Tres Numeros Privacy Policy
Last Updated: April 15, 2025
This Privacy Policy explains how Nedeveon EOOD, the owner and operator of the Tres Numeros personal finance app and website (https://tresnumeros.com), collects, uses, and protects your personal data. Krasimir Nedev is the sole owner and responsible contact for any privacy-related inquiries. We are committed to protecting your privacy and ensuring compliance with the EU General Data Protection Regulation (GDPR).
By using the Tres Numeros mobile application (available exclusively on Apple's App Store for iOS) or visiting our website, you consent to the practices described herein.
1. Scope & Overview
Tres Numeros is a minimalistic personal finance app that lets you track your weekly, monthly, and yearly expenses.
Free Version:
Allows you to log expenses manually. Data is stored locally on your device and, if enabled, synced to your iCloud account via SwiftData.
Premium Version:
Offers additional features such as voice logging and photo expense logging. These premium features require an active subscription managed via RevenueCat. To link your subscription status across app usage, the app generates a unique, anonymous identifier which is stored securely in your device's Keychain.
For users with an active premium subscription, certain media files (voice recordings and photos) you upload to log expenses are transmitted from your device to our servers (hosted on Hetzner in Europe) for immediate analysis.
2. Information We Collect and How We Use It
A. Free Version
Expense Logging (Manual):
- Data Collected: Expense amounts, dates, and any manually entered notes or categories.
- Storage: All such data remains on your device and is automatically synced and backed up via Apple's iCloud (using SwiftData) when enabled.
- Purpose: To let you keep track of your finances locally with minimal data collection.
No Personal Identifiers Required:
You are not required to provide any personal data (name, email, etc.), and no such data is collected by Tres Numeros for the free features.
B. Premium Version
Subscription Management:
- Unique Identifier: To enable premium features, the app generates a unique, anonymous identifier specific to your app installation. This ID is stored securely in your iOS Keychain.
- Subscription Verification: We use RevenueCat to manage and validate premium subscriptions. When checking subscription status, the app sends this anonymous unique identifier to RevenueCat. RevenueCat uses this ID and your App Store receipt data to verify your purchase, without processing further personal identifiers.
Premium Features:
- Voice Logging: When you use the premium voice logging feature, the voice recording you upload is sent to our servers and forwarded to the Google Gemini API for transcription. The recorded data is processed only to convert your spoken words into text for logging your expenses.
- Photo Logging: Similarly, if you log expenses using photos, your chosen image is sent from the app to our servers and then passed to the Google Gemini API for image analysis (such as extracting relevant expense details from receipts).
Technical Data and Security:
- When you use the app or visit our website, technical details like your IP address, device type, and timestamps may be recorded. We do not use cookies, advertising networks, or third-party trackers. Such data is solely used for security purposes and to ensure reliable service operation.
3. Legal Bases for Data Processing (GDPR)
We process your personal data based on the following legal grounds:
Performance of a Contract (Article 6(1)(b) GDPR):
When you subscribe to premium features, we process the unique anonymous identifier and associated subscription data via RevenueCat to deliver the services you have requested.
Legitimate Interests (Article 6(1)(f) GDPR):
Our legitimate interests include:
- Security: Protecting our services using measures like logging IP addresses via Cloudflare to detect and prevent DDoS or bot attacks.
- Service Improvement: Ensuring Tres Numeros operates efficiently, including handling technical logs for troubleshooting.
Legal Obligation (Article 6(1)(c) GDPR):
We may process your data to comply with legal obligations, such as responding to valid legal requests.
For non-essential data (such as the voice or photo uploads), processing is solely to provide the requested functionality and no data is retained beyond processing.
4. How We Store and Protect Your Data
Data Storage Locations:
- Primary Storage: The anonymous unique identifier associated with your premium subscription status is linked on secure servers hosted by Hetzner in Europe. No other personal data is stored server-side.
- Keychain Data: The unique identifier itself is stored on your device within the secure iOS Keychain.
- iCloud Data: Expense entries on the free version that are synced via Apple's SwiftData remain on your iCloud account.
Security Measures:
- All transmissions between your device and our servers are encrypted using HTTPS/TLS.
- Cloudflare is used to safeguard our website and API endpoints against malicious traffic.
- Premium voice/photo data is processed transiently and is not permanently stored on our servers.
Third-Party Data Processing:
- Apple, RevenueCat, and Cloudflare operate under agreements that require them to adhere to GDPR.
- The Google Gemini API processes voice recordings and photos only to produce transcription or image analysis outcomes. Although we expect that Google retains such media only temporarily, please consult Google's privacy policies for further details.
- The unique anonymous identifier is shared with RevenueCat for subscription validation.
5. Third-Party Services & International Transfers
We work with several trusted third-party services to operate Tres Numeros. Their roles include:
- Apple: Handles app distribution, iCloud storage, and your app subscription settings.
- RevenueCat: Validates premium subscriptions using the anonymous unique identifier.
- Hetzner: Hosts our backend servers in Europe.
- Cloudflare: Provides security and performance services.
- Google Gemini API: Processes voice recordings and photos transiently.
Any personal data transferred to these third parties is only what is necessary to deliver the service. Your data may be transferred internationally (e.g., to Google or RevenueCat servers), but appropriate GDPR safeguards (including Standard Contractual Clauses) are in place.
6. Data Retention
Subscription Data: The link between the anonymous unique identifier and your premium subscription status is retained on our servers as long as your premium subscription is active or as needed to provide the service. This link is necessary to verify your access to premium features. If you delete the app, the identifier stored in the Keychain may persist, allowing subscription restoration upon reinstallation. If you wish to ensure complete dissociation, you may need to manage Keychain items directly or contact support. This data does not include personal identifiers. Local expense data stored on your device or in iCloud is managed by you and Apple's iCloud policies.
7. Your Rights Under GDPR
As a user within the EU or subject to GDPR, you have the following rights:
- Right of Access: You can request a copy of your data.
- Right to Rectification: You can request that we correct any inaccuracies in your data (though we don't store any data beyond the anonymous ID).
- Right to Erasure: You can request the deletion of the data associated with your unique identifier from our servers by contacting us. Note that this will prevent access to premium features unless a new subscription is linked. Deleting the app does not automatically delete this server-side association.
- Right to Restrict Processing: You can request that we stop processing your data.
- Right to Object: You can object to the processing of your data based on our legitimate interests.
- Right to Data Portability: You can request a copy of your data.
- Right to Withdraw Consent: You can withdraw your consent to our processing of your data.
8. Changes to This Privacy Policy
We may update this policy periodically to reflect changes in our practices or legal requirements. We will update the "Last Updated" date at the top and, if the changes are significant, we may notify you via the app or our website.
9. Contact Us
Nedeveon EOOD (Attn: Krasimir Nedev)
Email: [email protected]
Address: Varna, Bulgaria (full address available upon request)
10. Conclusion
By using Tres Numeros, you confirm that you understand and agree to this Privacy Policy. We are committed to protecting your privacy and ensuring that your data is handled securely and in compliance with GDPR and other relevant laws.
Note: While Tres Numeros ensures that voice recordings and photos used for premium logging are not stored, Google's processing of these files through the Gemini API is governed by its own privacy policies. We encourage you to review Google's documentation for further details.
This policy is intended to be clear and informative while meeting the necessary legal requirements. If you have further questions or need additional clarification, please do not hesitate to contact us.