NossaConta

Privacy Policy

NossaConta is built to respect your privacy. This policy explains what data we collect, why, how we use it, and your rights.

Last updated: April 29, 2026

1. Who we are

NossaConta is a service operated by Cristiano Marcelo Moreira, based in Portugal ("we", "us", "NossaConta"). For privacy questions, reach us at moreirasamarcelo@gmail.com.

2. What we collect

2.1. Account data (via Clerk)

  • Name, email, profile picture (if provided by your identity provider)
  • Sign-up and last login timestamps
  • Clerk unique identifier

2.2. App data

  • Groups you create or belong to (name, type, invite code)
  • Expenses you record: amount, category, description, date, split
  • When you scan a Portuguese receipt: vendor tax ID, document number and date, total. We do NOT collect individual items.
  • Settlements
  • Preferences (chosen language)

2.3. Technical data

  • Error logs (no direct personal identification)
  • Aggregate usage events via Vercel Analytics (no tracking cookies, anonymized IP)

3. How we use the data

  • Operate the service (authenticate, show your groups and expenses, calculate balances)
  • Send push notifications related to your group (with your explicit consent)
  • Technical support when you contact us
  • Improve the app based on aggregate metrics
  • Comply with legal and tax obligations

4. Legal basis (GDPR)

  • Performance of contract (Art. 6(1)(b)): to operate the service you requested
  • Consent (Art. 6(1)(a)): for push notifications and aggregate analytics
  • Legitimate interest (Art. 6(1)(f)): for security and fraud prevention

5. Who we share with

  • Other group members: expenses you record are visible to all members of the same group. Your account data (name) is too.
  • Technical processors: Clerk (USA, DPF certified), Neon (EU), Vercel (EU/USA via SCCs), Stripe (EU/USA via SCCs).
  • We don't sell data. We don't use your data for advertising.

6. Retention

  • Account data and expenses: while your account is active
  • After account deletion: up to 30 days (to reverse accidental deletions), then permanently deleted
  • Technical logs: 30 days

7. Your rights (GDPR)

You have the right to:

  • Access your data
  • Rectify inaccurate data
  • Erasure ("right to be forgotten")
  • Data portability (export your data)
  • Object to processing
  • Withdraw consent at any time
  • Lodge a complaint with the CNPD (Portugal) or your local authority

To exercise any of these rights, email moreirasamarcelo@gmail.com. We respond within 30 days.

8. Cookies

We use only essential cookies for authentication (Clerk) and language preference. No tracking or advertising cookies. Vercel Analytics doesn't use cookies — just aggregate anonymous events.

9. Security

Data is transmitted over HTTPS and stored encrypted. Admin access is limited and audited. Still, no system is 100% safe — we recommend a strong password on your Google account.

10. Minimum age

Service is for users 16 and older (GDPR). In Brazil, minimum age is 13 with parental consent (LGPD).

11. Changes to this policy

If we change the policy, we'll notify you by email and in-app. The version in effect is always the one published on this page.

12. Contact

Data Protection Officer: Cristiano Marcelo Moreira, moreirasamarcelo@gmail.com