Privacy Policy
Last updated: April 5, 2026
Count On Me ('we', 'us', 'our') is committed to protecting your personal data in accordance with Brazilian Law 13.709/2018 (LGPD) and applicable international privacy standards. This policy explains what data we collect, why, and how you can exercise your rights.
1. Controller Identity
Count On Me is the data controller responsible for your personal data processed through this application. For any privacy-related requests, contact our Data Protection Officer at the address below.
2. Data We Collect
We collect and process the following categories of personal data: (a) Account data — name, email address, and profile photo obtained from your OAuth provider (Google or GitHub) at sign-in; (b) Financial data — bank account names, balances, transaction descriptions, amounts, dates, and currency — entered by you; (c) Session data — encrypted session tokens stored as HttpOnly cookies to keep you signed in; (d) Usage data — the date and time of your last sign-in, stored in our database.
3. Legal Basis for Processing (LGPD Art. 7)
We process your data under the following legal bases: (a) Contract performance (Art. 7 V) — account data and financial data are necessary to provide the service you requested; (b) Legitimate interest (Art. 7 IX) — session data is strictly necessary to maintain a secure authenticated session; (c) Consent (Art. 7 I) — where explicitly obtained at sign-up for any optional data processing.
4. Purpose of Processing
Your data is used solely to: display your financial summary and transaction history; calculate balances, committed amounts, and available funds; support shared expense tracking between you and people you add; allow CSV import of bank statements. We do not use your data for advertising, profiling, or automated decision-making.
5. Data Retention
Account and financial data is retained for as long as your account is active. Upon account deletion, all your personal data is permanently deleted from our systems within 30 days. Session tokens expire according to the session expiry period configured in the application. We do not retain data beyond what is necessary for the purposes described above.
6. Your Rights (LGPD Art. 18)
Under the LGPD you have the right to: (a) Confirm whether we process your data; (b) Access a copy of your data; (c) Correct inaccurate or outdated data; (d) Anonymise, block, or delete unnecessary data; (e) Request portability of your data to another provider; (f) Delete data processed with your consent; (g) Be informed of entities with which we share your data; (h) Withdraw consent at any time. To exercise these rights, contact us at the address in Section 9.
7. International Data Transfers
Your data may be stored and processed on servers located outside Brazil. We use cloud providers (Vercel for the frontend, Railway or equivalent for the database) that implement industry-standard security controls. Where data is transferred internationally, we ensure adequate protection through contractual safeguards consistent with LGPD Art. 33.
8. Cookies
We use strictly necessary HttpOnly session cookies to keep you authenticated. These cookies do not track you across other websites, are not used for advertising, and cannot be disabled without affecting the core functionality of the application. No consent banner is required for strictly necessary cookies under LGPD.
9. Data Protection Officer (Encarregado)
Our Data Protection Officer can be contacted at: privacy@countonme.app. You may also contact the Brazilian data protection authority (ANPD) at www.gov.br/anpd if you believe your rights have not been respected.
10. Changes to This Policy
We may update this policy from time to time. The 'Last updated' date at the top of this page reflects the most recent revision. Continued use of the app after changes constitutes acceptance of the updated policy.