Privacy Policy

(Hereinafter: “We”) as the operator of the “Taler” application on the “talerapp.io” website (hereinafter also “Website“) is responsible for the personal data of the users (hereinafter: “you”) within the meaning of the General Data Protection Regulation (“GDPR”).

We protect your privacy and your private data. We collect, process and use your personal data in accordance with the content of these data protection regulations as well as the applicable data protection regulations, in particular the GDPR. This data protection regulation regulates which personal data we collect, process and use about you. We therefore ask you to read the following explanations carefully.

I. Collection of personal data

1. Object of data protection

Your personal data is the subject of data protection. Personal data is information on the basis of which it can be specifically identified (such as your name, your email address, your address, your telephone number) and information on the basis of which it can be indirectly identified, such as the data that your browser leaves behind when you visit our website.

2. Hosting

We use hosting services (in particular storage space, computing capacity, platform services) to make our offer available. As part of this, we and our hosting provider process personal data in accordance with this data protection declaration. The legal basis for hosting services is Art. 6 Paragraph 1 lit. f GDPR. We have a contract for order data processing with our hosting provider. Art. 28 GDPR closed

3. Data collection when visiting our website

a) You can visit our website without providing any personal information, with the exception of the (access) data that your internet browser transmits to us, e.g. B.

• the name of your Internet service provider
• Date and time of access to our website
• Your browser type
• the browser settings
• the operating system used
• the last page you visited
• your IP address.

Any additional personal data is only collected if you voluntarily provide it to us, for example when registering for an account, or subscribing to our newsletter.

b) Description and legal basis

The data is also stored in the log files of our system. This does not affect the user’s IP addresses or other data that enable the data to be assigned to a user. This data is not stored together with other personal data of the user.

The legal basis for this temporary storage of the data and log files is Art. 6 Paragraph 1 lit. f GDPR

c) Purpose of data processing

The log files are saved to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

Our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR.

d) Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that it is no longer possible to assign the calling client.

e) Objection and removal option

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is consequently no possibility for the user to object

4. Cookies

a) We use cookies on various pages to enable the use of certain functions. Cookies are small text files that are stored on your computer when you visit our website. Some of these are deleted after you leave our website (session cookies). Other cookies remain on your computer so that your computer is recognized on your next visit (so-called permanent cookies).

We also use cookies on our website that enable an analysis of user behavior. In this way, for example, entered search terms, frequency of page views, use of website functions can be transmitted to us. The user data collected in this way becomes pseudonyms due to the technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user and an assignment to the accessing user is no longer possible.

When you visit our website, we inform every user about an information banner regarding the use of cookies for analysis purposes. As part of this, the user’s consent to the processing of the personal data used in this context is also obtained, with reference to this data protection declaration.

b) The legal basis for the processing of personal data using cookies is Art. 6 Paragraph 1 lit. f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 Para. 1 lit a GDPR (consent of the user).

c) The purpose of using technically necessary cookies is to simplify the use of websites and applications for the users. Some functions of our website cannot be offered without the use of cookies.

The analysis cookies are used for the purpose of improving the quality of our offer. Through the analysis cookies we learn how our offers are used and can thus continuously optimize our offer.

d) Duration of storage, objection and removal options

If you reject cookies, you can set this in your browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. However, this can mean that you cannot use our website to its full extent.

5. Registration and account data

a) To use the Taler app, you must create an account. During registration, we collect the following data:

• Email address
• First name
• Password (stored encrypted as password digest)
• Language preference (locale)
• Time zone
• Authentication provider (email, Apple, or Google)
• OAuth identifiers (for Apple/Google sign-in)
• Device information (operating system version, app version, device model)

For family finance management, families are created with the following data:

• Currency preference
• Premium subscription status and plan
• Security PIN (hashed with SHA-256 for Kids mode protection)
• Family invitation code
• RevenueCat subscription identifiers

When adding children to a family, we collect:

• Child’s name
• Avatar selection
• Color preference

b) The legal basis for the processing of the data is Art. 6 Para. 1 lit. b GDPR (performance of a contract) and Art. 6 Para. 1 lit. a GDPR (consent of the user).

c) The data is processed for the purpose of providing the family finance management service, including user authentication, family management, child account creation, and device-specific features.

d) Duration of storage, objection and removal options

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For user accounts, this is the case when the account is deleted by the user or when the account has been inactive for an extended period. You can delete your account and all associated data at any time through the app settings.

6. Financial data

a) As a family finance management app, Taler processes financial information including:

• Account names and balances (stored in cents)
• Savings goals with target and current balances
• Transaction amounts, descriptions, and dates
• Recurring transaction templates with amounts, intervals, and descriptions
• Premium subscription transaction records
• Currency information

All financial data is stored securely on our servers with appropriate encryption measures.

b) The legal basis for processing financial data is Art. 6 Para. 1 lit. b GDPR (performance of a contract).

c) Financial data is processed solely for providing the family finance management service, including account management, transaction tracking, automated recurring transactions, and goal progress monitoring.

d) Duration of storage

Financial data is retained as long as the user account is active. Users can delete their account and all associated data at any time through the app settings. Premium subscription data may be retained for legal and tax compliance purposes as required.

