Skip to content
Back to Home

Privacy Policy

Last Updated: January 31, 2026

1. Introduction

Froogal Club ("we," "our," or "us") operates the Froogal Club application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. This policy applies to all users worldwide, including those in the European Economic Area (EEA), the United Kingdom, and other jurisdictions with data protection laws.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, profile image (if provided via Google OAuth), and optionally your age. This information is necessary to provide the Service and communicate with you.

2.2 Expense Data

We store the expense data you create or upload, including amounts, dates, categories, payment methods, notes, tags, and associated receipt images or voice recordings. This data is essential for providing the expense tracking functionality.

2.3 AI Inputs

When you use AI-powered features, we process the content you provide, including text prompts describing expenses, receipt images uploaded for scanning, and voice recordings for transcription. This content is sent to our AI provider for expense extraction and is stored temporarily during processing.

2.4 Usage Data

We collect information about how you use the Service, including pages visited, features used, interaction timestamps, and general usage patterns. This helps us understand how our Service is being used and identify areas for improvement.

2.5 Device and Session Information

We automatically collect certain technical information when you use the Service, including your browser type, operating system, IP address (collected through session management), and device identifiers. This information is used to maintain security, ensure compatibility, and prevent abuse.

2.6 Payment Information

Payment processing is handled by Dodo Payments. We do not collect, store, or have access to your credit card number, CVV, or other full payment card details. We store records of transactions (such as purchase dates, amounts, and product information) for service delivery and accounting purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, and maintain the expense tracking Service, including storing and displaying your expense data.
  • AI-Powered Extraction: To process your text, images, and audio through Qwen AI (DashScope/Alibaba Cloud) for automatic expense extraction and categorization.
  • Analytics and Insights: To generate spending charts, trends, summaries, and other analytical features within your dashboard.
  • Payment Processing: To process subscription payments and credit pack purchases via Dodo Payments, and to manage your credit balance.
  • Communication: To send transactional emails (such as account verification, password resets, and payment receipts) via Resend.
  • Service Improvement: To analyze usage patterns and improve the Service using PostHog analytics and Axiom application logging.
  • Security: To detect, prevent, and address technical issues, fraud, or other illegal activities.

4. AI Processing

Our Service uses artificial intelligence to automatically extract expense information from your inputs. Please be aware of the following:

  • Your text prompts, receipt images, and voice recordings are sent to Qwen AI, operated by Alibaba Cloud (DashScope), for expense extraction. This processing occurs on Alibaba Cloud's infrastructure.
  • AI responses and extraction results may be stored temporarily to maintain accuracy and improve our extraction service over time.
  • Receipt images and voice recordings you upload are stored on Cloudflare R2 object storage and are accessible via time-limited presigned URLs.
  • We recommend that you do not include sensitive personal information (such as Social Security numbers, full credit card numbers, or government ID numbers) in text prompts, uploaded images, or voice recordings.

5. Third-Party Services

We use the following third-party services to operate our Service. Each provider has their own privacy policy governing how they handle data:

  • TiDB Serverless (PingCAP): Database hosting. Your account data, expenses, categories, payment methods, and preferences are stored on TiDB's MySQL-compatible serverless infrastructure.
  • Cloudflare R2: File storage for receipt images and voice recordings. Files are stored securely and accessed via presigned URLs.
  • Qwen/DashScope (Alibaba Cloud): AI processing for expense extraction from text, images, and audio.
  • Dodo Payments: Payment processing for subscriptions and credit pack purchases. Dodo Payments handles all payment card data in compliance with PCI DSS standards.
  • Resend: Transactional email delivery for account verification, password resets, and service notifications.
  • PostHog: Product analytics to understand feature usage and improve the Service.
  • Axiom: Application logging for monitoring performance, detecting errors, and ensuring reliability.
  • Aiven Valkey: Distributed caching for performance optimization. Cached data is transient and does not persist permanently.
  • Vercel: Application hosting and deployment infrastructure.

6. Data Storage & Security

We implement industry-standard security measures to protect your data:

  • Database Security: Your data is stored on TiDB Serverless, a MySQL-compatible database with SOC 2 Type II compliance, automatic backups, and enterprise security features.
  • File Storage: Receipt images and voice recordings are stored on Cloudflare R2 with presigned time-limited access URLs.
  • Encryption in Transit: All connections to our Service use SSL/TLS encryption to protect data during transmission.
  • Rate Limiting: Sensitive operations are rate-limited to prevent abuse and unauthorized access.
  • Distributed Locking for Financial Operations: Credit deductions and financial transactions use distributed locking (via Aiven Valkey) with database row-level locking to prevent race conditions and ensure data integrity.

While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of any inaccurate or incomplete personal data.
  • Right to Erasure: You can request deletion of your personal data by deleting your account. Upon account deletion, your data will be removed within 30 days.
  • Right to Data Portability: You can request to export your data in a structured, commonly used, machine-readable format.
  • Right to Restrict Processing: You can request that we limit how we use your data in certain circumstances.
  • Right to Object: You can object to our processing of your personal data for specific purposes, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at privacy@expenseai.app. We will respond to your request within 30 days. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection supervisory authority.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Active Account Data: Retained for as long as your account is active and in use.
  • Deleted Account Data: Removed from our systems within 30 days of account deletion, except where retention is required by law.
  • AI Response Logs: Retained for up to 90 days for accuracy monitoring and service improvement purposes.
  • Payment Records: Retained as required by applicable financial and tax regulations.
  • Analytics Data: Anonymized after 12 months and no longer linked to your identity.

9. Cookies & Tracking

We use the following types of cookies and tracking technologies:

  • Essential Cookies: Required for session authentication and the basic functioning of the Service. These cannot be disabled.
  • Analytics Cookies (PostHog): Used to understand how users interact with the Service. These are blocked until you provide consent via our cookie banner.
  • Performance Cookies (Axiom Web Vitals): Used to monitor application performance and detect errors. These are blocked until you provide consent via our cookie banner.

You can manage your cookie preferences at any time through our cookie banner or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.

10. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we discover that a child under 16 has provided us with personal data, we will delete such information promptly. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at privacy@expenseai.app.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. By using our Service, you consent to such transfers. We take appropriate safeguards to ensure your data is treated securely and in accordance with this Privacy Policy, including relying on standard contractual clauses approved by the European Commission where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by sending an email to the address associated with your account and by updating the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@expenseai.app

Data Protection Officer: dpo@expenseai.app

For security-related inquiries, please contact security@expenseai.app. For legal matters, please contact legal@expenseai.app.