Privacy Policy for Expense Hunter

Effective Date: 18.08.2025

Last Updated: 18.08.2025

1. Introduction

Welcome to Expense Hunter! This Privacy Policy explains how Recherche Ventures e.U. ("we," "us," or "our") collects, uses, shares, and protects your personal data when you use our services. We are committed to protecting your privacy and handling your data in an open and transparent manner.

This policy is written in accordance with the General Data Protection Regulation (GDPR) of the European Union.

2. Data Controller

The data controller responsible for your personal data is:

Recherche Ventures e.U.
Represented by Marc Fenz
Alfred-Coßmann-Gasse 14/2
8054 Graz, Austria
Email: contact@expensehunter.com

Legal Details:

  • Business Focus: Information Technology
  • Company Registry Number: FN 659947k
  • Registry Court: Landesgericht für Zivilrechtssachen Graz

3. What Personal Data We Collect and Why

We only collect personal data that is necessary to provide and improve our service. The data we process is based on the information you provide to us and data generated through your use of our service.

A. Account and Identity Information

Data Points: A unique user ID, a username, an email address, and a securely hashed password. We may also store other profile information you choose to provide in an encrypted format.

Purpose: To create your account, authenticate you when you log in, provide customer support, and send you important service-related communications (e.g., security alerts, password resets).

Legal Basis (GDPR): Performance of a contract (our Terms of Service with you). The provision of this data is necessary for the performance of our contract with you. Failure to provide this essential information will result in you being unable to create an account and use the Expense Hunter service.

B. Financial and Transactional Data

Data Points: Transaction details (such as title, description, amounts, currency, date), categories, and tags you create, information about who participated in a transaction, and details of shared ledgers.

Purpose: To provide you with the core features of our service, such as expense tracking, budgeting, and bill splitting.

Legal Basis (GDPR): Performance of a contract.

Important Note on Personal and Sensitive Data: Our service is designed for tracking expenses, not for storing detailed personal records. Users should provide anonymized data where possible (e.g., use "Medical Bill" instead of a specific doctor's name and condition). Providing sensitive personal data to our service is strictly forbidden. "Special Categories of Personal Data" under GDPR include data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or data concerning a person's sex life. By using our service, you agree not to upload or input such sensitive information.

C. Technical and Usage Data

Data Points: Your IP address, application version, and operating system version. We also log your interaction with the service, such as when you select a ledger or asset.

Purpose: To ensure the security of our service (e.g., fraud prevention), to diagnose technical problems, and to analyze usage patterns for service improvement.

Legal Basis (GDPR): Legitimate interest (for security and service improvement) and performance of a contract (for service functionality).

D. Collaboration and Sharing Information

Data Points: User IDs of people you invite to share resources (like ledgers), the permissions you grant them, and your relationship to transactions.

Purpose: To enable the sharing and collaboration features of our service.

Legal Basis (GDPR): Performance of a contract.

E. Feedback and Communications

Data Points: Your user ID (if logged in), the content of your message, and associated technical data (IP address, app version, device information).

Purpose: To respond to your inquiries and to use your feedback to improve our service.

Legal Basis (GDPR): Legitimate interest (to improve our service and provide support).

4. Data Security

We take the security of your data very seriously. We implement robust technical and organizational measures to protect your personal data, including encryption of sensitive data, hashing of account credentials, and strict access controls.

5. Data Retention and Deletion

We are committed to retaining your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

A. Active Account

While your account is active, we retain your personal data as described in Section 3 to provide you with the full functionality of the Expense Hunter service.

B. Account Deletion and Personal Data

You have the right to delete your account at any time. When you initiate an account deletion request, we will permanently delete or fully anonymize all personal data that belongs solely to you within a reasonable period, not to exceed 90 days. This includes your Account and Identity Information and all non-shared ledgers, transactions, categories, and tags.

C. Important Exception: Data in Shared Resources

Please be aware that any data you have contributed to a shared resource (such as a shared ledger) will not be automatically deleted when you delete your account. Your personal association with that data will be removed (i.e., it will be anonymized), but the transactional data itself will remain in the shared resource for the other members to see. This is necessary to maintain the integrity of their financial records. If you wish to remove specific entries from a shared resource, you must do so manually before deleting your account.

D. Additional Retention Periods

In specific circumstances, certain data may be retained or anonymized after your account has been deleted:

  • Feedback and Communications: Upon account deletion, we anonymize any feedback or support communications you have sent us. This means we remove the link to your user account and any personal identifiers from the communication record. We retain the anonymized content of the message itself to track issues, analyze user needs, and improve our service.
  • Legal Obligations: Where we are required by law (e.g., Austrian commercial or tax laws), we may need to retain certain data for a legally mandated period (typically 7 years).
  • Security and Service Integrity: We retain technical and security logs (which may include IP addresses) for a limited time (e.g., up to 180 days) to protect the security of our service, prevent fraud, and diagnose technical issues.
  • Anonymized Data for Analytics: We may anonymize your usage data and aggregate it with other anonymized data for statistical analysis to improve our service. This is no longer considered personal data under GDPR.

6. Your Rights Under GDPR

As a user in the EU, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data.
  • Right to Restrict Processing: You can request that we limit the way we use your data.
  • Right to Data Portability: You can request a copy of your data in a machine-readable format.
  • Right to Object: You can object to our processing of your data where we are relying on legitimate interests.

To exercise any of these rights, please contact us at contact@expensehunter.com. We will respond to your request within one month.

7. Data Sharing and Third Parties

We do not sell your personal data. We only share your data with trusted third-party service providers (Data Processors) who are essential for operating our service. We have data processing agreements in place with these providers to ensure they protect your data.

Our key third-party providers are:

  • Cloud & Server Hosting: Our application and your data are hosted on servers provided by Netcup GmbH (Germany) and Amazon Web Services (AWS) (Frankfurt, Germany Region).
  • Email Service Provider: We use Netcup servers and Amazon Simple Email Service (SES) to send you essential service-related emails, such as password resets and security notifications.

8. International Data Transfers

Our primary data processors (Netcup, AWS Frankfurt) are located within the European Union, ensuring your data is protected under GDPR. If we were to engage a processor outside the EU/EEA, we would ensure that the transfer is lawful and that your data is protected by appropriate safeguards, such as the EU's Standard Contractual Clauses (SCCs).

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and, where appropriate, through email.

10. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, please contact us at:

Recherche Ventures e.U.
Email: contact@expensehunter.com

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde).