Privacy Policy

Goose (“the App”) is a personal finance tracking application developed by Ivan Kolkovskiy. This policy explains what information the App handles, why it is used, and how you can request access or deletion.

Account information. When you use Sign in with Apple, the App may receive your Apple user identifier and, if you choose to share it, your name and email address. Your email may be an Apple private relay address.

Expense data. Records you enter manually, such as amounts, categories, dates, notes, and related settings.

Subscription information. When you purchase a Goose Pro subscription, Apple processes the payment. The App receives confirmation of your subscription status (active or inactive) via RevenueCat. No payment card details are transmitted to or stored by the App.

Goose does not connect to bank accounts and does not request access to contacts, camera, microphone, location, or device sensor data for its core functionality.

Your data is used to authenticate your account, save and sync the expense records you create, verify and manage your subscription status, and respond to support, privacy, or deletion requests.

Your data is not sold and is not used for advertising or third-party profiling.

Remote storage. Goose uses Supabase for backend infrastructure, authentication support, database storage, and data sync. Data is transmitted over HTTPS/TLS and stored on Supabase servers located in EU West (Ireland, AWS eu-west-1).

Local storage. The App also stores data locally on your device – including your session credentials, cached account data, and subscription state – to allow the App to function offline and start quickly. This data remains on your device and is not shared with third parties.

Sign in with Apple (Apple Inc.) – authentication only. Apple may retain your Apple ID and relay address per their own privacy policy.

Supabase – backend infrastructure, database storage, and data sync.

RevenueCat – subscription management and in-app purchase verification. RevenueCat receives your App user identifier and subscription status to verify purchases made through Apple.

No advertising SDKs or third-party tracking SDKs are included in the App.

Goose keeps your account and expense data while your account is active or as needed to provide the App.

If you request account deletion, associated personal data will be deleted within 30 days, except where retention is required to comply with a legal obligation, resolve a dispute, or enforce our agreements. In such cases, only the minimum data necessary is retained and solely for that purpose.

You can delete your account directly in the App: Settings → Erase Data → Delete user account.

Access. You may request a copy of your personal data held by the App.

Deletion. You may delete your account and associated data directly in the App (Settings → Erase Data → Delete user account) or by contacting us.

Correction. You may request correction of inaccurate account information where technically possible.

Portability. You may request export of your personal data in a portable format.

Revoke Apple access.You may revoke Sign in with Apple access via your Apple ID settings (Settings → [your name] → Password & Security → Apps Using Apple ID).

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

Goose is not directed to children under 13. We do not knowingly collect personal data from anyone under 13. If we become aware that a user is under 13, we will promptly delete their account and associated data. If you believe a child has provided us with personal information, please contact us at the address below.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional terms apply.

Legal basis for processing. We process your personal data on the basis of performance of a contract – to provide the App and its features you signed up for – and legitimate interests such as maintaining security, preventing fraud, and improving the App, where these interests are not overridden by your rights.

Data transfers. Your data may be transferred to and processed in countries outside the EEA, including the United States, where Supabase and RevenueCat infrastructure is operated. These transfers are carried out under appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms).

Additional rights. EEA/UK users may also object to processing based on legitimate interests, restrict processing in certain circumstances, and lodge a complaint with your local data protection supervisory authority.

This policy may be updated from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will make reasonable efforts to notify you.

Questions or data requests: dev.kolkovskiy@gmail.com