7. Device and usage data

a) To provide the best possible user experience and ensure app functionality, we collect device and usage information:

• Operating system type and version
• App version
• Device model identifier
• Push notification token (for notifications)
• Language and locale settings
• Last active timestamp
• Push notification preferences

b) The legal basis for processing device data is Art. 6 Para. 1 lit. b GDPR (performance of a contract) and Art. 6 Para. 1 lit. f GDPR (legitimate interest in providing optimal service).

c) Device data is used to ensure app compatibility, provide push notifications, support multiple languages, and improve the user experience.

d) Duration of storage

Device data is retained as long as the user account is active. Users can disable push notifications and modify language settings at any time.

8. Email contact

a) You can contact us via email at support@talerapp.io. In this case, the personal data that you transmit with the email will be saved. This is in particular the sender email address.

The data will only be used for communication with you. The data will not be passed on to third parties.

b) The legal basis for the processing of the data is Art. 6 Para. 1 lit f GDPR.

c) The data are processed for the purpose of communication.

d) Duration of storage, objection and removal options

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of contacting by email, this is the case when communication with the user has ended.

e) You have the option to object to the processing of personal data at any time. In this case, however, communication with you can no longer be continued.

9. OAuth authentication providers

a) Taler supports sign-in with Apple and Google accounts. When using OAuth authentication, we receive:

• Email address from the provider
• Name information
• Unique user identifier from the provider
• Access and refresh tokens (stored securely)

b) The legal basis for processing OAuth data is Art. 6 Para. 1 lit. b GDPR (performance of a contract).

c) OAuth data is used solely for user authentication and account creation.

d) Duration of storage

OAuth tokens are stored securely and refreshed as needed. Users can disconnect OAuth providers from their account settings.

II. Use of third-party tools

1. Google Analytics

This website uses Google Analytics for web analysis. This is a service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

Google Analytics uses cookies that enable us to analyze your use of the website. Google evaluates the information collected on our behalf to provide us with reports on the visit and the pages visited.

The legal basis for the use of Google Analytics is Art. 6 Para. 1 lit. a GDPR.

The data we send will be automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.

You can prevent Google from collecting the data by downloading and installing a browser plugin: https://tools.google.com/dlpage/gaoptout?hl=en

2. RevenueCat

We use RevenueCat for subscription management and in-app purchases. RevenueCat is a service provided by RevenueCat, Inc. When you make a purchase, RevenueCat processes payment information and subscription data including:

• Platform (iOS/Android)
• Store (App Store/Play Store)
• Product identifiers
• Purchase amounts and currency
• Subscription status and expiration dates
• Country and transaction identifiers

The legal basis for using RevenueCat is Art. 6 Paragraph 1 lit. b GDPR (performance of a contract).

RevenueCat stores your data on secure servers and complies with GDPR requirements. For more information, see RevenueCat’s privacy policy: https://www.revenuecat.com/privacy

3. Google Web Fonts

This website uses “Google Web Fonts” to better display the page. When you visit our website, your browser loads the required fonts from Google’s servers.

The legal basis for using Google Web Fonts is Art. 6 Paragraph 1 lit. f GDPR.

Further information can be found at: https://policies.google.com/privacy

4. Apple and Google OAuth services

When you sign in with Apple or Google, these services collect authentication data according to their own privacy policies:

• Apple: https://www.apple.com/legal/privacy/
• Google: https://policies.google.com/privacy

We only receive the data necessary for account creation and authentication from these services.

III. Your rights (rights of the data subject)

If you exercise any of your rights listed below and/or would like to keep more information about this, please contact us at support@talerapp.io.

1. Right to information

You have the right to request confirmation as to whether your personal data is being processed. If this is the case, you have the right to information about this personal data and the following information:

• for processing purposes;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed;
• the planned duration for which the personal data will be stored;
• the existence of a right to correction or deletion of personal data concerning them;
• the right to lodge a complaint with a supervisory authority;
• if the personal data is not collected from the data subject, all available information about the origin of the data;
• the existence of automated decision-making including profiling.

2. Right to rectification

You have the right to immediately request the correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data relating to you.

3. Right to deletion (“Right to be forgotten”)

You have the right to request that the personal data concerning you be deleted immediately if one of the following reasons applies:

• The personal data are no longer necessary for the purposes for which they were collected.
• You revoke your consent on which the processing was based.
• You object to the processing and there are no overriding legitimate reasons.
• The personal data was processed illegally.
• The deletion of personal data is necessary to fulfill a legal obligation.
• The personal data was collected in relation to information society services.

4. Right to restriction of processing

You have the right to request that we restrict processing if one of the following conditions is met:

• you dispute the accuracy of the personal data,
• the processing is unlawful, you refuse to delete the personal data,
• we no longer need the personal data, but you do need them to assert legal claims, or
• You have objected to processing.

5. Right to data portability

You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another person in charge without hindrance.

6. Right to object

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data based on Art. 6 Para. 1 lit. e or f GDPR.

7. Right to withdraw consent

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.

8. Automated decisions

You have the right not to be subjected to a decision based solely on automated processing that has legal effect on you or similarly significantly affects you.

9. Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority in the Member State of your residence, place of work or place of the alleged violation.

The responsible supervisory authority is:

Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Telephone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de

IV. Data security

All information that you transmit to us is stored on servers within the European Union. Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of the data transmitted to our website via the Internet. However, we secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In particular, we transfer your personal data in encrypted form.

V. Data protection and third party websites

The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot assume any responsibility or guarantee for third-party content or data protection conditions. Please make sure you are aware of the applicable data protection conditions before submitting personal data to these websites.

VI. Changes to this privacy policy

We reserve the right to change this privacy policy at any time with future effect. A current version is available on the website. Please visit the website regularly and inform yourself about the applicable data protection regulations.

---

Last updated: November 28, 2025