ccount

Legal

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how DXP Analytics Private Limited (“we”, “us”, “our”) collects, uses, and protects your information when you use the ccount mobile application (“the App”). We are committed to protecting your privacy and handling your data with transparency.

1. Who we are

ccount is operated by DXP Analytics Private Limited, a company incorporated in Bengaluru, India. If you have any questions about this policy, contact us at support@ccount.app.

2. What data we collect

We collect the minimum data needed to provide the service:

  • Name — used to identify you within the app and to your group members.
  • Email address or phone number — used for account authentication and essential service communications.

We do not collect your location, contacts, payment information, device identifiers, or any other personal data beyond the above.

3. How we use your data

Your data is used solely to:

  • Create and manage your account.
  • Display your identity to group members you have connected with.
  • Send essential account communications (password reset, deletion notices).
  • Investigate and resolve support requests.

We do not use your data for marketing, profiling, or any purpose beyond providing the ccount service.

4. Data sharing and selling

We do not sell, rent, or share your personal data with third parties for advertising or any commercial purpose. Your data is not used to build advertising profiles.

We may share data with service providers who help us operate the App (listed below), under strict data processing agreements that prohibit them from using your data for their own purposes.

5. Infrastructure and third-party services

Supabase (PostgreSQL)

Your account data and expense records are stored in a Supabase database hosted on AWS infrastructure. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Row-level security ensures no user can access another user's data.

Amazon Web Services (AWS)

Underlying cloud infrastructure. AWS processes data under our instructions and is subject to data processing agreements.

Sentry (EU)

We use Sentry for error monitoring. Our Sentry instance is hosted in the European Union. Error reports may contain limited technical information (device type, OS version, app version) but do not include personal data such as names or contact details.

Google AdMob

The free tier of ccount displays banner advertisements served by Google AdMob. We use non-personalized ads only. However, Google may still collect some device-level data (such as device identifiers and IP address) for ad delivery, fraud prevention, and analytics purposes. This data collection is governed by Google's own Privacy Policy. Ads are shown only within the App; this website does not serve AdMob ads.

Vercel Analytics

This website uses Vercel Analytics for traffic insights. Vercel Analytics is privacy-focused and does not use cookies or collect personal data.

6. Cookies

The ccount website uses only essential cookies for session management and theme preference (via next-themes). No tracking or advertising cookies are used. See our Cookie Policy for full details.

7. Data retention

We retain your personal data for as long as your account is active. If you delete your account, your personal data (name, email/phone, credentials, preferences) is permanently erased within 30 days. Anonymized expense records (“Deleted User”) may be retained to preserve the integrity of other users' financial records.

8. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of your personal data.
  • Correction — request correction of inaccurate data.
  • Deletion — request deletion of your account and personal data (available in-app under Settings → Account → Delete Account, or by emailing us).
  • Portability — download a full export of your data before deleting.
  • Objection — object to processing in certain circumstances.

To exercise any of these rights, contact us at support@ccount.app.

9. Regulatory compliance

We are committed to compliance with applicable data protection laws, including:

  • GDPR — General Data Protection Regulation (European Union)
  • UK DPA 2018 — UK Data Protection Act
  • CCPA — California Consumer Privacy Act (United States)
  • DPDP Act 2023 — Digital Personal Data Protection Act (India)
  • LGPD — Lei Geral de Proteção de Dados (Brazil)
  • Australian Privacy Act 1988

10. Age requirement

ccount is intended for users aged 13 and over. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

11. Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.2+ in transit, row-level database security, and EU-hosted error monitoring. See our Security page for full details.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notification or email. The “Last updated” date at the top of this page will always reflect the most recent revision. Continued use of the App after changes constitutes acceptance.

13. Contact

DXP Analytics Private Limited
support@ccount.app