Acounta Privacy Policy

A personal finance ledger designed to keep your financial life private.

Effective date: May 19, 2026 Version 3.3

Summary

Acounta is a personal finance ledger developed by Pixun.dev. It is designed to minimize centralized data collection and keep users in control of their own records.

Acounta does not require account registration to use the app.
Your transactions, invoices, debts, budgets, contacts, receipt photos, settings, and backups are stored locally on your device unless you choose to export, share, or sync them.
Cross-device sync is optional and disabled by default.
When sync is enabled, messages are end-to-end encrypted. Our relay server cannot read your financial content.
We do not ask for your name, phone number, email address, precise location, or payment information to use the app.
We do not sell personal data, show ads, or use advertising trackers.

1. Who We Are

Acounta is developed and maintained by Pixun.dev.

Email: developer@pixun.dev
Website: acounta.pixun.dev

2. Minimum Age

Acounta is suitable for users aged 9 years and older as a general content age rating. It is a personal finance utility and is not designed, marketed, or submitted as a children-only app.

Users under 13 should use the app only with a parent or guardian. Acounta does not include advertising, public social features, open chat, user-generated public content, or behavioral tracking.

3. Data We Handle

Short version: Your financial records never leave your device unless you explicitly export or back them up. We never see your transactions, balances, contacts, or receipt photos. We have no account system, so we don't know who you are.

3.1 What stays on your device

Everything you enter into Acounta is stored locally on your device:

Transactions, expenses, income, debts, and invoices — with all amounts, notes, and dates.
Budgets, categories, balances, and app settings.
Contacts you select from your phonebook for transaction records.
Receipt or invoice photos you attach.
Your PIN, if you set one, stored in a protected local form.
Encrypted backup files you create.

None of this ever reaches our servers unless you use an optional feature that explicitly moves data — like cloud backup or sync.

3.2 Optional: Google Drive backup

Disabled by default. Nothing is uploaded until you turn this on.

When you enable Google Drive backup, your data goes to your own Google account — not our servers. Specifically:

The backup file is encrypted on your device before upload. We do not hold the encryption key.
The file lands in a private app folder in your Drive that is invisible to you and inaccessible to any other app.
Receipt photos are optionally synced to a private subfolder inside that same hidden folder.
We only use Google Sign-In to get Drive access. We never see or store your Google account password or profile.

Your Google account data is governed by Google's Privacy Policy.

3.3 Optional: Cross-device sync

Disabled by default. Our server receives nothing from you until you enable sync.

When you link two devices, our relay server acts as a secure mailbox: it holds your encrypted messages just long enough to deliver them to your other device, then deletes them. It cannot read the contents.

To make this work, the relay stores a small routing record per device:

What is stored	Why
A random device ID assigned by the server	Identifies which device should receive each message
A public encryption key	Lets the other device seal messages so only you can open them
Your selected currency code	Used for routing only
Last activity timestamp	Lets us clean up records that have been inactive for 12 months

Your name, email, phone number, financial records, and contacts are never part of this routing data. Messages in transit are end-to-end encrypted and deleted after delivery (or after 3 days if undelivered).

3.4 Anonymous app diagnostics

To help us fix bugs and understand which devices and features we need to support, the app automatically sends a small amount of non-personal technical information to our server. None of your financial data, contacts, or photos are ever part of this.

What is sent	When	Contains financial data?	Linked to your identity?
Device model, OS version, app version, language, currency code	On first launch and every ~30 days	No	No — combined into an anonymous fingerprint
Feature usage counters (e.g. number of transactions created, whether backup is on)	Once per day	No — counts only, no amounts or descriptions	No — tied to a random local ID, not to you
Error type and stack trace if the app crashes or hits a bug	When an error occurs	No — code paths only, not your records	No — includes only the same anonymous device info above

Think of this as the kind of information your TV or browser sends when checking for updates — it tells us what hardware and versions exist in the wild, nothing more.

You can opt out of usage reports. Go to Settings → Privacy & Diagnostics and turn off Usage reports. This stops both the daily analytics batch and the periodic device record from being sent. Error reports remain active to help us fix bugs that affect you — they never include financial data.

3.5 Feedback you choose to send

If you use the in-app feedback form, only what you type is sent — the message text, the category (e.g. "suggestion"), and the platform (Android/iOS). There is no name, account, or contact attached. Please don't include personal or financial information in feedback messages. Submissions are rate-limited to 10 per week.

