Privacy Policy

1. Introduction

Nett ("we", "us", "our") is a personal finance and net worth tracking application available on the web, Google Play Store, and Apple App Store. We are committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR), the California Consumer Privacy Act (CCPA), and applicable Google Play and Apple App Store policies.

By using Nett, you agree to the practices described in this policy. If you do not agree, please do not use the app.

2. Data Controller

The data controller responsible for your personal data is:

Nett
Email: privacy@nett.finance

If you have any questions about this Privacy Policy or how we handle your data, please contact us at the email address above.

3. Data We Collect

3.1 Account Data

When you create an account using Firebase Authentication, we collect:

Email address
Display name (if provided via Google Sign-In)
Authentication provider (email/password or Google)

We do not have access to your Google account password. Authentication is handled entirely by Google Firebase.

3.2 Financial Data You Enter

You may voluntarily enter the following types of data:

Asset holdings (stocks, cryptocurrency, property, vehicles, trading cards, cash accounts, pensions, bonds, commodities, collectibles)
Debt information (credit cards, loans, overdrafts, mortgages)
Transactions and spending records
Budget and savings goal information
Income details
Watchlist items
Subscription and membership information

All financial data is entered by you voluntarily. We do not access your bank accounts, read your emails, or collect financial data automatically.

3.3 Data We Do NOT Collect

We want to be clear about what we do not do:

We do not use analytics or tracking tools (no Google Analytics, no Facebook Pixel, no advertising SDKs)
We do not collect your location data
We do not access your contacts, photos, camera, or microphone
We do not connect to your bank accounts via Open Banking or screen scraping
We do not sell, rent, or share your personal data with advertisers or data brokers
We do not serve advertisements

4. How We Use Your Data

Purpose	Lawful Basis (UK GDPR)
Providing the app and its features	Performance of contract (Art. 6(1)(b))
Authenticating your account	Performance of contract (Art. 6(1)(b))
Syncing your encrypted data across devices via Firebase	Consent (Art. 6(1)(a)) — you choose to enable cloud sync
Fetching live prices for your assets (stocks, crypto, trading cards)	Performance of contract (Art. 6(1)(b))
Processing subscription payments (Pro features)	Performance of contract (Art. 6(1)(b))

5. Data Storage & Security

Your data is encrypted

All financial data synced to the cloud is encrypted using AES-256-GCM encryption with PBKDF2-derived keys before leaving your device. We cannot read your financial data on our servers. Even in the event of a data breach, your financial information would be unreadable.

5.1 Local Storage

By default, all your data is stored locally on your device using browser localStorage or the app's local database. This data never leaves your device unless you enable cloud sync.

5.2 Cloud Sync (Optional)

If you sign in and enable cloud sync, your data is:

Encrypted on your device using AES-256-GCM before upload
Compressed and integrity-verified with SHA-256 hashing
Stored in Google Firebase Cloud Storage (servers located in the EU/US)
Decryptable only by you — we do not hold your decryption keys

5.3 Security Measures

End-to-end encryption (AES-256-GCM) for all synced financial data
PBKDF2 key derivation from your unique user identifier
SHA-256 integrity verification on all data loads
Atomic decrypt operations to prevent data corruption
Pre-upload roundtrip verification
Firebase Security Rules restricting data access to authenticated users only
HTTPS/TLS encryption for all data in transit

6. Third-Party Services

Nett uses the following third-party services to function. These services may receive limited data as described below:

Service	Purpose	Data Shared
Google Firebase	Authentication and encrypted cloud storage	Email address; encrypted (unreadable) financial data
Parqet CDN	Stock logos and price data	Stock ticker symbols only
CoinGecko API	Cryptocurrency prices	Coin identifiers only
JustTCG API	Trading card prices and images	Card identifiers only
Google Favicons	Merchant logos for transaction display	Merchant domain names only
Google Play / Apple App Store	App distribution and subscription billing	As per Google/Apple's own privacy policies

None of these services receive your financial data in a readable format. Price lookup services receive only asset identifiers (e.g., "AAPL", "bitcoin") — not your portfolio size, quantities held, or personal information.

7. International Data Transfers

Your encrypted data may be stored on Google Firebase servers located in the United States or European Union. Google has implemented appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) as approved by the European Commission and the UK Information Commissioner's Office (ICO).

As your financial data is encrypted before it leaves your device, the data stored on these servers is not readable by Google or by us.

8. Data Retention

Local data: Stored on your device indefinitely until you delete it or uninstall the app.
Cloud-synced data: Retained as long as your account is active. If you delete your account, your encrypted data will be permanently deleted from our servers within 30 days.
Authentication data: Retained by Firebase for as long as your account exists.
Payment data: Subscription and payment information is managed entirely by Google Play or Apple and is subject to their respective privacy policies. We do not store your payment card details.

9. Your Rights

Under the UK GDPR and applicable data protection laws, you have the following rights:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate personal data.
Right to erasure: Request deletion of your personal data ("right to be forgotten").
Right to restrict processing: Request that we limit how we use your data.
Right to data portability: Receive your data in a structured, commonly used format. Nett supports data export from within the app.
Right to object: Object to processing of your personal data.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@nett.finance. We will respond within one month as required by law.

Deleting Your Data

You can delete your data at any time:

Local data: Clear the app's data in your device settings, or use the "Delete All Data" option within the app's Settings screen.
Cloud data: Use the "Delete Cloud Data" option in Settings, or contact us to request full account deletion.

10. Children's Privacy

Nett is not intended for use by children under the age of 16 (or under 13 where applicable under local law). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@nett.finance and we will promptly delete it.

11. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to know: You may request that we disclose what personal information we collect, use, and share.
Right to delete: You may request deletion of your personal information.
Right to opt-out of sale: We do not sell your personal information. We never have and never will.
Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

12. App Store Disclosures

12.1 Google Play

In accordance with Google Play's Data Safety requirements:

Data collected: Email address (for authentication); financial data (entered voluntarily by you)
Data shared: None. We do not share personal data with third parties for advertising, marketing, or analytics purposes.
Data encrypted in transit: Yes (HTTPS/TLS)
Data encrypted at rest: Yes (AES-256-GCM for cloud-synced financial data)
Data deletion: You can request data deletion within the app or by contacting us

12.2 Apple App Store

In accordance with Apple's App Privacy ("nutrition label") requirements:

Data used to track you: None
Data linked to you: Email address, financial data (optional cloud sync)
Data not linked to you: None collected

Nett does not use any Apple tracking frameworks (e.g., App Tracking Transparency / ATT is not required as we do not track users).

13. Cookies & Local Storage

Nett uses browser localStorage to store your app data and preferences locally on your device. This is essential for the app to function and is not used for tracking or advertising purposes.

We do not use tracking cookies, advertising cookies, or any third-party cookies.

14. Do Not Track

We honour Do Not Track (DNT) signals. However, since we do not track users in any way, this setting has no practical effect on your use of Nett.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

We encourage you to review this policy periodically.

16. Complaints & Supervisory Authority

If you are unhappy with how we handle your personal data, please contact us first at privacy@nett.finance so we can try to resolve the issue.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

17. Contact Us

For any privacy-related questions or requests:

Email: privacy@nett.finance