Back to HomeLegal

Privacy Policy

Last updated: December 16, 2024

1. Introduction

At Duukoe ("we", "us", "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our expense tracking application and website.

2. Information We Collect

Information You Provide

  • Account Information: Email address, name (optional), password
  • Financial Data: Transactions, categories, wallets, budgets, and receipt images you create
  • Payment Information: Processed by Stripe; we only store the last 4 digits for reference
  • Communications: When you contact us for support

Information Collected Automatically

  • Device type and operating system
  • IP address (for security purposes)
  • Aggregate, anonymized usage statistics

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process your transactions and manage your subscription
  • Send service-related communications
  • Respond to your inquiries and support requests
  • Improve the Service based on aggregated, anonymized analytics
  • Protect against fraudulent or unauthorized activity

4. What We Don't Do

We will never:

  • Sell your personal or financial data to third parties
  • Use your data for targeted advertising
  • Share your data with data brokers
  • Use third-party analytics trackers that could identify you

5. Data Sharing

We only share your data in limited circumstances:

  • Service Providers: We use Stripe for payment processing and cloud providers for hosting. These providers only access data necessary to perform their services.
  • Legal Requirements: We may disclose information if required by law or to protect our rights and safety.
  • Business Transfers: In case of merger or acquisition, your data would transfer to the new entity under the same privacy protections.

6. Data Security

We protect your data with:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Secure, SOC 2 compliant hosting infrastructure
  • Regular security audits and monitoring
  • Secure password hashing (bcrypt)

7. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • We begin deletion within 30 days
  • Backups are purged within 90 days
  • Some data may be retained longer if required by law or for legitimate business purposes

8. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Export: Download your data in standard formats (CSV, JSON)
  • Correct: Update inaccurate information
  • Delete: Request deletion of your account and data
  • Object: Opt out of certain data processing

To exercise these rights, contact us at privacy@duukoe.com.

9. Cookies

We use only essential cookies required for the Service to function:

  • Authentication cookies to keep you logged in
  • Security cookies to protect against attacks

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Children's Privacy

Duukoe is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us information, please contact us.

11. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

14. For EU/EEA Residents

If you are in the European Union or European Economic Area, you have additional rights under GDPR. The legal basis for our data processing includes:

  • Contract: Processing necessary to provide the Service
  • Legitimate Interest: Security, fraud prevention, service improvement
  • Consent: Where you have given explicit consent

You may lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.