When you merge two product names in the product catalog (marking one as an alias of the other), the app sends the alias name and your selected currency code to our server to reduce that name's prominence in the shared suggestion list. No price, quantity, transaction record, or identity is included.

4. Permissions

Permission	Use	Optional?
Internet and network state	Sync relay communication and diagnostic reports. Network state is checked to defer sync when the device is offline.	The app can be used offline, but online features require it.
Contacts	Lets you select a contact when creating a transaction.	Yes.
Camera	Scans QR codes for device linking and captures receipt photos.	Yes.
Photos or media library	Lets you attach existing receipt or invoice images.	Yes.
Google account (Drive scope)	Uploads encrypted backups and attachment photos to your private Drive app folder.	Yes — only if you enable Google Drive backup.

We do not request microphone, precise location, health, calendar, or similar unrelated sensitive permissions.

5. Security

Server communication uses HTTPS.
Sync messages are end-to-end encrypted before reaching our relay server.
Digital signatures help detect forged or modified messages.
Optional PIN protection can restrict local app access.
Manual backup files are encrypted with a password you choose.

No system can be guaranteed perfectly secure. Please protect your device, PIN, and backup passwords.

6. Third Parties

We operate our own relay server at pixun.dev. This server receives sync routing records (section 3.3), anonymous app diagnostic data (section 3.4), and user-submitted feedback (section 3.5). It does not receive financial content or personal identity information.

We use hosting infrastructure to operate this server. The host cannot read end-to-end encrypted sync message contents.

We do not use Google Analytics, Firebase Analytics, Facebook SDK, AdMob, advertising networks, or behavioral marketing SDKs in Acounta.

7. Retention

Data type	Retention period
Local financial data	Until you delete it, clear app data, or uninstall the app.
Delivered sync messages	Deleted after delivery.
Undelivered sync messages	Deleted after 3 days.
Inactive sync identifiers	Deleted after 12 months of inactivity.
Google Drive backup files	Until you delete them from your Drive or from within the app.
Device registration record	Deleted after 12 months of inactivity.
Anonymous analytics batches	Aggregated counters retained indefinitely; per-installation hash retained while active.
Error reports	Usually deleted after the underlying bug is fixed. Unresolved reports are deleted after 6 months, unless the error recurs frequently (10+ times), in which case they may be retained longer.

8. Deleting Your Data

This section explains how Acounta users can delete their app data and how optional sync routing records are removed.

Your financial data is local. The most important deletion controls are on your own device.

8.1 Delete local data

Open the app, go to Settings, and use the "Delete all data" option to remove transactions, invoices, debts, budgets, contacts, and related local records. This action requires an explicit confirmation.
Uninstalling the app removes local app data from the device according to your operating system behavior.
On Android, you may also clear app data from system settings.
Encrypted backup files you created must be deleted from wherever you saved or shared them.

8.2 Delete sync data

If you enabled sync, the relay may retain your random sync identifier, public key, selected currency, last activity timestamp, and related routing data. Inactive sync records are automatically deleted after 12 months.

Because Acounta does not collect your name, email address, phone number, login account, or other identity information, we do not have a reliable way to know who owns a specific sync identifier.

For this reason, we cannot delete a specific sync identifier based on an email request. Sync routing records are removed by app controls when available and by automatic cleanup after inactivity.

9. Your Controls

Acounta is designed so that you control most of your data directly on your own device.

You can view and edit your records directly inside the app.
You can export your data using the app's backup feature, when available in your version.
You can delete local data from the app, your device settings, or by uninstalling the app.
You can choose not to enable sync, or disable it if your version supports that option.
You can turn off usage reports at any time from Settings → Privacy & Diagnostics.
You can contact us with privacy questions about sync routing records.

10. Changes to This Policy

We may update this policy when the app, our infrastructure, or our privacy practices change. Updates will be posted on this page with a new effective date.

11. Free App Disclaimer

Acounta is provided as a free personal finance tool. We try to keep the app private, simple, and useful, but it is provided as-is and without paid support, uptime guarantees, data recovery guarantees, legal advisory services, or compensation for losses.

You are responsible for protecting your device, keeping your backup files and passwords safe, checking your own financial records, and deciding whether the app is suitable for your needs.

Manual support questions are handled when reasonably possible. Because the app is free, we cannot guarantee a fixed response time or provide services that create additional operational, legal, or financial cost.

12. Contact

For privacy questions or security concerns, contact us at:

Email: developer@pixun.dev
Website: acounta.pixun.dev

We will try to respond when reasonably possible, but response times are not guaranteed.