Legal Document

Privacy Policy

Effective: July 04, 2026 Last updated: July 04, 2026 Operator: TANGENIX Private Limited

ExpendoX is a personal finance management application operated by TANGENIX Private Limited ("ExpendoX," "we," "us," or "our"). This Privacy Policy explains what personal data is collected, how it is used, when it is shared, how long it is retained, and what rights users have in relation to that data. Apple requires apps to clearly disclose data collection, sharing, retention, and deletion practices, and to provide an easily accessible privacy policy inside the app and in App Store metadata.

Operator: TANGENIX Private Limited
Contact: support@expendox.com
Postal address: R1-4056-3-2, Amleshwar Nagar, Latur, Maharashtra 413512, India


Scope

This Privacy Policy applies to the ExpendoX iOS application and related support services. It applies to users worldwide, but local law may give some users additional rights or impose additional obligations.

Who may use the app

ExpendoX is intended for users who are at least 16 years old, or older where required by local law. The service is not directed to children. If it is discovered that an account was created by a person below the permitted minimum age, the account and associated personal data may be deleted or restricted as required by law and platform policy.

Data collected

ExpendoX collects only the data reasonably necessary to provide and secure the service, consistent with Apple's data minimization expectations.

3.1 Data provided directly by the user

  • Full name
  • Email address
  • Expense amounts, categories, dates, merchants, tags, and notes
  • Budget settings and savings goals
  • Wishlist entries
  • Messages submitted to the in-app AI assistant
  • Optional support communications
  • Optional referral or onboarding answers such as how the user heard about the app

3.2 Data collected automatically

  • Device identifiers necessary for app functionality, security, and notifications
  • Push notification token, if notifications are enabled
  • IP address and basic log data for security, fraud prevention, abuse prevention, service reliability, and approximate regional settings such as currency or locale
  • Subscription and entitlement status from Apple and RevenueCat
  • Technical diagnostics, crash information, and service performance data, collected via analytics and crash-monitoring providers (PostHog and Sentry)

3.3 Optional integrations

  • Telegram user identifier, if the optional Telegram bot is enabled
  • Text submitted through the AI assistant feature
  • Voice-to-text input via Apple dictation — ExpendoX does not store raw voice recordings

3.4 Data not intentionally collected

  • Payment card numbers
  • Bank account login credentials
  • Raw voice recordings
  • Contacts, photos, microphone, or location data unless explicitly granted by the user

Why data is used

  • To create and manage user accounts
  • To store, organize, and display expenses, budgets, goals, and wishlists
  • To provide AI-powered assistance requested by the user
  • To send reminders, alerts, and service notifications when enabled
  • To maintain security, detect abuse, and prevent fraud
  • To diagnose bugs and improve product stability
  • To comply with legal obligations
  • To respond to support requests

Personal data is not sold. Personal data is not shared with third parties for their own direct marketing purposes.

Sharing of data

ExpendoX shares personal data only where reasonably necessary to operate the service.

6.1 Service providers

The app may use the following categories of service providers:

Supabase
Hosted database and backend infrastructure
Groq (or equivalent)
AI processing for text submitted to the assistant feature
RevenueCat
Subscription status and purchase entitlement management
PostHog
Optional product analytics, used only where the user has consented
Sentry
Crash reporting and technical stability monitoring
Telegram
Optional Telegram bot integration, only if enabled by the user
Apple
App Store billing, iOS platform services, notifications, and optional dictation

These providers may process personal data on ExpendoX's behalf to the extent needed to provide their services. Apple requires apps to clearly disclose where personal data is shared with third parties, including third-party AI services.

6.2 Legal disclosures

Personal data may also be disclosed where reasonably necessary to:

  • Comply with applicable law, regulation, legal process, or lawful government request
  • Enforce terms and protect rights, safety, and security
  • Investigate fraud, abuse, or security incidents
  • Complete a merger, acquisition, asset sale, or similar business transaction, subject to appropriate safeguards

International transfers

ExpendoX is operated from India and may use providers in other countries, including the United States. Personal data may be processed outside the user's country of residence. Where required by law, appropriate safeguards are used for international data transfers.

Data retention

Personal data is retained only for as long as reasonably necessary for the purposes described in this policy, including legal, accounting, fraud-prevention, and security obligations.

  • Account profile data — retained while the account is active
  • Expense, budget, goal, wishlist, and AI chat data — retained while the account is active
  • Push notification tokens — retained until revoked or account deletion
  • Security and server logs — limited period for security and abuse prevention
  • Backups — cycled out in the ordinary course on a rolling basis

When an account is deleted, personal data is deleted or irreversibly anonymized within 30 days, except where longer retention is required by law, needed for fraud prevention, required for dispute resolution, or retained in short-lived backups.

Account deletion

Users can initiate account deletion within the app through the account or settings area. Apple requires in-app account deletion for apps that support account creation, and deactivation alone is not sufficient.

When an account deletion request is submitted:

  1. The request is processed through the in-app deletion flow.
  2. Access to the account may be restricted immediately or shortly afterward.
  3. Personal data is deleted or anonymized within the time period stated in this policy, except for limited data retained as required or permitted by law.
  4. If Sign in with Apple is used, associated tokens are revoked as required by Apple's account deletion guidance.

If deletion cannot be completed automatically due to a legal, security, or regulated-service issue, additional verification or customer support steps may be required, but the user will still be provided a path to complete deletion.

Your rights

Depending on location, users may have the right to:

  • Request access to personal data
  • Request correction of inaccurate data
  • Request deletion of personal data
  • Request portability of certain data
  • Object to or restrict certain processing
  • Withdraw consent for consent-based processing
  • Lodge a complaint with a competent authority

Requests may be sent to support@expendox.com. Additional verification may be required.

Notifications

If notifications are enabled, ExpendoX may send reminders, account notices, and service messages. Promotional notifications will only be sent where the user has clearly opted in. Users can opt out through the app or device settings. Core app functionality does not depend on notification consent.

Subscription information

Subscriptions for iOS are billed by Apple through the App Store. ExpendoX does not receive or store full payment card details for App Store purchases. Users can manage or cancel subscriptions through their Apple account settings.

Security

Reasonable technical and organizational safeguards are used to protect personal data, including encrypted transmission, access controls, and measures against unauthorized access. No method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

Changes to this policy

This Privacy Policy may be updated from time to time. If a material change is made, notice may be provided in-app, by email, or by another appropriate method before or when the change takes effect, where required by law.

Contact

For privacy questions, requests, or complaints:

  • Email: support@expendox.com
  • Operator: TANGENIX Private Limited
  • Address: R1-4056-3-2, Amleshwar Nagar, Latur, Maharashtra 413512, India