

Depending on your jurisdiction, we process personal data based on:

• Performance of a contract (to provide the Services you request)
• Legitimate interests (service security, fraud prevention, product improvement)
• Consent (where required by law)
• Legal obligations

5. Sharing and Disclosure

We do not sell your personal information.

We may share information with:

• Service providers and infrastructure vendors that help us operate the Services (for hosting, networking, security, and support)
• Google, when you use Google Sign-In
• Legal/regulatory authorities when required by law or to protect rights, safety, and security
• Successors in the event of merger, acquisition, financing, or sale of assets

We require service providers to process data only for authorized purposes and under appropriate safeguards.

6. Third-Party Services

Arbor uses third-party components/services, including:

• Google Sign-In (authentication)

Third-party services process data under their own privacy terms. For Google, see: https://policies.google.com/privacy

7. Advertising and Tracking

Arbor does not use third-party advertising SDKs for targeted ads in the current app build.

Arbor does not use cross-app tracking technologies for advertising purposes and does not use Apple's App Tracking Transparency (ATT) prompt in the current app build.

8. Data Retention

We retain personal information for as long as necessary to:

• Provide the Services
• Maintain account functionality
• Meet legal, accounting, tax, compliance, and dispute-resolution obligations
• Enforce agreements

Retention periods may vary by data type and legal requirements.

9. Security

We use reasonable technical and organizational measures designed to protect your information.

In production, Arbor communicates with backend APIs over encrypted HTTPS connections. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

10. International Data Transfers

Your information may be processed in countries other than your own. Where required, we implement safeguards for cross-border transfers in accordance with applicable law.

11. Your Privacy Rights

Depending on your location, you may have rights to:

• Access personal information we hold about you
• Correct inaccurate information
• Delete your information
• Object to or restrict certain processing
• Request data portability
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with a supervisory authority

To exercise rights, contact us at: chronoarc0408@gmail.com

12. California Privacy Notice (CCPA/CPRA)

If you are a California resident, you may have rights to know, access, delete, and correct personal information, and to limit certain uses of sensitive personal information, subject to legal exceptions.

Arbor does not sell personal information or share personal information for cross-context behavioral advertising as those terms are defined under California law.

You may request to exercise your rights by contacting: chronoarc0408@gmail.com

13. Children's Privacy

Arbor is not directed to children under 13 (or older age where required by local law), and we do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will take appropriate action.

14. Platform Permissions

Android

• Internet access (android.permission.INTERNET) for API communication and sign-in flows.

iOS

• No sensitive iOS runtime permission prompts (such as camera, microphone, photos, contacts, or location) are required for current app functionality.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date and, where required by law, provide additional notice or obtain consent.

16. Contact Us

Data Controller / Company Name: Arbor

Contact email: chronoarc0408@gmail.com

If you have questions about this Privacy Policy or our data practices, contact us using the details above.