Previous Update: January 5, 2026 - Initial version
Latest Update: February 2, 2026 - Updated to disclose backend authentication & email delivery
Introduction
ConTrac ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ConTrac (the "App").
Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
ConTrac is designed with privacy as a core principle. Your subscriptions and budgets are stored locally on your device by default. However, if you choose to create or use a ConTrac account for authentication (email/password or Apple Sign In backend sync), we will process a small amount of personal data to provide that authentication and to send essential account emails.
Data Stored Locally:
Subscription and contract information (names, amounts, dates, categories)
Budget information and spending limits
Notification preferences
App settings and preferences
Calendar event data (if you enable calendar integration)
Account & Authentication Data (Backend):
Email address (used for account authentication and essential communications like verification and password reset)
Full name (optional; used for personalized greetings and email content)
Password hash (only if you use email/password; we do not store your password in plain text)
Email verification status (whether your email is verified)
Security and audit data such as timestamps, limited logs related to verification/login, and (when applicable) IP address and user agent used to request/verify tokens
Sign in with Apple:
If you choose to use Sign in with Apple, Apple handles the authentication step. We do not receive or store your Apple ID password.
If you enable/use backend features that require an account record, we may store the email and name Apple provides (typically on first sign-in) so we can provide essential account communications.
1.2 Automatically Collected Information
We do NOT collect for advertising or tracking:
Advertising identifiers
Data broker information
Cross-app tracking data
Service/Security information (when using backend authentication):
We may collect IP address and user agent for security, abuse prevention (rate limiting), and audit logging around authentication and verification.
Apple diagnostics:
Apple may collect device diagnostics as part of iOS/App Store services. This is governed by Apple's policies and your device settings.
2. How We Use Your Information
2.1 Local-only app data
By default, subscription/budget data is stored locally on your device:
Data Processing: All processing occurs on your device. No data is sent to external servers.
No Cloud Sync (Default): By default, your data never leaves your device.
Optional iCloud Sync: If you enable iCloud sync, your data is stored in your personal iCloud account, subject to Apple's iCloud Privacy Policy. We do not have access to this data.
2.2 Backend authentication (if you use an account)
If you choose to use backend authentication features, we use account data to:
If you use backend authentication, account/authentication data is stored on our backend infrastructure (application + database).
We apply industry-standard security practices including:
TLS (HTTPS) in transit
Password hashing (bcrypt) for email/password accounts
Token hashing for verification tokens (tokens are not stored in plain text)
Restricted access to production secrets and database
3.4 Data Retention
Your data remains on your device until you delete it or uninstall the app.
If you delete the app, most local data is automatically removed by iOS. However, some data may persist:
Keychain items (authentication tokens) may remain in your device's Keychain until you manually clear it in Settings or restore your device.
iCloud data (if you enabled iCloud sync) remains in your iCloud account until you manually delete it or delete your Apple ID.
For complete data deletion, we recommend using the "Delete Account" feature in the app before uninstalling. This ensures all local app data (including Keychain items and calendar events created by the app) is properly removed, and (if you used backend authentication) it also requests deletion of your backend account data.
Calendar Events Deletion: When you delete a subscription, its associated calendar events are automatically deleted. When you delete your account, all calendar events created by the app are automatically deleted. This includes both single events and recurring events (all future occurrences).
You can export your data at any time from within the app.
4. Your Rights and Choices
4.1 Access and Control
View Your Data: All your data is accessible within the app.
Edit Your Data: You can modify or delete any information at any time.
Export Your Data: You can export your subscription data for backup or analysis.
Delete Your Data: You can delete individual subscriptions or all data at any time.
Delete Account: The "Delete Account" feature provides comprehensive data deletion:
Deletes all subscriptions and associated data
Deletes all budget information
Deletes all calendar events created by the app (including recurring events)
Clears all app settings and preferences
Removes authentication data from Keychain
Deletes iCloud data (if iCloud sync was enabled)
Provides step-by-step progress feedback during deletion
Includes retry logic to ensure complete deletion
4.2 Privacy Settings
Crash Reporting: You can enable or disable crash reporting in app settings.
Analytics: Analytics are disabled by default and can be toggled in settings.
iCloud Sync: You can enable or disable iCloud sync at any time.
5. Children's Privacy
ConTrac is suitable for users of all ages. If you choose to use backend authentication, the app will process an email address for account-related purposes. We do not knowingly collect personal information from children without appropriate consent where required. We recommend parental supervision for users under 13 when managing financial information.
6. Third-Party Services
6.1 Apple Services
Sign in with Apple: If you use Sign in with Apple, authentication is handled by Apple. We do not receive your Apple ID credentials.
iCloud: If you enable iCloud sync, data is stored in your personal iCloud account, subject to Apple's iCloud Privacy Policy.
App Store: The App is distributed through the Apple App Store, subject to Apple's App Store Terms and Conditions.
6.2 Service Providers
If you use backend authentication and email verification/password reset, we use third-party service providers to operate and deliver essential emails. These providers process data on our behalf to provide the service (for example: email delivery).
We do not integrate with advertising networks or data brokers.
7. Data Breach Notification
In the unlikely event of a security breach affecting your locally stored data, we will notify you through the App or via email (if you have provided contact information) as soon as possible.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Notifying you through the App (if significant changes are made)
You are advised to review this Privacy Policy periodically for any changes.
9. International Data Transfers
If you use only local storage, there are no international data transfers by us. If you enable iCloud sync, your data may be stored in Apple's data centers, which may be located outside your country of residence, subject to Apple's iCloud Privacy Policy. If you use backend authentication, your account/authentication data may be processed and stored in the regions where our infrastructure and service providers operate.
10. California Privacy Rights
If you are a California resident, you have the right to:
Know what personal information is collected
Know whether your personal information is sold or disclosed and to whom
Access your personal information
Request deletion of your personal information
Opt-out of the sale of personal information (we do not sell personal information)
If you use backend authentication, you may request access to or deletion of your backend account data via the in-app delete account flow. We do not sell personal information.
11. GDPR Compliance (European Users)
If you are located in the European Economic Area (EEA), you have certain data protection rights:
Right to Access: You can access all your data within the app.
Right to Rectification: You can edit your data at any time.
Right to Erasure: You can delete your data at any time.
Right to Data Portability: You can export your data from the app.
Right to Object: You can disable optional features like crash reporting.
If you use backend authentication, we process limited personal data (email/name) to provide account functionality. You can request deletion via the in-app delete account flow.
12. Contact Us
If you have any questions about this Privacy Policy, please contact us via our support page:
By using ConTrac, you consent to this Privacy Policy. If you do not agree with this policy, please do not use the App.
This Privacy Policy is effective as of January 5, 2026, and was last updated on February 2, 2026. It will remain in effect except with respect to any changes in its provisions in the future, which will take effect immediately upon being posted on this page.