Privacy Policy

We collect only the data that is strictly necessary to deliver Squins' functionality. Here is a complete, transparent list of everything we store and why:

Account information: Your email address (used for Firebase Authentication), display name, and optionally a profile picture. Profile pictures are uploaded to Firebase Storage under your unique user ID and are only accessible by your own authenticated session. When you sign in with Google Sign-In, Google provides your name, email, and profile picture from your Google Account — we store only what is needed for authentication and personalization. We do not collect your Google contacts, calendar, or any other Google account data.

Financial data: Transaction records you manually enter (amount, category, date, optional note), budget configurations, and savings goals you create. This data is stored in Firebase Firestore under per-user Security Rules.

AI chat history: To give you seamless access to your AI Copilot history across all your devices, your chat sessions — including your messages and the AI's responses — are securely synced to Firebase Firestore under your account. This is what makes your conversation history available when you switch devices or reinstall the app. Your sessions are protected by the same strict per-user Security Rules as your financial data, and are permanently deleted when you delete your account.

App preferences: Your chosen language (English, German, French, or Spanish) and your budget alert preference (on/off) are synced to your Firestore account document. This allows Cloud Functions to deliver budget alerts in your language and according to your preference — even when the app is in the background. These preferences are also cached locally via SharedPreferences for instant startup.

Device notification token: When you grant notification permissions, your device's Firebase Cloud Messaging (FCM) token is stored in your Firestore account document. This token is a push-notification address — it is how we know where to deliver your budget alerts. It does not identify your device to third parties, and it is deleted with your account.

Device sessions: To support the multi-device management view (which shows which devices are logged in to your account), we store a small record per active session: a device name and last-active timestamp. This data is scoped to your Firestore account document.

Advertising identifiers (free-tier users only): If you are using Squins on the free plan — and are not a Pro subscriber or currently on your 7-day free trial — our advertising partners may collect your device's advertising identifier (IDFA on iOS or Android Advertising ID / GAID on Android), your IP address, and basic device signals (model, OS version, ad interaction data). This is how we can offer Squins at no cost. If you are on Squins Pro or within your 7-day free trial, advertising SDKs are never initialized and none of this data is collected. See Section 13 for full details and opt-out options.

We do not collect device contacts, location data, phone numbers, SMS history, or any information unrelated to personal finance management.

Squins uses Firebase Firestore's offline persistence to keep a local copy of your data on your device. This is what makes the app work beautifully without an internet connection — you can add transactions, view your history, and check budgets even when you are offline.

How this works in practice: Firebase Firestore is a cloud database — your data lives in the cloud, and the local copy on your device is an offline cache that mirrors it. When you are connected to the internet, any changes you make are automatically and continuously synchronized to Firestore cloud storage in real time. When you go offline, changes queue locally and sync the moment connectivity returns.

This cloud sync is what protects your data if you lose or replace your phone — simply sign in on your new device and your complete financial history is immediately available. Local storage is scoped to your device's application sandbox and is not accessible to other apps.

All data synchronized with Firebase Firestore is protected by multiple layers of security:

In transit: All communication between the Squins app and Google Firebase servers is encrypted via TLS 1.3, preventing any interception.

At rest: Firebase encrypts all stored data using AES-256, a symmetric encryption standard trusted by financial institutions worldwide. Your transaction records are never stored as plaintext on any server.

Access control: Firestore Security Rules enforce strict per-user data isolation. Your records can only be read by your own authenticated session. Any access to your data using Firebase administrative credentials requires explicit authorization and generates an auditable access log in Google Cloud. We maintain a strict policy of zero routine access to individual user records — your financial data is your business, not ours.

Squins includes two AI-powered features, each with a clear and transparent data flow:

AI Financial Report (Squins Wrapped): When you generate a financial report or insight, Squins computes an aggregated summary locally on your device — your individual transactions never leave the app raw. The following aggregated, anonymized fields are then sent to the Google Gemini API to generate the narrative text:

— Total income (rolling 12 months)
— Total expense (rolling 12 months)
— Net savings figure
— Number of transactions in the period
— Top spending category name
— Best-performing month label (e.g., "March 2026")
— Your selected currency symbol
— Your app language preference
— The upcoming forecast month label

No personally identifiable information — your name, email address, individual transaction notes, or raw transaction list — is ever included in these requests.

AI Copilot (Chat): When you use the conversational AI Copilot, the text of your messages and the current session context are transmitted to the Google Gemini API to generate responses. Please do not include sensitive personal identifiers — such as full names, bank account numbers, government ID numbers, or passwords — in your chat messages, as we cannot redact free-form text before it is sent for processing.

Chat session storage: To ensure your conversation history is available across all your devices, your AI chat sessions are securely stored in Firebase Firestore under your account, protected by the same per-user Security Rules as your financial data. Sessions are permanently purged when you delete your account. You can view and manage your session history directly within the app.

