Privacy Policy
Last updated: March 2026
Summary: Hesappo collects your expense data only to provide the service to you. We do not sell or share your data for marketing purposes.
1. Data Controller
This policy is prepared by Hesappo ("we", "the app") in accordance with applicable data protection laws. We commit to fulfilling all legal obligations as the data controller.
Contact: info@hesappo.com
2. Personal Data Collected
Under the principle of minimal data collection, only data necessary for the service is processed:
- Identity & account: Name, email address, encrypted password
- Group & expense data: Groups you create, expense records, and group member names
- Technical data: IP address, browser type, pages visited, session duration (anonymous statistics)
- Payment data: Shopier order number — card information is NOT stored by Hesappo
3. Purpose of Data Processing
Your personal data is processed for the following purposes:
| Purpose | Legal Basis | Data |
|---|---|---|
| Account creation and management | Contract performance | Identity, email |
| Providing group expense tracking service | Contract performance | Group & expense data |
| Password reset and notification emails | Contract performance | |
| Premium activation | Contract performance | Email, order no |
| Anonymous usage statistics | Legitimate interest | Technical data (anonymous) |
4. Data Sharing
Your personal data is never sold or shared for marketing purposes. It may only be shared with:
- Infrastructure providers: Database and email servers (as data processors, under compliant agreements)
- Shopier: To verify Premium purchases (order number only)
- Authorities: When required by court order or legal obligation
5. Data Security
- Passwords are hashed with bcrypt — never stored in plain text
- All communication is encrypted with TLS/HTTPS
- Database access is limited to authorized system administrators
6. Retention Period
Your data is retained for as long as your account is active. When you delete your account, your personal data is permanently deleted or anonymized within 30 days.
7. Your Rights
You have the right to:
- Learn whether your personal data is being processed
- Request information about processed data
- Request correction of incorrect or incomplete data
- Request deletion or destruction of your data
- Object to automated processing results
To exercise these rights, write to info@hesappo.com with identity verification. Your request will be answered within 30 days.
8. Contact
For questions about our privacy policy: info@hesappo.com