Privacy Policy
Row-level security means only you can access your financial data.
We do not sell, share, or monetise your personal information.
Download all your transactions as a CSV file from Settings.
Request account deletion in-app; data removed within 30 days.
1. Who We Are
Drachma is a personal finance application developed and operated by Agora Studio (agorastudio.dev). The app is available on Android (Google Play) with iOS support planned.
For any privacy-related questions, contact us at: support@agorastudio.dev
2. What Data We Collect
We collect only the data you explicitly provide to operate the app. No passive tracking, no analytics SDKs beyond crash reporting.
Account data
- Email address (required for sign-in)
- Authentication tokens (managed by Supabase Auth)
- If you use Google Sign-In or Apple Sign-In: your name and email as provided by those services
Financial data (entered by you)
- Transaction records: amounts, dates, categories, notes, payment status
- Account balances and account names
- Budget targets and planned income figures
- Recurring payment schedules
- Receivables (money owed to you) and refund records
- Custom categories and their display settings
App settings
- Currency preference, theme (light/dark), language preference
- Fiscal year and budgeting period configuration
- Privacy mode toggle state
Crash and error data
- In production builds, unhandled errors and crash reports are sent to Sentry (see section 5)
- Crash reports do not include financial transaction data
3. How We Use Your Data
Your data is used solely to provide the app's functionality:
- Authenticating your identity and maintaining your session
- Storing and displaying your financial records across devices
- Calculating budgets, summaries, and wealth reconciliation
- Applying recurring payment schedules
- Generating your CSV export on request
- Diagnosing and fixing crashes via Sentry error reports
We do not use your data for advertising, profiling, or any purpose beyond operating the app as described.
4. How Your Data Is Stored
All data is stored on Supabase (PostgreSQL), a managed cloud database platform. The following security measures are in place:
- Row-Level Security (RLS) is enforced on every database table. Database queries are scoped to your user ID — no query can return another user's data, even if the app client were compromised.
- Encrypted in transit: all communication between the app and Supabase uses HTTPS/TLS.
- Encrypted at rest: Supabase encrypts data at rest on the underlying infrastructure.
- On-device protection: the app supports biometric lock (Face ID, fingerprint, or PIN fallback) to prevent unauthorised access on your device. A Privacy Mode option hides all monetary values from the screen.
5. Third-Party Services
Drachma integrates with the following third-party services. We share only the minimum data each service requires to function.
Database, authentication, and file storage. Your financial data and account credentials are stored on Supabase infrastructure. Supabase is SOC 2 Type II certified.
supabase.com/privacy →Crash and error reporting. Triggered only in production builds when the app encounters an unhandled exception. Reports include stack traces, device OS version, and app version — no financial data is included.
sentry.io/privacy →Optional. If you choose to sign in with Google, your Google account email and name are passed to Supabase Auth to create or match your account. We do not receive any other Google account data.
policies.google.com/privacy →Optional. If you choose to sign in with Apple, your Apple-provided email (or relay address) is passed to Supabase Auth. Apple's private email relay means your real address may never be shared with us.
apple.com/legal/privacy →6. Data Retention
Your data is retained for as long as your account is active. When you request account deletion (available under Settings → Delete Account), your account is placed in a 30-day grace period during which you can cancel the request.
After 30 days, all data associated with your account — including transactions, budgets, accounts, categories, and settings — is permanently deleted from our systems. This deletion is irreversible.
Anonymised crash reports held by Sentry may be retained for up to 90 days in accordance with Sentry's standard data retention policy.
7. Your Rights
You have the following rights over your data:
- Access: all your data is visible directly within the app across the Month, Summary, Budgets, and Wealth tabs.
- Export: go to Settings → Export CSV to download a complete export of all your transactions in CSV format at any time.
- Correction: you can edit any transaction, category, account, or setting directly in the app.
- Deletion: go to Settings → Delete Account to initiate permanent account and data deletion (30-day grace period applies).
- Portability: the CSV export provides your data in a machine-readable, portable format.
To exercise any right that is not available in-app, or if you have a concern about your data, contact us at support@agorastudio.dev. We will respond within 30 days.
8. Data Sharing & Selling
We may disclose data only if required by law (e.g. a valid court order) or to protect the safety of users. In such cases we would notify you to the extent permitted by law.
9. Children's Privacy
Drachma is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@agorastudio.dev and we will promptly delete it.
10. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you via the app or by email.
Continued use of Drachma after a policy update constitutes acceptance of the revised policy.
Questions about your privacy?
We take data privacy seriously. Reach out and we'll respond within 30 days.
support@agorastudio.dev