Your data is never used to train AI models. Google Gemini API usage is governed by Google's Generative AI Terms of Service, which explicitly prohibit using API inputs to improve base model weights. Your financial habits are yours alone — not data points in someone else's training set.

Important disclaimer: All AI-generated insights are for informational purposes only and do not constitute professional financial advice. See Terms of Service, Section 2, for the full disclaimer.

Squins supports Face ID and Fingerprint authentication as an optional app-lock mechanism. We do not have access to your biometric data at any point.

All biometric processing is handled exclusively by your device's operating system (iOS Secure Enclave or Android Keystore). Squins only receives a boolean success/failure signal from the OS — your actual fingerprint or facial geometry is never transmitted to or stored by Squins or any of our third-party services.

Squins does not sell, rent, trade, or share your personal or financial data with any advertising networks, data brokers, marketing agencies, or third-party commercial entities.

Your spending habits, income figures, and financial goals are among the most sensitive data you own. We treat them accordingly. Squins' business model is built on delivering genuine value through premium features — not on monetizing your private information.

The third-party services that receive your data are listed in Section 7 below. For all users, these are Google Firebase (infrastructure), Google Gemini (AI features), and RevenueCat (subscription management). For free-tier users only, two advertising partners — Google AdMob and AppLovin MAX — may also receive advertising identifiers and device signals, as fully described in Section 13. Pro subscribers and free-trial users are completely excluded from ad network data sharing — advertising SDKs are never initialized for them. Every service receives only the minimum data required for its specific function, governed by strict data processing agreements.

Squins relies on the following sub-processors to deliver its service. No other third parties receive your personal or financial data:

Google Firebase (Google LLC) — Our entire backend infrastructure. Firebase Authentication handles secure sign-in and identity management. Firebase Firestore stores your transactions, budgets, goals, AI chat sessions, and account preferences, with per-user Security Rules enforcing strict data isolation. Firebase Storage holds your profile picture. Firebase Cloud Functions execute server-side automation — specifically, reading your FCM token, language preference, and budget alert preference to deliver scheduled push notifications. Firebase Remote Config fetches app configuration parameters at startup. Firebase operates under Google's enterprise data processing agreements, ISO 27001 certification, and SOC 2/3 compliance. Firebase Privacy →

Google Gemini (Google LLC) — Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Powers the in-app AI Financial Report and AI Copilot chat features. When you use an AI feature, aggregated financial summaries or your chat messages are transmitted to the Gemini API as described in Section 4. No raw transaction lists or personally identifiable information are included in financial report requests. Google's Generative AI API terms explicitly prohibit using API inputs to train or improve base model weights. Google Generative AI Terms →

RevenueCat, Inc. — 633 Tasman Drive, Sunnyvale, CA 94089, USA. Manages in-app subscription entitlements for Squins Premium. When you are signed in, your Firebase UID is shared with RevenueCat so your subscription status can be linked to your account. RevenueCat also receives your platform (Android or iOS), subscription product identifier, and purchase receipt data from the app store. RevenueCat does not receive your financial data, transaction history, or AI chat content. RevenueCat processes this data solely to verify and deliver your Premium entitlement. RevenueCat Privacy →

Google AdMob (Google LLC) — 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Delivers in-app advertisements to free-tier users only. Pro subscribers and users on the 7-day free trial are completely excluded — AdMob's SDK is never initialized for them. AdMob may collect the device's advertising identifier (IDFA on iOS, AAID on Android), IP address, device model and OS version, and ad interaction signals (impressions, taps) to serve and measure ads. AdMob does not receive your financial data, transaction records, AI chat content, or email address. Google Ads Privacy →

AppLovin Corporation (AppLovin MAX) — 1400 N. Shoreline Blvd, Mountain View, CA 94043, USA. An advertising mediation partner that serves ads to free-tier users only. Like AdMob, AppLovin MAX is never initialized for Pro subscribers or free-trial users. AppLovin may collect advertising identifiers (IDFA/AAID), IP address, device information, and ad interaction data for ad delivery and measurement purposes. AppLovin does not receive your financial data, transaction records, AI chat content, or email address. AppLovin Privacy →

All processors listed above are subject to applicable data protection legislation. The Google LLC entities operate under EU Standard Contractual Clauses (SCCs) for international data transfers. RevenueCat is certified under the EU-U.S. Data Privacy Framework. AppLovin Corporation processes data under applicable GDPR and CCPA frameworks. Your data is protected regardless of where it is processed.

When you are connected to the internet, Squins automatically and silently syncs your transaction data to Firebase Firestore. This operates as a real-time backup, ensuring your financial records survive device loss, damage, or replacement.

Backups are encrypted at rest (AES-256) and logically isolated per user account. No cross-user data leakage is possible by design.

You can export your complete financial history at any time via Settings → Export Data. Squins supports two portable formats: CSV (spreadsheet compatible) and PDF (formatted report). Both exports are generated entirely on-device — no data is sent to external servers during the export process. We recommend exporting before deleting your account, as deletion is permanent and irreversible.

