Privacy Policy

Effective date: 29 April 2026

Last updated: 29 April 2026

1. Who we are

WalletScribe is operated by Strands Services Ltd., a company registered in the United Kingdom ("we", "us", "our"). You can reach us at hello@walletscribe.app.

This policy explains what data WalletScribe handles, where it lives, and the rights you have over it.

2. Plain-language summary

• WalletScribe is local-first. Your wallets, transactions, categories and settings are stored on your device, in your browser's IndexedDB or in the equivalent local store on Android, iOS, macOS, Windows and Linux.
• We do not run a server that holds your financial data. We do not have copies of your transactions on our infrastructure.
• We don't track you. We don't run ads, analytics, fingerprinting, or session replay.
• If you turn on Google Sheets sync, your data is stored in your own Google Drive, on a spreadsheet that you control. We never read or store that spreadsheet.
• If you turn on sync, traffic to Google's APIs is proxied through our Cloudflare Worker (web.walletscribe.app) so the OAuth client secret stays off the client. The Worker forwards your authenticated request and forgets it.

3. Data we collect

On your device (always)

• Wallets: names, currencies, icons, colors and balances you create.
• Transactions: amounts, dates, categories, descriptions and tags you record.
• Categories: your custom income/expense categories.
• Settings: your locale, theme, date-range preferences, display name.

This data is held in IndexedDB (web/desktop) or the equivalent platform store and never leaves your device unless you explicitly enable cloud sync or use the Export feature.

When you enable cloud sync (optional)

• OAuth tokens for the cloud provider you connect (Google Sheets, Google Drive, OneDrive). Stored in your local browser/app storage, never on our servers.
• Your Google profile basics (name and email), fetched from Google when you sign in, so we can show "Signed in as you@example.com". We do not store this on our servers; it stays in your local app storage.

What we do not collect

• We do not run analytics, telemetry, crash reporting or A/B-testing tools.
• We do not use cookies on the web app for tracking. The only browser storage we set is for the app itself (IndexedDB, local storage for OAuth tokens, theme/locale preferences).
• We do not sell, rent or share data with advertisers.

4. How we use Google user data (Limited Use disclosure)

WalletScribe's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, when you connect Google Sheets sync:

• drive.file scope: used only to create or open WalletScribe's own spreadsheet in your Drive, and never to access any other file.
• spreadsheets scope: used only to read and write the spreadsheet you connected, on your direct request to sync.
• openid email profile: used to display your name/email in the app. Not transferred to any third party.

We do not transfer this data to anyone, do not use it to serve advertising, and do not allow humans to read it (except for support if you explicitly ask us to and email us a snippet).

5. Where data lives and crosses borders

• On-device data stays on your device. If you back it up via your platform's normal backup (iCloud, Google Drive backup, Time Machine, etc.), that backup is governed by that platform's privacy policy, not ours.
• Sync data lives in your Google account, on Google's servers in regions Google chooses. Subject to Google's privacy policy.
• Worker traffic: when sync is enabled, the OAuth handshake and Sheets/Drive API calls are proxied through Cloudflare Workers (operated globally by Cloudflare). The proxy forwards the request and does not log request bodies; standard request metadata (timestamp, IP, status code) may be retained briefly for abuse prevention.

If you are in the UK or EEA, your data may be transferred to the United States and other regions when you use Google Sheets sync. Both Google and Cloudflare maintain UK/EU adequacy mechanisms (Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable).

6. Data retention

• Local data is kept on your device until you delete it (via "Delete a wallet", "Delete all data", uninstalling the app, or clearing your browser data).
• Synced data is kept in your Google spreadsheet until you delete it. We do not retain copies.
• OAuth tokens are kept in your local app storage until you disconnect a wallet or click "Delete all data". On either action WalletScribe revokes the token at Google before clearing it locally, so the grant disappears from your Google account's permissions page automatically. You can also revoke manually at https://myaccount.google.com/permissions at any time.
• Cloudflare Worker logs: basic request metadata (timestamp, status, no body) is retained by Cloudflare for typically up to 7 days for abuse prevention, then deleted.

7. Security

• All network traffic uses HTTPS/TLS.
• OAuth uses PKCE; the OAuth client secret is held server-side in our Cloudflare Worker and never embedded in the app.
• We do not maintain a database of user records on our servers, which removes a class of breach risk entirely.
• We rely on the security of your platform (browser, OS) for the integrity of data stored on your device. We strongly recommend keeping your device locked, your OS up to date, and using the Export feature periodically as backup.

8. Your rights

You have rights under data-protection laws (UK GDPR, EU GDPR, CCPA, and similar regimes). Because we don't hold your data on our servers, most of these rights you can exercise yourself, immediately, inside the app:

• Access: your data is in the app; nothing of yours is on our servers.
• Export: Settings → Data → Export creates a JSON dump of everything.
• Deletion: Settings → Data → Delete All Data wipes the local store, OAuth tokens and PKCE fragments, and revokes the app's grant on each connected Google account. The Google spreadsheet itself stays in your Drive — delete it manually when you want the synced copy gone.
• Revoke our access to your Google account: handled automatically on disconnect/delete; you can also do it manually at https://myaccount.google.com/permissions.
• Portability: the JSON export is structured and re-importable.

If you are in the UK/EEA you have the right to lodge a complaint with your supervisory authority. For the UK this is the Information Commissioner's Office.

9. Children

WalletScribe is not directed at children under 13 (or 16 in some EU countries). We do not knowingly collect data from anyone in that age range. If you believe a child has used the app, please contact us and we will help with deletion.

10. Subprocessors

When sync is enabled, the following parties process data on our behalf as your instruction passes through:

• Google LLC: host of Google Sheets/Drive, OAuth provider. Google privacy policy.
• Cloudflare, Inc.: host of our Worker proxy and the marketing site. Cloudflare privacy policy.

We may add or change subprocessors. Material changes will be reflected in this policy.

11. Changes to this policy

If we update this policy, we'll change the Last updated date at the top. For material changes (new categories of data, new subprocessors, or anything that meaningfully reduces your rights), we will surface a notice in the app on next launch.

12. Contact

Questions, requests, or concerns:

• Email: hello@walletscribe.app
• Postal: Strands Services Ltd., United Kingdom (registered office available on request)