Privacy Policy

Effective date: February 25, 2026

MariBank Tracker (“we”, “our”, or “the app”) is committed to protecting your privacy. This Privacy Policy explains what information we access, how we use it, and how we keep it safe.

The short version: Your financial data never leaves your phone. We don’t have servers, we don’t collect your transactions, and we can’t see your spending. Everything stays on your device.

🔍Information We Access

When you sign in with Google, the app requests read-only access to your Gmail account. Specifically, we access:

  • Email notifications from MariBank (alerts@maribank.com.ph) containing card and ATM transaction details
  • Email notifications from SeaBank (alerts@seabank.com.ph) containing bank transfer details

We do not access, read, or process any other emails in your inbox. The app filters strictly by sender address and only parses transaction-related content.

📡How We Use Your Information

The transaction data extracted from your emails is used exclusively to:

  • Display your spending totals (daily, weekly, monthly)
  • Show your transaction history (card purchases, ATM withdrawals, bank transfers)
  • Generate your annual spending heatmap
  • Provide monthly spending breakdowns

All processing happens locally on your device. No transaction data is sent to any external server, analytics service, or third party.

📱Data Storage

All your transaction data is stored in a local SQLite database on your device. This means:

  • Your data exists only on your phone
  • We have no ability to access, view, or retrieve your financial data
  • Uninstalling the app permanently deletes all stored transaction data
  • No backups of your transaction data are made to any cloud service by the app

🔐Authentication & Credentials

Your Google authentication tokens are stored using your device’s secure keychain (via Expo SecureStore), which provides hardware-level encryption. We never:

  • Store your Google password
  • Share your authentication tokens with third parties
  • Transmit credentials to any external server

The app communicates directly with the Gmail API using your device. There is no intermediary backend server.

🚫What We Don't Collect

We want to be clear about what we do not do:

  • We do not collect, store, or transmit your personal data to any server
  • We do not use analytics or tracking SDKs that monitor your behavior
  • We do not sell, share, or monetize your data in any way
  • We do not read, modify, or delete any emails in your Gmail account
  • We do not access any emails outside of MariBank and SeaBank notifications
  • We do not store your email content — only the parsed transaction details (amount, merchant, date, type)

💰Subscriptions & Payments

MariBank Tracker offers a subscription to unlock full features. Subscriptions are managed entirely through the Apple App Store or Google Play Store. We do not process, store, or have access to any payment information such as credit card numbers or billing details.

Subscription management (including cancellation) is handled through your device’s app store settings.

🤝Third-Party Services

The app interacts with the following third-party services:

  • Google Sign-In & Gmail API — Used for authentication and reading transaction notification emails. Subject to Google’s Privacy Policy.
  • Superwall — Used for managing the in-app subscription paywall. Superwall may collect anonymized usage data related to paywall interactions. Subject to Superwall’s Privacy Policy.
  • Apple App Store / Google Play Store — Used for processing subscription payments.

🔒Google API Services Disclosure

MariBank Tracker’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Gmail data to provide the expense tracking features described in this policy
  • We do not transfer Gmail data to third parties unless necessary to provide the app’s features, required by law, or with your explicit consent
  • We do not use Gmail data for advertising purposes
  • Humans do not read your Gmail data — all parsing is automated and happens locally on your device

👤Your Rights & Choices

You are in full control of your data at all times:

  • Revoke access — You can revoke the app’s Gmail access at any time through your Google Account permissions
  • Delete your data — Use the “Delete Account” option in the app’s Settings to remove all stored data
  • Uninstall — Uninstalling the app removes all locally stored data from your device

👶Children's Privacy

MariBank Tracker is not intended for use by children under the age of 13. We do not knowingly collect information from children under 13.

📝Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the app or by other appropriate means. Your continued use of the app after changes are posted constitutes your acceptance of the updated policy.

📬Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

support@kashi.dev