Regardless of your location, Squins honors the following rights:

Right of Access: You may request a complete copy of all data we hold about you at any time by emailing support@squins.app.

Right to Rectification: You can correct inaccurate personal data directly within the app (Settings → Edit Profile) or by contacting us.

Right to Erasure ("Right to be Forgotten"): You may request permanent, irreversible deletion of your entire account and all associated data — including financial records, AI chat history, preferences, and notification tokens — via Settings → Account → Delete Account in the app, or by emailing support@squins.app. Deletion is completed within 30 days.

Right to Portability: Export your full transaction history as a structured CSV or formatted PDF from Settings → Export Data at any time.

Right to Object / Restrict Processing: To object to any specific data processing activity or request that we restrict processing of your data pending an inquiry, contact us at support@squins.app. We will respond within 30 days.

To improve the app experience, Squins may collect fully anonymized, aggregated usage analytics. These events track which features are used and how often — for example, "Analytics tab opened" or "AI Advisor session started" — without any personally identifiable context.

Analytics data is never linked back to your individual account, email, or transaction history. We do not use session recording, heatmapping tools, or any technology that captures the specific content you enter into the app.

If you wish to opt out of anonymized analytics collection, please contact us at support@squins.app with the subject "Analytics Opt-Out Request." We will process your request within 30 days.

Active accounts: Your data is retained for as long as your account remains active. There is no automatic expiry for transaction records — your financial history is yours to keep.

Deleted accounts: All data — transactions, budgets, goals, AI chat sessions, preferences, notification tokens, and device sessions — is permanently purged from our servers within 30 days of a confirmed deletion request. After this period, no recovery is possible.

Inactive accounts: Accounts with no login activity for 36 consecutive months will receive an email notification. If no response is received within 60 days, the account data may be deleted in accordance with our data minimization policy.

Anonymized analytics: Aggregated, non-identifiable usage statistics are retained indefinitely to inform product development decisions.

Squins is designed for adults managing their personal finances. You must be at least 16 years old to use Squins if you are located in the European Union or European Economic Area. For users in other regions, the minimum age is 13 years, subject to applicable local law.

We do not knowingly collect personal data from children under the applicable minimum age. If we become aware that a child below the minimum age has created an account, we will promptly delete the account and all associated data.

If you believe a child has registered without parental consent, please notify us immediately at support@squins.app.

To keep Squins free for everyone, we show ads to users on the basic free plan. Here is exactly how it works and what it means for your data.

Who sees ads: Ads are displayed only to free-tier users. If you have an active Squins Pro subscription or are currently within your 7-day free trial, your experience is 100% ad-free — advertising SDKs (AdMob and AppLovin MAX) are never initialized for your session, which means the ad networks cannot collect any data about you whatsoever.

Our advertising partners: We work with two industry-standard ad networks to serve ads on the free tier:
— Google AdMob (Google LLC) — one of the world's largest mobile advertising platforms.
— AppLovin MAX (AppLovin Corporation) — an ad mediation platform that helps deliver relevant, high-quality ads.

What these networks may collect from free-tier users:
— Your device advertising identifier: the IDFA on iOS, or the Android Advertising ID (AAID/GAID) on Android. This is a resettable, pseudonymous ID assigned by your operating system specifically for advertising purposes.
— Your IP address, which may be used to derive a general location (country/city level) for regionally relevant ads.
— Device information: device model, operating system version, screen size, and language setting.
— Ad interaction data: whether an ad was displayed (impression) and whether you tapped it (click).

What they never receive: Your financial transactions, budgets, savings goals, AI chat history, email address, display name, profile picture, or any other Squins-held personal or financial data is never shared with ad networks. The advertising SDK operates in a completely isolated data context from the rest of the app.

Legal basis (GDPR — EU/EEA users): For users in the EU and EEA, the collection of advertising identifiers for personalized ads is based on your explicit consent. Where required by applicable law, Squins presents a consent prompt at first launch in line with the IAB Transparency and Consent Framework (TCF 2.2). You may review or update your advertising consent preferences at any time via Settings → Privacy → Ad Preferences. If you do not consent, only non-personalized (contextual) ads will be displayed and no advertising identifier is shared with ad partners.

How to opt out of personalized advertising at the OS level:
iPhone / iPad (iOS 14.5+): Go to Settings → Privacy & Security → Tracking and disable "Allow Apps to Request to Track." Additionally, go to Settings → Privacy & Security → Apple Advertising and disable "Personalized Ads."
Android: Go to Settings → Google → Ads and tap "Delete advertising ID" (Android 12 and above), or enable "Opt out of Ads Personalization" on older Android versions.

The most complete option: Upgrade to Squins Pro. When your Pro subscription is active, both AdMob and AppLovin MAX are never initialized at the code level — the most comprehensive privacy protection available and the only option that prevents any ad-network data collection entirely. Learn about Pro →